Skip to main content
Please wait...

Microsoft Patch Alert: October 2020

3 months ago

October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here

Woody Leonhard

A phenomenal Android privacy feature you probably forget to use

3 months ago

It's amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here

JR Raphael

Zoom's new encryption approach is incremental, but better

3 months ago

Just like their consumer counterparts, enterprise IT execs have flocked to Zoom for all manner of meetings. But security has invariably taken a backseat to convenience and availability, as anyone who has endured a Zoom intruder knows all too well.

Zoom this week (it hasn't yet said exactly when) will roll out its upgraded encryption option. But it comes at the cost of surrendering various popular features. And it also does not come with improved authentication and identification of users, a capability Zoom now is promising to deliver sometime in 2021.

Zoom describes its current encryption offering as adequate, but not ideal:

To read this article in full, please click here

Evan Schuman

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday

3 months ago

This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final “change” for this release was a relatively minor update to Visual Studio - leading to no change in our recommendations in this benign update.)

To read this article in full, please click here

(Insider Story)
Greg Lambert

Is Windows the greatest cyberthreat to the 2020 US election?

3 months 1 week ago

If there’s going to be a successful cyberattack on the 2020 U.S election, you can be sure Windows will be involved. It’s the world’s biggest exposed attack vector and the weapon of choice of cybercriminals and intelligence agencies the world over. In addition, the world’s biggest botnets are made up of millions of infected Windows PCs used to launch cyberattacks.

To read this article in full, please click here

(Insider Story)
Preston Gralla

With Patch Tuesday here, be sure Windows Update is paused

3 months 1 week ago

Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we’ve seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you’re protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol’ PC.

To read this article in full, please click here

Woody Leonhard

As Patch Tuesday nears, be sure Windows Update is paused

3 months 1 week ago

Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we’ve seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you’re protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol’ PC.

To read this article in full, please click here

Woody Leonhard

Apple's T2 Mac security chip may be vulnerable, researcher claims

3 months 2 weeks ago

A security researcher claims to have figured out how to break the T2 security chip on modern Intel-based Macs using a pair of exploits developed to jailbreak older phones. Apple has not commented on these claims.

What the research claims

The claim seems to be that because the T2 chip is based on the older A10 series Apple processor, it is possible to use two jailbreak tools (Checkm8 and Blackbird) to modify the behavior of T2, or even install malware to the chip.

It’s not an easy hack: Not only must an attacker have local access to the Mac, but they must connect to the target Mac using a non-standard "debugging" USB-C cable and run a version of a jailbreaking software package during startup.

To read this article in full, please click here

Jonny Evans

Wire targets Zoom, Teams and others with secure video upgrades

3 months 2 weeks ago

Secure communication platform Wire has overhauled its video conferencing capabilities and now allows more users to simultaneously have fully encrypted video calls.

Beginning today, Wire users will be able to video chat with up to 12 people and voice call with up to 25. While video conferencing rivals Zoom and Webex already offer end-to-end encryption on some plans, Wire’s latest move will provide that high level of security to all its users. Wire now boasts that it offers “the world’s first completely end-to-end encrypted video environment.”

As many companies enter their seventh month of employees working from home, the demand for video conferencing services has not had any let up. That has led to something of an arms race as Microsoft, Zoom and a variety of other services have in recent months announced upgrades and feature tweaks of their own.

To read this article in full, please click here

Charlotte Trueman
Checked
28 minutes 40 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.