Skip to main content
Please wait...

Microsoft Patch Alert: October 2020

3 days 15 hours ago

October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here

Woody Leonhard

A phenomenal Android privacy feature you probably forget to use

5 days 11 hours ago

It's amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here

JR Raphael

Zoom's new encryption approach is incremental, but better

6 days 15 hours ago

Just like their consumer counterparts, enterprise IT execs have flocked to Zoom for all manner of meetings. But security has invariably taken a backseat to convenience and availability, as anyone who has endured a Zoom intruder knows all too well.

Zoom this week (it hasn't yet said exactly when) will roll out its upgraded encryption option. But it comes at the cost of surrendering various popular features. And it also does not come with improved authentication and identification of users, a capability Zoom now is promising to deliver sometime in 2021.

Zoom describes its current encryption offering as adequate, but not ideal:

To read this article in full, please click here

Evan Schuman

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday

6 days 16 hours ago

This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final “change” for this release was a relatively minor update to Visual Studio - leading to no change in our recommendations in this benign update.)

To read this article in full, please click here

(Insider Story)
Greg Lambert

Is Windows the greatest cyberthreat to the 2020 US election?

1 week 3 days ago

If there’s going to be a successful cyberattack on the 2020 U.S election, you can be sure Windows will be involved. It’s the world’s biggest exposed attack vector and the weapon of choice of cybercriminals and intelligence agencies the world over. In addition, the world’s biggest botnets are made up of millions of infected Windows PCs used to launch cyberattacks.

To read this article in full, please click here

(Insider Story)
Preston Gralla

With Patch Tuesday here, be sure Windows Update is paused

1 week 6 days ago

Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we’ve seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you’re protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol’ PC.

To read this article in full, please click here

Woody Leonhard

As Patch Tuesday nears, be sure Windows Update is paused

1 week 6 days ago

Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we’ve seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you’re protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol’ PC.

To read this article in full, please click here

Woody Leonhard

Apple's T2 Mac security chip may be vulnerable, researcher claims

2 weeks 5 days ago

A security researcher claims to have figured out how to break the T2 security chip on modern Intel-based Macs using a pair of exploits developed to jailbreak older phones. Apple has not commented on these claims.

What the research claims

The claim seems to be that because the T2 chip is based on the older A10 series Apple processor, it is possible to use two jailbreak tools (Checkm8 and Blackbird) to modify the behavior of T2, or even install malware to the chip.

It’s not an easy hack: Not only must an attacker have local access to the Mac, but they must connect to the target Mac using a non-standard "debugging" USB-C cable and run a version of a jailbreaking software package during startup.

To read this article in full, please click here

Jonny Evans

Wire targets Zoom, Teams and others with secure video upgrades

2 weeks 5 days ago

Secure communication platform Wire has overhauled its video conferencing capabilities and now allows more users to simultaneously have fully encrypted video calls.

Beginning today, Wire users will be able to video chat with up to 12 people and voice call with up to 25. While video conferencing rivals Zoom and Webex already offer end-to-end encryption on some plans, Wire’s latest move will provide that high level of security to all its users. Wire now boasts that it offers “the world’s first completely end-to-end encrypted video environment.”

As many companies enter their seventh month of employees working from home, the demand for video conferencing services has not had any let up. That has led to something of an arms race as Microsoft, Zoom and a variety of other services have in recent months announced upgrades and feature tweaks of their own.

To read this article in full, please click here

Charlotte Trueman

Current trends in Mac security threats

2 weeks 6 days ago

Current trends involving Mac threats indicate that while attempts are on the rise, users remain the first line of defense — particularly as "show up when you want to" (SUWYWT) becomes the future of work.

The security risk remains

In the first few weeks of the pandemic, we saw multiple businesses invest in VPN software and new hardware as they equipped employees to work from home. In the UK, for example, Starling Bank claimed it purchased every available MacBook as the pandemic struck.

Now that working from home (WFH) is normalized, there’s a need to take stock of security concerns and remind employees of good security procedure on all platforms, including Macs. Apple’s platform seems to have enjoyed incredibly strong sales as companies upgraded for WFH, but even with better inherent security those Macs must also be protected.

To read this article in full, please click here

Jonny Evans

Working from home? Slow broadband, remote security remain top issues

2 weeks 6 days ago

Unreliable home broadband connectivity is the primary technical challenge businesses are having to deal with as remote working continues during the COVID-19 pandemic.

That's one takeaway from a survey of 100 C-level executives and IT professionals in the US by Navisite designed to highlight the biggest headaches for organizations providing IT services to workers since offices began to close in March.

[ Related: Remote working, now and forevermore? ]

Around half (51%) of those surveyed said they experienced some “IT pains” during the rapid shift to support home workers, while almost a third (29%) continue to face technical challenges.

To read this article in full, please click here

Matthew Finnegan

The coast is clear to install September's Windows and Office patches

3 weeks 2 days ago

There are a few odd problems with the September Microsoft patches, but they’re relatively sporadic and reasonably-well understood. That makes it's a good time to get the outstanding updates installed, though you should avoid the “optional” patches.

I’m still not ready to put Windows 10 version 2004 on my main machines. The “E Week” optional, non-security patch, KB 4577063, fixes two well-known bugs and many dozens of lesser bugs (none of which were officially documented, by the way) in the latest released version of Windows 10. @mikemeinz has hit several replicated bugs in Win10 version 2004, and bug reports continue to hit my inbox.

To read this article in full, please click here

Woody Leonhard

Microsoft's Brad Anderson on Apple in the enterprise

3 weeks 3 days ago

When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At this weeks JNUC2020 event I (virtually) spoke with Microsoft’s Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company’s work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise

The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here

Jonny Evans

Microsoft on Apple in the enterprise

3 weeks 3 days ago

When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At JNUC2020 event I (virtually) spoke with Microsoft’s Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company’s work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise

The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here

Jonny Evans

Lessons learned: Provisioning new employees during a pandemic

3 weeks 4 days ago

COVID-19 means just about everyone who can do so now works from home. But the rapid pace at which this happened put IT under a great deal of pressure, so, what have we learned that may help in future?

The digital transformation continues

The JNUC conference this week sees 15,000 Apple-in-the-enterprise IT staff come together, and a lot of the focus is on the challenges of rapid migration to remote work. The scale of this migration is vast, and it seems to be continuing at pace.

Microsoft Vice President Brad Anderson shared a little data to illustrate this: “We're seeing 1.5 million new devices every seven days coming into the cloud to be managed (by Microsoft Endpoint Manager) and that's Windows, iOS, Mac and Android.” (Italics mine.)

To read this article in full, please click here

Jonny Evans

Lessons learned: Onboarding new employees during a pandemic

3 weeks 4 days ago

COVID-19 means just about everyone who can do so now works from home, but the rapid pace at which this happened put IT under a great deal of pressure, so, what have we learned that may help in future?

The digital transformation continues

The JAMF event this week sees 15,000 Apple in the enterprise IT staff come together, and a lot of the take concerns the challenges of rapid migration to remote working.

The scale of this migration is vast, and it seems to be continuing at pace.

Microsoft VP Brad Anderson shared a little data to illustrate this: “We're seeing 1.5 million new devices every seven days coming into the cloud to be managed (by Microsoft Endpoint Manager) and that's Windows, iOS, Mac and Android.” (Italics mine)

To read this article in full, please click here

Jonny Evans

JNUC 2020 opens with big news for Apple and Azure

3 weeks 5 days ago

Apple in the enterprise focused company, Jamf, kicked off its virtual JNUC conference today with a deluge of news and information for Mac, iPhone and iPad using enterprises.

Apple and Microsoft together for work

The show comes at a pivotal moment in the transformation of enterprise IT. Not only is work becoming virtual, but Apple’s presence in the space continues to grow.

The move to virtual conferences means the event has more attendees than ever before, with around 15,000 people attending, the company said.

To read this article in full, please click here

Jonny Evans

How to fix Android's Smart Lock Trusted Places feature

3 weeks 5 days ago

Android's Smart Lock feature is spectacular — that is, when it actually works.

Smart Lock has been around since 2014's Android 5.0 era (which, according to my calculations, was approximately "an eternity" ago by 2020 standards). The basic idea behind it is to make securing your smartphone less inconvenient, thus making it more likely that you'll actually use a pattern, PIN, passcode, or person-paw press (also known as a fingerprint) to keep your data safe. The sensational headlines about big, bad malware monsters lurking in the dark and waiting to pounce on unsuspecting victims may be scary, after all, but here in the real world, you're far more likely to suffer from your own self-made security shortcomings than from any sort of theoretical threat.

To read this article in full, please click here

JR Raphael
Checked
51 minutes 38 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.