Skip to main content
Please wait...

As China pushes its digital currency plans, the US falls behind

1 month 1 week ago

China’s digital yuan project, a blockchain-based cryptocurrency for consumer and commercial finance, can no longer be considered a pilot. That’s the assessment by economic and cryptocurrency experts.

Those experts have been monitoring efforts in China and other countries developing and piloting central bank digital currencies (CBDCs) with the aim of establishing a blockchain-based virtual cash that is cheaper to use and faster to exchange, both at home and across international borders.

To date, the People’s Bank of China has distributed the digital yuan, called e-CNY, to 15 of China’s 23 provinces, and it has been used in more than 360 million transactions totaling north of 100 billion yuan, or $13.9 billion. The country has literally given away millions of dollars worth of digital yuan through lotteries, and its central bank has also participated in cross-border exchanges with several nations.

To read this article in full, please click here

The trials and tribulations of Microsoft’s KB5012170 patch

1 month 2 weeks ago

KB5012170 is many things to many Windows users. First, it’s a patch that either installs with no problems or leads to a blue screen of death (BSOD). It can also be an indicator we have a problem getting updated drivers on our systems. It can demonstrate how users don’t keep up with Bios updates. And it shows that some OEMs enable Bitlocker on the systems they sell (not necessarily in a good way).

In short, it’s a problematic patch that just keeps rearing its head.

Also known as “Security Update for Secure Boot DBX,” KB5012170 was released earlier this year and makes improvements to the Secure Boot Forbidden Signature Database (DBX).  Windows devices that have Unified Extensible Firmware Interface (UEFI)-based firmware have Secure Boot enabled. It ensures only trusted software can be loaded and executed on during the boot process by using cryptographic signatures to verify the integrity of the process and the software being loaded.

To read this article in full, please click here

Patch Tuesday: Two zero-day flaws in Windows need immediate attention

1 month 2 weeks ago

Microsoft's December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

Jamf Protect adds powerful telemetry to protect Mac enterprise

1 month 2 weeks ago

Security and privacy go hand in hand in the connected enterprise. So as we approach the holiday break, there's good news for security-conscious Mac-using enterprises from Jamf: powerful new telemetry tools in Jamf Protect.

Because complex security is sexy

We know that enterprise users don’t just have a responsibility to keep things secure, they also need to prove they’re doing so. Beyond that, many regulated industries must maintain ever more complex security event logging and insight to show how hard they’re working to protect their systems.

To read this article in full, please click here

Microsoft calls time out on Apple Watch Authenticator

1 month 2 weeks ago

Using an Apple Watch as a device to authenticate access to enterprise sites and services using Microsoft Authenticator is a convenience that's about to go away. Microsoft says the feature will stop working after an Authenticator update scheduled for next month.

Apple Watch auth out

Microsoft Authenticator makes it easy to sign into Microsoft accounts, supported apps or services using two-step verification. Authenticator also generates one-time use codes, so you needn’t wait for text messages or calls to access your accounts.

To read this article in full, please click here

Microsoft’s EU data boundary plan to take effect Jan. 1

1 month 2 weeks ago

Microsoft on Thursday said it will begin rolling out the first phase of its European Union data boundary plan from January 1, 2023, that will allow customers to store and process their customer data within the EU. The move comes two days after the EU commission said it had officially begun the process of approving the EU-US Data Privacy Framework.

Under the first phase of the plan, companies that use Microsoft products and services will be able to store and process their customer data within the EU. Microsoft has included Azure, Power BI, Dynamics 365 and Office 365 under the first phase.

To read this article in full, please click here

European Commission takes step toward approving EU-US data privacy pact

1 month 2 weeks ago

The European Commission announced Tuesday that is has officially begun the process of approving the EU-US Data Privacy Framework—hammered together to allow the flow of data between the US and the European Union—after concluding that the framework provides privacy safeguards comparable to those of the EU.

After President Biden signed the executive order that implemented rules for the Trans-Atlantic Data Policy Framework in the US in October, the Commission conducted an assessment into the US legal framework that the bill was based upon. That assessment, released Tuesday, says that the legislation ensures an adequate level of protection for personal data transferred from the EU to US companies.

To read this article in full, please click here

Apple sets a security challenge for 2023

1 month 3 weeks ago

Given Apple's big moves this week to roll out new data protection tools for iMessage and allow users to encrypt more of their data in iCloud, it seems obvious that security is going to be a major Apple priority in the year ahead.

Stamping out surveillance

The Biden administration’s decision to blacklist the mercenary hackers at NSO Group was a welcome move, but it hasn’t stopped the "surveillance-as-a-service" industry. Instead, it's atomized it, which means we now have more companies offering such "services" than ever before.

To read this article in full, please click here

Apple finally adds encryption to iCloud backups

1 month 3 weeks ago

Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users.

Along with end-to-end encryption for iCloud, Apple’s cloud storage and computing platform, the company announced iMessage Contact Key Verification, allowing users to verify they are communicating only with whom they intend.

Apple

Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign into their Apple ID account. (Hardware security keys use devices, such as USB thumb drives or near-field communication (NFC) dongles, to enable access to a service or application.)

To read this article in full, please click here

A compliance fight in Germany could hurt Microsoft customers

1 month 3 weeks ago

If there are two things that should never mix, it’s cybersecurity/privacy compliance and corporate politics. And yet, that's at the heart of a compliance fight between Microsoft and German authorities that might wind up punishing the company's customers. 

The German Datenschutzkonferenz — the regulatory body entrusted to handle Germany’s flavor of the European Union's General Data Protection Regulation (GDPR) — has publicly declared that “no data protection-compliant use of Microsoft Office 365 was possible.”

To read this article in full, please click here

What you need to know about the UK’s Online Safety Bill

1 month 3 weeks ago

Three years and four prime ministers after the UK government first published its Online Harms white paper—the basis for the current Online Safety Bill—the Conservative Party’s ambitious attempt at internet regulation has found its way back to Parliament after multiple amendments.

If the bill becomes law, it will apply to any service or site that has users in the UK, or targets the UK as a market, even if it is not based in the country. Failure to comply with the proposed rules will place organizations at risk of fines of up to 10% of global annual turnover or £18 million (US$22 million), whichever is higher.

A somewhat bloated and confused version of its former self, the bill, which was dropped from the legislative agenda when Boris Johnson was ousted in July, has now passed its final report stage, meaning the House of Commons now has one last chance to debate its contents and vote on whether to approve it.

To read this article in full, please click here

UK set to mandate right to request flexible work from first day on the job

1 month 3 weeks ago

The UK government is backing proposed legislation that would give workers the right to request flexible working arrangements from day one of their employment.

In the aftermath of the COVID-19 pandemic, which saw millions of workers start working from home as lockdown orders were enforced, most employees continued to have flexibility over how and when they work, with many organizations now practicing a hybrid work model.

To read this article in full, please click here

Biometrics are even less accurate than we thought

1 month 4 weeks ago

Biometrics is supposed to be one of the underpinnings of a modern authentication system. But many biometric implementations (whether that be fingerprint scanes or face recognition) can be wildly inaccurate, and the only universally positive thing to say about them is they're better than nothing.

Also — and this may prove critical — the fact that biometrics are falsely seen as being very accurate may be sufficient to dissuade some fraud attempts. 

There are a variety of practical reasons biometrics don't work well in the real world, and a recent post by a cybersecurity specialist at KnowBe4, a security awareness training vendor, adds a new layer of complexity to the biometrics issue.

To read this article in full, please click here

Hey, Google: It's time to step up your Pixel upgrade promise

2 months ago

Look, it's no big secret that I'm a fan of Google's Pixel program.

I've personally owned Pixel phones since the first-gen model graced our gunk-filled pockets way back in 2016. And Pixels have been the only Android devices I've wholeheartedly recommended for most folks ever since.

There's a reason. And more than anything, it comes down to the software and the overall experience Google's Pixel approach provides.

  • Part of that is the Pixel's interface and the lack of any unnecessary meddling and complication — including the absence of confusing (and often privacy-compromising) duplicative apps and services larded onto the phone for the manufacturer's business benefit and at the expense of your user experience.
  • Part of it is the unmatched integration of exceptional Google services and exclusive Google intelligence that puts genuinely useful stuff you'll actually benefit from front and center and makes it an integrated part of the Pixel package.
  • And, yes, part of it is the Pixel upgrade promise and the fact that Pixel phones are still the only Android devices where both timely and reliable software updates are a built-in feature and guarantee.

[Psst: Got a Pixel? Any Pixel? Check out my free Pixel Academy e-course to uncover all sorts of advanced intelligence lurking within your phone!]

To read this article in full, please click here

AWS releases Wickr, its encrypted messaging service for enterprises

2 months ago

Just days after announcing the close of its consumer-oriented Wickr Me encrypted messaging service, Amazon Web Services (AWS), at its annual re:Invent conference on Monday, said that it was making the enterprise version of the app generally available.

Dubbed simply AWS Wickr, the service was first announced in July and has been in preview till now.

The enterprise version of the messaging service, designed to allow enterprise users to securely collaborate via text, voice and video, along with file and screen sharing, is expected to help enterprises meet auditing and regulatory requirements such as e-discovery and US Freedom of Information Act (FOIA) requests, the company said in a statement.

To read this article in full, please click here

Checked
24 minutes 39 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.