Skip to main content
Please wait...

For Windows, it’s ‘squirrel away time’

3 months ago

It’s that semi-annual time of the year we in AskWoody land call “squirrel away time” — time to make sure you have a copy of the ISO currently installed on your computer in case you need to reinstall it. There are a number of ways to get older versions of Windows by using a trick publicized on the Thurrott.com site. But the easiest way to grab a copy of, say, 20H2 is to go to the software download site, download a copy and store it on a spare hard drive, flash drive or external USB drive.

To read this article in full, please click here

Susan Bradley

A highly sarcastic Android security warning

3 months ago

Holy floppin' hellfire, Henry! Have you heard? A terrifying new form of Android malware is running amok — stealing passwords, emptying bank accounts, and drinking all the grape soda from the refrigerators of unsuspecting Android phone owners.

We should all be quivering in our rainboots, according to almost all the information I've read on these here internets. Numerous adjective-filled news stories have warned me that the "scary new Android malware" is "spreading quickly," targeting "millions" (millions!) of users, and occasionally even "kicking people square in the groin." (All right, so I made that last part up. But you get the idea.)

To read this article in full, please click here

JR Raphael

How long until Apple boots apps from its stores for privacy issues?

3 months 1 week ago

Apple will inevitably begin enforcing the privacy requirements it has put in place across its ecosystem, meaning developers who attempt to avoid or dissemble their way around these protections should expect action, including removal from the App Store.

What Apple is doing

Everyone recognizes how seriously Apple takes privacy. Statement by statement and all through iterative software and product releases, the company is making it crystal clear that it believes privacy is essential to achieve the potential of digital transformation.

To read this article in full, please click here

Jonny Evans

Microsoft patents biometric 'wellness insights' tool for workers

3 months 1 week ago

Microsoft has patented an employee “wellbeing” recommendation feature that uses biometric data to detect a worker’s stress levels when completing tasks such as sending emails, encouraging them to take a break when anxiety levels run high.

The “Emotion Detection From Contextual Signals For Surfacing Wellness Insights” patent, filed in October 2019 and published last week, describes a “wellness insights service” that collates data from a range of sources. This includes blood pressure and heartrate monitoring data that could be obtained from an employees’ wearable devices, such as smart watches and fitness trackers.

To read this article in full, please click here

Matthew Finnegan

Why enterprises must install the latest macOS software patch

3 months 1 week ago

Enterprises should install Apple’s latest macOS Big Sur 11.3 update to secure their Macs. I spoke with Jamf Mac security expert Jaron Bradley, who explained why.

Install macOS 11.3 immediately

Enterprise users running fleets of Macs should get their IT support teams to approve the installation of Apple’s macOS Big Sur 11.3 update as swiftly as possible; the update should protect Macs against a serious software vulnerability that places data at risk.

As first spotted by Cedric Owens (and subsequently heavily researched by Jamf), the malware — a new version of a known Shlayer vulnerability — spreads in the following ways:

To read this article in full, please click here

Jonny Evans

April patch recap: Mostly quiet on the Microsoft front

3 months 1 week ago

Unlike March, when patch updates caused issues with some printers, Microsoft's updates for April were relatively tame. Windows users lost the old pre-Chromium version of Edge; some users saw performance issues; and Microsoft started talking up "News and Interests."

In fact, it's that last one that has some IT admins concerned. (More about that below.)

Old Edge out, new Edge in

First off, Microsoft this month installed the new Chromium-based Edge browser and removed the old Edge. Now that the browser relies on the Chromium engine, it will receive updates on the same schedule as Google Chrome.

Note: the rollout wasn’t without some side effects. If you had some other application set to open up PDF files, the April release reset your default PDF reader to be Edge. So, you’ll need to reset the default application back to whatever your preference was. (This can be easily done; check out this recent YouTube video for details.) Microsoft also moved the default download location from the bottom left of the browser window to the top right — in line with other browser download locations. If you’re a longtime Edge user like me, this takes a bit of getting used to.

To read this article in full, please click here

Susan Bradley

Rethinking mobile security in a post-COVID workplace

3 months 1 week ago

In the world of enterprise mobile security, sometimes horrible situations force security corner-cutting to preserve the company. And COVID-19 forcing companies to empty office buildings and move everything (and everyone) to remote locations and the cloud in March 2020 is the classic example. What led to the security shortcuts was not just the abrupt change to work from home, but the fact that companies typically had to make the transition in a few days.

Add to that increased problems with IoT security — especially as IoT devices in home environments accessed global systems via VPNs, sometimes spreading malware through the pipeline — and you have a mess. A recent Verizon mobile security report put it bluntly: “Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That’s an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds [67%] in our IoT sample. And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed.”

To read this article in full, please click here

Evan Schuman

VMware targets remote work security with Anywhere Workspace

3 months 2 weeks ago

Providing secure access to vital applications has been a key challenge for businesses forced to adapt to remote working during the pandemic. And with many businesses set to continue to support a distributed workforce even after offices reopen, it will remain a priority for IT for some time.

With this in mind, VMware has unveiled a suite of security and endpoint management tools to support remote workers. VMware Anywhere Workspace, announced on Tuesday, combines VMware’s Workspace One, a “digital workspace platform” that delivers applications across a range of devices, with its Carbon Black Cloud endpoint security tools and SASE, which provides secure network access for distributed teams.

To read this article in full, please click here

Matthew Finnegan

Details of how the feds broke into iPhones should shake up enterprise IT

3 months 2 weeks ago

Apple has an awkward history with security researchers: it wants to tout that its security is excellent, which means trying to silence those who aim to prove otherwise. But those attempts to fight security researchers who sell their information to anyone other than Apple undercuts the company's security message.

A recent piece in The Washington Post spilled the details behind Apple’s legendary fight with the U.S. government in 2016, when the Justice Department pushed Apple to create a security backdoor related to the iPhone used by a terrorist in the San Bernardino shooting. Apple refused; the government pursued it in court. Then when the government found a security researcher who offered a way to bypass Apple security, the government abandoned its legal fight. The exploit worked and, anticlimactically, nothing of value to the government was found on the device.

To read this article in full, please click here

Evan Schuman

The Patch Tuesday focus for April: Windows and Exchange (again)

3 months 2 weeks ago

On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest “Patch Now” rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here

Greg Lambert

Appogee becomes one-stop shop for enterprise iOS deployment

3 months 2 weeks ago

The Apple-focused enterprise services market continues to evolve. Case in point: Apple-only value-added-reseller Appogee is now offering a fully-managed iOS hardware deployment thanks to an arrangement with TRUCE Software.

A one-stop enterprise mobile shop

At its simplest, this means enterprises choosing to deploy iOS devices across their business can approach Appogee to purchase, deploy, and create contextually-aware management tools for these new fleets. The system integrates tools from both TRUCE and Jamf and means businesses can accelerate their mobile strategy, and do so while ensuring their own policies can be enforced on a device and user basis.

To read this article in full, please click here

Jonny Evans
Checked
23 minutes 25 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.