Among a slew of announcements at WWDC this year were some important changes to Apple’s support for single sign-on (SSO). Here’s what’s coming when new updates ship this fall.

Apple first introduced SSO support at WWDC 2019 with Sign in with Apple, which also saw the introduction of extensions to enable this kind of authentication. It allowed a user to access a service or website using their Apple ID, and meant support for identity providers, the use of highly secure token-based signatures and the tools service providers required to implement these systems.

To read this article in full, please click here

We’ve reached the mid-point of 2022 and when it comes to security, I feel like we’re not making much headway. I still see people report they’re getting scammed, ransomed, and attacked on a regular basis — and for many users the browser is becoming the most important part of whatever platform you use. So now is a good time to review your browsers, and any extensions you’ve installed to beef up security.

Note, I said browsers —plural. While enterprises might want to standardize on only one browser for better control, for small businesses and individual users, I recommend installing more than one. (I often use three different browsers.)

Why is this important? Because attackers (and trackers) go after browsers. In fact, it’s good to think of your browser a separate operating system, and act accordingly to protect it. Though I focus mainly on Windows issues, these guidelines and recommendations apply to Mac OS, Ubunto, Mint, and others.

To read this article in full, please click here

Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there's justification for keeping mobile platforms utterly locked down.

I don’t intend to focus too much on the news, but in brief it is as follows:

• Google’s Threat Analysis Group has published information revealing the hack.
• Italian surveillance firm RCS Labs created the attack.
• The attack has been used in Italy and Kazakhstan, and possibly elsewhere.
• Some generations of the attack are wielded with help from ISPs.
• On iOS, attackers abused Apple’s enterprise certification tools that enable in-house app deployment.
• Around nine different attacks were used.

The attack works like this: The target is sent a unique link that aims to trick them into downloading and installing a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to trick targets into downloading the app to recover that connection.

To read this article in full, please click here

Google's Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan.

According to a Google blog post on Thursday, RCS Lab uses a combination of tactics, including atypical drive-by downloads, as initial infection vectors. The company has developed tools to spy on the private data of the targeted devices, the post said.

To read this article in full, please click here

Apple will add another obstacle against successful phishing attacks in iOS 16, iPadOS 16, and macOS Ventura, which will show a company’s official logo to help recipients recognize genuine from fake emails.

Apple’s forthcoming operating systems will support Brand Indicators for Message Identification (BIMI). This is a specification to enable the use of brand-controlled logos within emails and will be a way to tell recipients that an email genuinely comes from the company concerned. Google has supported BIMI since 2021.

To read this article in full, please click here

So, you finally got around to installing a Windows update from Microsoft, and there’s a problem. Where do you go for support and assistance?

Short answer: it depends.

If you are an Enterprise customer and have an issue with your work computer — whether in the office or remote — there should be a designated IT administrator or help desk for you. You either call the help desk or open a trouble ticket and someone gets back to you. Often, they have tools to remotely connect to your computer and see what’s going on.  If the issue is so serious your machine can’t be fixed, they’ll deploy a new computer or reimage your PC using tools such as Autopilot to deploy a fresh copy of Windows for you.

To read this article in full, please click here

June's Patch Tuesday updates, released on June 14, address 55 vulnerabilities in Windows, SQL Server, Microsoft Office, and Visual Studio (though there are oo Microsoft Exchange Server or Adobe updates this month). And a zero-day vulnerability in a key Windows component, CVE-2022-30190, led to a “Patch Now” recommendation for Windows, while the .NET, Office and SQL Server updates can be included in a standard release schedule.

To read this article in full, please click here

Exit signs and fire extinguishers became mandatory following the Triangle Shirtwaist Factory fire in New York City. The 1933 Long Beach earthquake triggered an overhaul of building codes for California public schools. Regulations covering the construction and operation of nuclear power plants were fortified after the 1979 Three Mile Island accident.

What will the long-term impacts of COVID-19 be on workplace safety?

To read this article in full, please click here

Two sessions I attended at last week's Worldwide Developer Conference (WWDC) — the Managed Device Attestation and Secure Endpoint sessions — highlight the company's commitment to delivering increased capabilities for security tools. While both were naturally oriented more to developers of device management and security solutions than to end users or IT admins, some of the additional capabilities developers will be able to build into enterprise tools are noteworthy.

To read this article in full, please click here

I spoke with Jamf CIO Linh Lam on a recent UK visit to mark the company's 20th anniversary. The 2020 Bay Area CIO of the Year Finalist joined Jamf in 2021 – and thinks Apple will be the top enterprise endpoint by 2030 as its current momentum accelerates.

“The way the demand is growing and the expectations of younger generations joining the workforce, Apple devices will be the number one endpoint by 2030,” she told me.

To read this article in full, please click here

You could call today Patch-Tuesday Eve. It’s the day before Windows machines get offered updates from Microsoft. What should you be doing to prepare?

It depends on what kind of computer user you are.

You keep everything in the cloud, you use a Microsoft account, you don’t mind reinstalling your OS if need be. Your data is protected by a username and a password, and if you are savvy, your data is protected by two-factor authentication.  

Prior to Patch Tuesday, you might decide you don’t need to back up your computer system since you know if something happens to your computer, you can reinstall the operating system and merely reconnect to your various online storage services. You’ve double-checked that all cloud services you use have file versioning enabled, so if you need to roll back to a prior version of a file, you can do so.

To read this article in full, please click here