Apple CEO Tim Cook this week warned that regulators are on the edge of making poor decisions that will impact our future during a passionate speech in defense of personal privacy and his company’s business models at the Global Privacy Summit in Washington DC.

Neither good nor evil

The thrust of Cook’s argument is that privacy and security are essential building blocks of trust for a technologically advanced society. But that huge potential is being constrained by surveillance and insecurity.

To read this article in full, please click here

Privacy-centered search engine DuckDuckGo today launched the beta of its desktop browser for macOS.

The browser is designed from the ground up to maintain privacy, the company said, meaning it will not collect information about users and will not install cookies or tracking codes on devices. DuckDuckGo also said it can block “hidden trackers” before they load.

Duckduckgo first announced plans for a macOS desktop browser in December 2021. (The browser is already available as a download for mobile devices). In 2019, DuckDuckGo added Apple Maps support and has since made  other improvements to how it works on Apple devices.

To read this article in full, please click here

Disclosure: Microsoft is a client of the author.

Microsoft this week had an analyst event about Windows 11 and a variety of productivity, management, and security features the company has planned. Over the last couple of years, Microsoft has aggressively improved both Windows and Office 365, but the big change ahead is the potential blend of Windows with Windows 365. We’ll see that start by the end of the year. The end game should be what appears to be a Windows desktop that integrates so well with the cloud that it can, when necessary, seamlessly switch between instances to comply with company policy, assure security, and provide recourse on automatic demand from Azure Cloud. 

To read this article in full, please click here

In the mobile world pitting Apple’s iOS devices against Google’s Android devices, Apple has historically had one distinct advantage: patches and updates.

Given the fragmented nature of Android (hundreds of handset manufacturers versus just one for iOS), it is simply far easier for Apple to quickly and efficiently push out updates in a way that allows a large percentage of users to get updates quickly. That has been true regardless of whether its new functionality or a critical security patch.

So what's the problem? Craig Federighi, Apple’s senior vice president of software engineering, has quietly said that Apple has dramatically slowed down auto updates — by as much as a month.

To read this article in full, please click here

In the world of software, six months is an eternity.

Heck, look at how much has happened over the past six months since Android 12 came into the universe. Google started and then finished a hefty 0.1-style update that lays the groundwork for significant large-screen improvements to the Android experience. And it's now well into the public development phase of its next big Android version, Android 13 — which is the rapidly forming release on most folks' minds at this point.

To read this article in full, please click here

There’s a lot of fear of possible Russian cyberattacks stemming from Russia’s attempted takeover of Ukraine. Perhaps the biggest worry —and quite possibly the most likely to materialize — is that these cyberattacks will likely be finely tuned as retaliation for US financial moves against the Russian economy. 

The cyberattacks would be designed not to steal money or data per se, but to harm the US economy by strategically hitting major players in key verticals. In other words, the Russian government might say, “You hurt our economy and our people? We’ll do the same to you.”

Thus far, there’s no evidence of any large-scale attack, but one could be launched at any time. 

To read this article in full, please click here

One of the most difficult issues in enterprise cybersecurity — something the US Securities and Exchange Commission is now openly struggling with — is when should an enterprise report a data breach?

The easy part is, “how long after the enterprise knows of the breach should it disclose?” Different compliance regimes come to different numbers, but they are relatively close, from GDPR’s 72 hours to the SEC’s initial four days.

To read this article in full, please click here

Countless articles have been published in the past few years about zero trust, most of them explorations and expositions for security professionals.

But I want to write for remote workers on the other side of the so-called "trust" equation — the people who will deal with the changes and inconveniences as zero-trust strategies are implemented and refined over the next few years.

Welcome to this jargon-free explanation of zero trust.

To read this article in full, please click here

Since Russia’s invasion of Ukraine last month and consequential sanctions against the Kremlin, the threat of cyberattacks in the U.S. and abroad has been looming. While the threat of attacks on critical infrastructure has increased, it hasn’t escalated to the all-out cyberwar that some were expecting. CSO Online senior writer Lucian Constantin joins Juliet to discuss how the cyber threat landscape has evolved as a result of the war in Ukraine and what organizations can do to increase their cyber incident defenses. For more on this topic, check out this article from CSO Online: Conti gang says it's ready to hit critical infrastructure in support of Russian government: https://www.csoonline.com/article/3651498/conti-gang-says-its-ready-to-hit-critical-infrastructure-in-support-of-russian-government.html

We’re told that one of the best ways to stay secure is to make sure our computers are patched. But we need to always be aware that at any given time, there are several vulnerabilities probably known and in use by attackers. The good news is that the number of days between when a bug is identified and when it’s patched is slowly going down, according to the Google Project Zero. It tracks how long it’s taking vendors to patch bugs and found that “in 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days [three] years ago.”

To read this article in full, please click here

US President Biden and EU President von der Leyen say deal underscores shared values over data privacy and security surrounding transatlantic information sharing.

Gather 'round, kiddos — 'cause it's time for a story.

Once upon a time, Chrome was a lean, mean browsing machine. It was the scrappy lightweight kid in a block filled with clunky old blobs of blubber. People had never seen a browser so fast, so thoughtfully constructed! It stripped everything down to the essentials and made the act of browsing the web both pleasant and secure — qualities that were anything but standard back in that prehistoric era.

Chrome was "minimalist in the extreme," as The New York Times put it — with "extremely fast" page loads and a "snappy" user interface, in the words of Ars Technica. Its sandbox-centric setup and emphasis on supporting web-based applications made the program "the first true Web 2.0 browser," as some other tech website opined.

To read this article in full, please click here

Each time we experience an Apple iCloud, Spotify, Slack, Verizon, Google, Peloton, or any other form of server-based outage, we’re reminded that everyone should have multiple layers of backup to maintain data and work to ensure key services still work when servers go down.

To read this article in full, please click here

One of the dirty little secrets of many businesses, perhaps even most, is that far more of them than ever admit to it have been hacked. Still others end up paying ransomware, but they've never revealed this deep, dark secret. After all, who wants to admit to the world — and their customers — that they've been caught with their security pants down.

Well, things are about to change. In the recently signed $1.5 trillion government funding bill were new cybersecurity laws requiring companies to quickly report data breaches and ransomware payments. 

To read this article in full, please click here

Companies and governments have, shall we say, interesting relations. Just ask any Chinese tech company in recent days.  But, while they're losing billions, companies in war-mongering countries like Russia have an even harder row to hoe. How can Russian companies support Russia's unprovoked invasion of Ukraine?

You may say they can't, but that just shows you haven't studied history. When money and ethics are weighed against each other, money usually wins. For example, such American-as-apple-pie-and-baseball companies as General Motors, Ford, Coca-Cola, and IBM supported Nazi Germany during World War II.

To read this article in full, please click here

There has been a rapid spike in demand for VPN services in Russia and Ukraine since the invasion began almost three weeks ago. People in both nations seek online freedoms as offline misery intensifies, and want to see through the fog of conflict.

VPN services see rapid growth in Russia

A VPN (virtual private network) service creates an encrypted tunnel between users and the servers they interact with. This helps secure the traffic to protect people from being identified, tracked, and surveilled.

Simon Migliano, Head of Research at Top10VPN, explained that Russians began seeking out VPN services before the conflict began. But demand has accelerated as it continues and authorities become more repressive there.

To read this article in full, please click here

Where does your software come from?

That’s one of the questions online users at AskWoody.com have asked in recent weeks. Obviously, this comes up as the world sees what’s going on in Ukraine. For many years, one security software vendor in particular was tagged as possibly having Russian ties — and as far back as 2017, the US government banned the use of Kaspersky antivirus over fears the security software could spy on defense contractors for Russia.

To read this article in full, please click here

March brings us a solid set of updates from Microsoft for Windows, Microsoft Office, Exchange, and Edge (Chromium), but no critical issues requiring a “Patch Now” release schedule (though Microsoft Exchange will require some technical effort this month). We have published some testing guidelines, with a focus on printing, remote desktop over VPN connections, and server-based networking changes. We also recommend testing your Windows installer packages with a specific focus on roll-back and uninstall functionality.

You can find more information about the risk of deploying these Patch Tuesday updates with this useful infographic. And, if you are looking for more information on .NET updates, there is a great post from Microsoft that highlights this month's changes.

To read this article in full, please click here

COVID-19 has made us all more aware of the need to protect our computers at home from online evil. But when was the last time you pointed your browser at your router? The little box that connects your PC and all the other devices in your home to the internet has an array security features that many people are unaware of.

After speaking to Derek Manky, chief of security insights and global threat alliances at Fortinet's FortiGuard Labs, I logged into my Verizon FIOS router for the first time in years and discovered there were no less than 18 devices connected to it, including TVs, printers, thermostats and a half dozen Amazon Echoes. Each is a potential security vulnerability. “If you look at your home router, you’ll be surprised what you find there,” Manky said.

To read this article in full, please click here

Phishing, those malicious e-mails that pretend to be legitimate messages, has been a problem since Canter and Siegel launched the first spam campaign in 1994. (Mea culpa — it seems they learned about this thing called the Internet from some of my articles.) Today, spam, while still annoying, is the least of our e-mail troubles. In addition to invading Ukraine, Russian agents are now doing their best to invade our IT systems via phishing e-mails.

To read this article in full, please click here