Skip to main content
Please wait...

Banks face a WhatsApp reckoning as regulators clamp down on messaging apps

1 month 3 weeks ago

As regulators hand out hundreds of millions of dollars in fines for record-keeping failures related to the use of social messaging platforms such as WhatsApp, the finance industry faces a choice: properly enforce bans on the use of these apps or find ways to make them compliant.

“The explosion of new electronic communications channels — and the pervasive use of these — raises lots of red flags for the regulators,” said Anthony Diana, a partner at law firm Reed Smith’s Tech & Data Group. “The fear is that, if bad things are happening, they're happening on these personal apps, not on the sanctioned communication channels that are surveilled.”

Anthony Diana

Anthony Diana, a partner at law firm Reed Smith’s Tech & Data Group.

To read this article in full, please click here

Matthew Finnegan

How to protect Windows 10 and 11 PCs from ransomware

2 months ago

CryptoLocker. WannaCry. DarkSide. Conti. MedusaLocker. The ransomware threat isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It’s popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoin or other cryptocurrency, to decrypt them.

But you needn’t be a victim. There’s plenty that Windows 10 and 11 users can do to protect themselves against it. In this article, I’ll show you how to keep yourself safe, including how to use an anti-ransomware tool built into Windows.

To read this article in full, please click here

Preston Gralla

Apple's latest controversy: Expanded App Store advertising

2 months ago

Depending on how you look at it, Apple may be ramping up ways developers can  reach out durectly to customers via its App Store – or building its own business at others' expense.

What Apple is doing

Apple has had an advertising business of its own ever since Apple’s then CEO, Steve Jobs, introduced us to iAds in 2010. The scale of that offer was always limited to Apple’s platform, but the service arguably failed, with its technology living on in the form of ad slots in Apple News and the App Store.

Apple’s App Store currently hosts just two ad slots, one in the search tab and the other in Search results. You can tell when you are looking at an ad from the blue shade behind the graphic and a small blue badge that says “ad” – these ads are hard to mistake for content.

To read this article in full, please click here

Jonny Evans

For SMBs, Microsoft offers a new layer of server protection

2 months 1 week ago

Do you run a small business with on-premises servers?

Chances are, you rely on technology that includes servers, whether they’re Windows- or Linux-based. With that in mind, Microsoft recently announced it’s previewing “server protection for small business” — bundling the offering with Microsoft Defender for Business.

This is noteworthy because until now, most Endpoint Detection and Response (EDR) solutions have been expensive and typically only deployed by larger enterprises. (EDR is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with rule-based automated response.)

To read this article in full, please click here

Susan Bradley

Zoom expands end-to-end encryption for Phone and breakout rooms

2 months 1 week ago

Zoom has announced it is expanding end-to-end encryption (E2EE) capabilities to Zoom Phone, with breakout rooms to be given the same level of encryption in the near future.

Zoom Phone customers now have the option to upgrade to E2EE during one-on-one Zoom Phone calls between users on the same Zoom account that occur via the Zoom client.

During a call, when users select “More” they will see an option to change the session to an end-to-end encrypted phone call. When enabled, Zoom encrypts the call by using cryptographic keys known only to the devices of the caller and receiver. Users will also have the option to verify E2EE status by providing a unique security code to one another.

To read this article in full, please click here

Charlotte Trueman

Will new EU crypto rules change how ransomware is played?

2 months 1 week ago

Cryptocurrency has always been the payment method of choice for bad guys. Get hit with an enterprise ransomware attack and plan to pay? You’ll need crypto. The key reason cyberthieves love cryptocurrency so much is that it is far harder to trace payments. 

That is why a move being attempted by the European Union has so much potential. The EU — in a move that will likely be mimicked by many other regional regulatory forces, including in the United States — is putting in place tracking requirements for all cryptocurrency. 

If it is successful, and the EU has an excellent track record on precisely these kinds of changes, cryptocurrency may quickly fade as the thief’s payment of choice.

To read this article in full, please click here

Evan Schuman

How to stay smart about Android app permissions

2 months 1 week ago

When it comes to Android and privacy, we're accustomed to seeing things move in a certain direction.

It's simple, really: With each new Android version, it usually gets easier to manage your privacy and understand how your information is being used. And we typically get more front-facing tools and under-the-hood improvements that allow us to handle that stuff intelligently. Obviously, right?

To read this article in full, please click here

JR Raphael

With a light July Patch Tuesday, it's time to invest in your IT processes

2 months 2 weeks ago

Though we get a reprieve from Exchange updates in this month's Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft's new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)

Though the numbers are still quite high (with 86+ reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.

To read this article in full, please click here

Greg Lambert

Drop, crack, d'oh! My broken Android phone epiphany

2 months 2 weeks ago

Man, I had one hell of a streak.

All these years — approximately 7,967 since I first started using and writing about Android — and somehow, rather miraculously, I’d never outright broken a phone.

Impressive, I know. But don't let yourself get wrapped in awe yet, my fellow drop-dreading denizen: My streak of impeccable Android phone protection has officially come to a crashing halt.

[Got Android? Get Android Intelligence in your inbox and get three new things to try every Friday.]

Now, I didn’t technically drop my phone, mind you. And I didn’t technically break it myself, either. But it was definitely broken. And it happened on my watch.

To read this article in full, please click here

JR Raphael

UK government ministers urged to not conduct business using WhatsApp

2 months 3 weeks ago

The UK’s Information Commissioner’s Office (ICO) has concluded its investigation into the government’s use of private communication channels and is now urging ministers to review how messaging apps and personal email accounts are being used to conduct official government business.

A newly published report marks the conclusion of a yearlong investigation launched in 2021 by then-Information Commissioner Elizabeth Denham. The inquiry was initiated after concerns were raised into the use of the messaging service WhatsApp and private email accounts by former health secretary Matt Hancock and his deputy, James Bethell, at the Department of Health and Social Care (DHSC) during the height of the pandemic.

To read this article in full, please click here

Charlotte Trueman

Now’s the time to prep for Microsoft’s Excel macro crackdown

2 months 3 weeks ago

On July 8, Microsoft pulled back from its decision in February to block macros in Excel documents by default. Microsoft had said it would block Excel files that contained macros if they were downloaded from the internet. (Malicious actors use these lures as a way to launch attacks on networks; specifically, ransomware and other types of malicious activity can launched from a plain, old malicious spreadsheet.)

Microsoft still plans to put this blocking in place, but only after “a better experience.” In the meantime, there are actions you can take now so you won’t need to worry about the change in the future.

[ Related: What enterprise needs to know about Windows 11 ]

If you work for a firm that’s developed spreadsheets for your own internal office use, chances are the spreadsheet does not have a digital signature. Signing macros is similar to how websites use SSL certificates to validate the site is legit. The hardest part of the self-signing process is deciding whether you want to purchase a code-signing certificate or use the self-signed certificate process. (I can tell you from personal experience that trying to purchase a code-signing certificate is an expensive and cumbersome process. I don’t recommend that option, except for large enterprises where the code-signing process is routine.)

To read this article in full, please click here

Susan Bradley

Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry

2 months 3 weeks ago

Apple has struck a big blow against the mercenary “surveillance-as-a-service” industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.

Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”

To read this article in full, please click here

Jonny Evans

Microsoft backs off facial recognition analysis, but big questions remain

2 months 3 weeks ago

Microsoft is backing away from its public support for some AI-driven features, including facial recognition, and acknowledging the discrimination and accuracy issues these offerings create. But the company had years to fix the problems and didn’t. That's akin to a car manufacturer recalling a vehicle rather than fixing it.

Despite concerns that facial recognition technology can be discriminatory, the real issue is that results are inaccurate. (The discriminatory argument plays a role, though, due to the assumptions Microsoft developers made when crafting these apps.)

Let’s start with what Microsoft did and said. Sarah Bird, the principal group product manager for Microsoft's Azure AI, summed up the pullback last month in a Microsoft blog

To read this article in full, please click here

Evan Schuman

European Parliament approves sweeping big tech antitrust laws

2 months 3 weeks ago

The European Commission announced late yesterday that the Digital Markets Act (DMA) and Digital Services Act (DSA) have been voted through, marking a new chapter for how technology companies will be able to operate in the EU. The parliament voted 588 in favor and 11 against for the DMA, while 539 MEPs backed the DSA, with 54 votes against.

To read this article in full, please click here

Charlotte Trueman

Think twice before deploying Windows’ Controlled Folder Access

2 months 3 weeks ago

As ransomware attacks gained steam in the mid-2010s, Microsoft sought to give Windows users and admins tools to protect their PCs from such attacks. With its October 2017 feature update, the company added a feature called Controlled Folder Access to Windows 10.

On paper, Controlled Folder Access sounds like a great protection for consumers, home users, and small businesses with limited resources. As defined by Microsoft, “Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11 clients, controlled folder access can be turned on using the Windows Security App, Microsoft Endpoint Configuration Manager, or Intune (for managed devices).”

To read this article in full, please click here

Susan Bradley

FCC commissioner wants Apple, Google to remove TikTok from App Stores

3 months ago

FCC Commissioner Brendan Carr has written to Apple and Google to request that both companies remove the incredibly popular TikTok app from their stores, citing a threat to national security.

Is your data going TikTok?

Carr warns the app collects huge quantities of data and cited a recent report that claimed the company has accessed sensitive data collected from Americans. He argues that TikTok’s, "pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. data...puts it out of compliance,” with App Store security and privacy policies.

To read this article in full, please click here

Jonny Evans
Checked
39 minutes 11 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.