Skip to main content
Please wait...

The Patch Tuesday focus for April: Windows and Exchange (again)

1 day 10 hours ago

On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest “Patch Now” rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here

Greg Lambert

Appogee becomes one-stop shop for enterprise iOS deployment

1 day 14 hours ago

The Apple-focused enterprise services market continues to evolve. Case in point: Apple-only value-added-reseller Appogee is now offering a fully-managed iOS hardware deployment thanks to an arrangement with TRUCE Software.

A one-stop enterprise mobile shop

At its simplest, this means enterprises choosing to deploy iOS devices across their business can approach Appogee to purchase, deploy, and create contextually-aware management tools for these new fleets. The system integrates tools from both TRUCE and Jamf and means businesses can accelerate their mobile strategy, and do so while ensuring their own policies can be enforced on a device and user basis.

To read this article in full, please click here

Jonny Evans

2 big questions to ask about Google and privacy

2 days 17 hours ago

I don't know if you've noticed, but it's become a teensy bit trendy to trash Google and its position on privacy these days.

This wiggly ol' web of ours has always spent a fair amount of energy focusing on how Google uses personal data, of course — and that's a good thing. We absolutely should be aware of how companies do and don't tap into our information.

Lately, though, the conversation has turned especially heated, with a growing chorus of virtual voices suggesting it's time to ditch this-or-that Google service because of how it handles privacy and (insert spooky horror music and/or Sting ballad here) watches every move you make.

To read this article in full, please click here

JR Raphael

Apple and Google reject UK COVID-19 app

4 days 12 hours ago

Apple and Google have been forced to reject the UK’s latest COVID-19 Test and Trace app update because it failed to follow privacy rules the nation had already agreed to follow in order to use the frameworks the tech firms provide.

Keeping deals

In line with World Health Organization (WHO) advice to test widely and act fast in the event of COVID-19 outbreaks, Apple and Google moved quickly at the beginning of the pandemic to develop a private-by-design Exposure Notifications system the world’s health authorities could use to build digital track-and-trace systems.

To read this article in full, please click here

Jonny Evans

Collaboration analytics: Yes, you can track employees. Should you?

5 days 18 hours ago

From email to video meetings and team chat, collaboration applications have become vital tools to connect workers. And by giving companies the tools to track employee use of these apps, software vendors can provide insights into working patterns and help organizations better understand how they operate.

Tech Spotlight: Analytics

The ability to view analytics data in collaboration and productivity software is not new; such products have long provided admins with a snapshot of app utilization. Typically aimed at gauging user uptake and tracking deployment progress, these metrics were otherwise limited in their wider business use.

To read this article in full, please click here

Matthew Finnegan

Your iPhone could soon be your driver's license (in Utah)

1 week 1 day ago

Apple’s iPhone has already replaced your wallet, keys, and flight tickets. Now in Utah, it is beginning to replace your driving license in a new pilot project.

What is happening?

The state is working on a mobile driving license (mDL) using a combination of technologies including NFC and QR codes as digital proof of ID. Holders of the license will be able to choose what personal information is displayed when the QR code is read, or NFC terminal tapped. This can be used in any situation in which you might be expected to present your driving license, including restaurants and bars.

To read this article in full, please click here

Jonny Evans

The Brave browser basics: what it does, how it differs from rivals

1 week 2 days ago

Boutique browsers try to scratch out a living by finding a niche underserved by the usual suspects. Brave is one of those browsers.

Brave has gotten more attention than most alternate browsers, partly because a co-founder was one of those who kick-started Mozilla's Firefox, partly because of its very unusual — some say parasitical — business model.

That model, which relies on stripping every site of every ad, then substituting different ads, came under attack almost immediately from publishers that depended on online advertising for their livelihood. "Your plan to use our content to sell your advertising is indistinguishable from a plan to steal our content to publish on your own website ((emphasis in original," lawyers for 17 newspaper publishers wrote in a cease-and-desist letter to Brave Software in April 2016.

To read this article in full, please click here

Gregg Keizer

Apple gets ready to launch its Find My ecosystem (updated)

1 week 3 days ago

While we’re still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Update: Since publishing this, Apple has made the following announcement. Additional information will be woven in below.

To read this article in full, please click here

Jonny Evans

Apple gets ready to launch its Find My ecosystem

1 week 3 days ago

While we’re still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Now in advanced testing

Apple has published a new app called Find My Certification Asst. Compatible with devices running iOS 14.3 or later and iPadOS 14.3 or later, the app lets accessory makers check that their devices are correctly configured for use with Apple’s Find My network.

To read this article in full, please click here

Jonny Evans

Windows Update for Business: details, details

1 week 5 days ago

Here’s something many Windows 10 users may not know: If you select options to control your updates in the local group policy settings better known as “Windows Update for Business,” you end up controlling optional updates. And what if you are not necessarily a “business” user? What options do you have?

Plenty.

The little secret about “Windows Update for Business” is that it’s nothing more than a set of registry keys and local group policy settings that allow you to better control updates. And you don’t have to work for a business to utilize these settings, though it helps if you’re running Windows 10 Professional.

To read this article in full, please click here

Susan Bradley

Apple switches off the ‘open web’ by making it better

2 weeks 1 day ago

Apple has begun rejecting apps that ignore its new App Tracking Transparency policy as it moves ahead toward the launch of iOS 14.5.  

So, what’s happening?

Reports indicate Apple has started rejecting apps that ignore this new policy, which extends to iPhones, iPads, and tvOS. The policy requires that apps seek express permission to access the advertising identifier (IDFA) of a person’s iPhone in order to track them for ad targeting purposes. The policy also forbids developers from using other methods to track users.

To read this article in full, please click here

Jonny Evans

Keeping a remote workforce secure: Lessons learned, tips for the future

2 weeks 1 day ago
CSO’s Lucian Constantin joins Computerworld’s Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is key, and it means more than getting everyone on a VPN. Zero-trust access gateways, network segmentation, user and device verification, and role-based access control policies are all part of today’s security tool kit.

Microsoft hands IT admins beefed-up Windows release health hub

2 weeks 3 days ago

Microsoft has begun rolling out its Windows release health dashboard to the Microsoft 365 admin portal, a move the company previewed earlier this month at its all-virtual Ignite conference.

"This will be a phased rollout and we expect this information experience to be available to all applicable customers by the end of April," Mabel Gomes, senior communications program manager in the Windows group, said in a March 25 post to a company blog.

The original Windows release health launched almost two years ago as one of the changes Microsoft instituted after the disastrous debut of Windows 10 1809, the fall 2018 version of the operating system that had to be yanked from release because it deleted data.

To read this article in full, please click here

Gregg Keizer

Microsoft elevates Teams' importance by offering top-dollar bug bounties

2 weeks 5 days ago

There's nothing like $30,000 to show that an app has made it to the big time.

Microsoft last week underscored the importance of Teams to its current and future strategic planning by inaugurating a new bug bounty program that will offer up to $30,000 — twice the maximum of any Office application — to security researchers for reporting previously-unknown vulnerabilities.

Out the gate, the new program, carrying the prosaic label "Microsoft Applications Bounty Program," focused exclusively on the Teams desktop client. Other applications will be brought into the program, Microsoft said, though no timeline was given.

To read this article in full, please click here

Gregg Keizer

Patch Tuesday recap: This month, an ‘Ides of March’ update?

2 weeks 5 days ago

While this month’s security updates weren’t released exactly on the Ides of March, they certainly caused disruption for many users.  (For those not into history or Shakespeare, the Ides of March — March 15, 44 BC — is famous as the day Julius Caesar was assassinated.) Microsoft’s March 9 patch release brought more bumpiness and issues than I can remember in a long time. Perhaps we should reassign the date for this year’s Ides of March to March 9 as an unofficial acknowledgment.

As I alluded to last week, this month was bumpy in terms of patching side effects. Here’s what we know: The March updates included fixes for printing that triggered blue screens of death on computers when users tried to print. In the case of Dymo label printers (and other bar code or graphical printers) they left them printing out blank labels. Larger business-style multifunction printers saw issues, especially where you have an older PCL 3 or PCL 4 style driver. Ricoh and Kyocera users reported the most issues. (One workaround: use a generic PCL 6 driver instead, though you might lose some functions.) Any Kyocera printers that use the KX driver are affected, as are some Okidata, NiceLabel, and point-of-sale system printers from applications called BarTender

To read this article in full, please click here

Susan Bradley

5 handy Google Fi features you shouldn't forget

3 weeks 4 days ago

Got Fi? Google's unusual wireless service may have shifted its name from Project Fi to Google Fi a while back, but its core proposition has remained relatively constant since the start: Pay only for the data you use, and avoid all the traditional carrier shenanigans.

For the right kind of person, Fi can be a real cost-cutter and hassle-saver. And aside from its most prominently promoted perks — the seamless network-switching, the public Wi-Fi use, the fee-free roaming and hotspot capabilities, and so on — Fi has some pretty interesting out-of-the-way options that can really elevate your experience.

To read this article in full, please click here

JR Raphael

Text authentication is even worse than almost anyone thought

3 weeks 5 days ago

Everyone has been lecturing IT about how horrible the security is from texting numbers for authentication for years, including me. Now, due to some excellent reporting from Vice, it's clear that the text situation is far worse than almost anyone thought. It's not merely texting that has inherent cybersecurity flaws, but the entire telecom space surrounding the text infrastructure is absolutely abysmal.

The demonstrated white hat attack intercepted and rerouted all of the victim's text messages, but it wasn't a technical takeover. The white hat (who had been asked by the Vice reporter to try and steal his text messages) simply paid a small fee ($16) to a legitimate SMS marketing and mass messaging firm called Sakari. The whitehat had to lie about having the user's permission, but no meaningful proof was sought.

To read this article in full, please click here

Evan Schuman

Microsoft, we need to have a talk

3 weeks 5 days ago

Microsoft? We need to talk. Lately you’ve been disappointing me. You released three sets of security updates this month for my Windows 10 machines. The first set of updates (KB5000802 for the 2004/20H2 versions) triggered blue screens of death when I attempted to print to Ricoh and Kyocera printers as caused issues with Dymo labels.  As you yourself noted, “after installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.”

To read this article in full, please click here

Susan Bradley
Checked
53 minutes 54 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.