Computerworld Security
Microsoft Patch Alert: May 2020
Fri, 29 May 2020 12:54:00 -0700

With most of the fanatical Windows fan base now circling the trough on the just-released upgrade to Windows 10 version 2004, it’s time for those of us who rely on stable PCs to consider installing the May patches.

While the general outlook now is good, we’ve been through some rough patches – which you may, or may not, have noticed.

Unannounced Intel microcode patch triggers reboots

On May 20, Microsoft released another of its ongoing series of “Intel microcode updates,” all named KB 4497165. Ostensibly intended to fix the Meltdown/Spectre security holes, many of them have a history of problems and hassles not commensurate with the amount of protection they provide (unless you’re running a bank transaction system or decrypting top secret emails).

To read this article in full, please click here

Getting started with Google Password Manager
Fri, 29 May 2020 03:00:00 -0700

If you're still trying to remember all of your passwords and then type 'em into sites by hand, let me tell you: You're doing it wrong.

With all the credentials we have to keep track of these days, there's just no way the human brain can handle the task of storing the specifics — at least, not if you're using complex, unique passwords that aren't repeated (or almost repeated, even) from one site to the next. That's where a password manager comes into play: It securely stores all your sign-in info for you and then fills it in as needed.

While there's a case to be made for leaning on a dedicated app for that purpose (for reasons we'll discuss further in a moment), Google has its own password management system built right into Chrome. And it's far better to rely on that than to use nothing at all.

To read this article in full, please click here

Mobile security forces difficult questions
Thu, 28 May 2020 05:54:00 -0700

As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. (By the way, just this week, Apple rolled out its latest iOS update, which included two COVID-19 updates, according to Apple: "iOS 13.5 speeds up access to the passcode field on devices with Face ID when you are wearing a face mask and introduces the Exposure Notification API to support COVID-19 contact tracing apps from public health authorities.")

Today, IT has to deal with pretty much one of two mobile scenarios: BYOD. where the employee uses the employee's personally owned device to perform enterprise business; and company-owned phones, which is the opposite: A company-owned phone where the employee, even if told not to, will use the phone for personal matters as well as business.

To read this article in full, please click here

Apple rejects flawed claims about its contact tracing tech
Wed, 27 May 2020 06:31:00 -0700

Even as we consider revelations Facebook shelved internal research suggesting its algorithms generate divisiveness, Apple has been forced to reject damaging claims against its contact tracing tech currently spreading on Facebook.

Exposure Notification is not spying on you

Numerous hysterical myths concerning the Apple/Google contact tracing technology are being circulated on Facebook. A series of posts claim the Exposure Notification feature inside iOS 13.5 will allow authorities to track people’s locations and monitor who they meet – which is precisely what it tries not to do.

To read this article in full, please click here

Getting started with Google Password Manager
Fri, 29 May 2020 03:00:00 -0700

If you're still trying to remember all of your passwords and then type 'em into sites by hand, let me tell you: You're doing it wrong.

With all the credentials we have to keep track of these days, there's just no way the human brain can handle the task of storing the specifics — at least, not if you're using complex, unique passwords that aren't repeated (or almost repeated, even) from one site to the next. That's where a password manager comes into play: It securely stores all your sign-in info for you and then fills it in as needed.

While there's a case to be made for leaning on a dedicated app for that purpose (for reasons we'll discuss further in a moment), Google has its own password management system built right into Chrome. And it's far better to rely on that than to use nothing at all.

To read this article in full, please click here

Mobile security forces difficult questions
Thu, 28 May 2020 05:54:00 -0700

As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. (By the way, just this week, Apple rolled out its latest iOS update, which included two COVID-19 updates, according to Apple: "iOS 13.5 speeds up access to the passcode field on devices with Face ID when you are wearing a face mask and introduces the Exposure Notification API to support COVID-19 contact tracing apps from public health authorities.")

Today, IT has to deal with pretty much one of two mobile scenarios: BYOD. where the employee uses the employee's personally owned device to perform enterprise business; and company-owned phones, which is the opposite: A company-owned phone where the employee, even if told not to, will use the phone for personal matters as well as business.

To read this article in full, please click here

Apple rejects flawed claims about its contact tracing tech
Wed, 27 May 2020 06:31:00 -0700

Even as we consider revelations Facebook shelved internal research suggesting its algorithms generate divisiveness, Apple has been forced to reject damaging claims against its contact tracing tech currently spreading on Facebook.

Exposure Notification is not spying on you

Numerous hysterical myths concerning the Apple/Google contact tracing technology are being circulated on Facebook. A series of posts claim the Exposure Notification feature inside iOS 13.5 will allow authorities to track people’s locations and monitor who they meet – which is precisely what it tries not to do.

To read this article in full, please click here

Use of cloud collaboration tools surges and so do attacks
Tue, 26 May 2020 21:01:00 -0700
Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.
Amid the pandemic, using trust to fight shadow IT
Wed, 20 May 2020 03:00:00 -0700

Shadow IT, where workers sometimes go rogue in their efforts to solve business problems, can create challenges – and opportunities – for companies in the best of times. With the COVID-19 pandemic still unfolding, these are not the best of times. With most employees and executives still working from home, the big issue for administrators and IT pros still centers on how to make things work in today’s trying circumstances.

Every major platform has controls IT can use, some of them as blunt as a hammer and others that offer surgical precision. At either end of that spectrum lie two common questions: How restrictive does IT need to be and is there a way to fully communicate areas of risk while making business more secure.

To read this article in full, please click here

A 'business-as-usual' Patch Tuesday update for Windows desktops
Thu, 14 May 2020 14:23:00 -0700

It really is saying a lot when Microsoft releases more than 100 updates each month and this is now considered “business as usual." Speaking of the “new normal,” Microsoft has changed the release cadence of its optional updates (generally released later each month).

In a statement about the new update regularity, the company said: "We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

To read this article in full, please click here

10 tips for a secure browsing experience
Tue, 12 May 2020 12:59:00 -0700
Your browser is one of the easiest ways for malware to penetrate your network. Here are 10 ways to practice safe surfing in Google Chrome, Microsoft Edge and Mozilla Firefox.
The Internet of Things in 2020: More vital than ever
Mon, 11 May 2020 03:00:00 -0700
Just when we needed it most, the internet of things is delivering gobs of data and remote device control across almost every industry, from healthcare to agriculture.
Zoom to add end-to-end encryption with Keybase acquisition
Fri, 08 May 2020 05:24:00 -0700

Zoom has acquired secure messaging and identity management firm Keybase as its looks to shore up security capabilities on its platform with end-to-end encryption.

The acquisition will give Zoom access to Keybase’s encryption technology, used to secure online identities, as well as its team of engineers. Launched in 2014, Keybase lets users encrypt social media messages and shared files with public key encryption to ensure that communications stay private. 

Keybase’s cofounder Max Krohn will now head up Zoom’s security team, Zoom said. Krohn’s new role was first detailed by CNBC.

To read this article in full, please click here

5 lessons companies should learn about working at home
Thu, 07 May 2020 11:56:00 -0700
Companies now have the opportunity to learn from what is and isn’t working during the coronavirus crisis. Use this time to build out a strategy so you won’t have to use band aids and duct tape next time.
5 keys to supporting telework effectively and securely
Fri, 01 May 2020 13:01:00 -0700
Suddenly countless numbers of people are working from home. This massive shift in work processes can have huge repercussions from a security, privacy, regulatory and data governance standpoint.
Google extends G Suite identity and security device management to Windows 10 PCs
Wed, 29 Apr 2020 15:38:00 -0700

Google this week extended G Suite's device management tools to Windows 10 PCs, adding them to the Android, iOS and Chrome endpoints already on the list.

Administrators can now use the G Suite console to secure G Suite accounts on Windows 10 systems using Google's anti-hijacking and suspicious-login-detection technologies, and set those machines for single-sign on (SSO) so that G Suite account credentials double as Windows 10 log-in authentication.

The roll-out of the new console capabilities started April 27, with the rapid release and scheduled release tracks (the latter is the default) beginning simultaneously rather than staged, as usual.

To read this article in full, please click here

Many reported problems with this month’s Win10 Cumulative Update, but few patterns
Fri, 24 Apr 2020 08:45:00 -0700

The blogosphere is awash in reports of problems with this month’s Win10 1903/1909 Cumulative Update, with more than 100 reported bug sightings. What's causing the problems?

The trick every month is to sift through all of the problem reports and see if there are any common strings – whether folks running this piece of hardware or that kind of software should be especially cautious. 

I’ve been looking at the reports and I’ll be hanged if I can see any pattern, aside from the usual cacophony of random error messages and broken systems. Can you see any common threads?

To read this article in full, please click here

Vivaldi joins anti-tracking browser brotherhood
Thu, 23 Apr 2020 03:00:00 -0700

Niche browser maker Vivaldi Technologies this week released version 3.0 of its eponymous application, which included integrated ad- and tracker-blockers.

Both tools were disabled by default in the new version, which was released Wednesday. "We believe that many users would not wish to prevent the sites they like to visit from generating revenue, and for that reason, we don't enable Ad blocker by default," wrote Jon von Tetzchner, co-founder and CEO of Vivaldi, in a post to a company blog.

To read this article in full, please click here

Zoom unveils a host of new privacy, security features
Wed, 22 Apr 2020 08:27:00 -0700

Looking to bounce back from a spate of recent security missteps, video conferencing platform Zoom today announced a variety of new privacy and security capabilities in Zoom 5.0, a key milestone in the company’s recently launched 90-day security plan.

The primary difference between the current version of Zoom software and Zoom 5.0 is the addition of support for AES 256-bit GCM encryption; it’s designed to provide increased protection for meeting data and resistance to tampering. The new level of encryption will be available across Zoom Meeting, Zoom Video Webinar, and Zoom Phone.

To read this article in full, please click here

8 video chat apps compared: Which is best for security?
Tue, 21 Apr 2020 00:00:00 -0700
Zoom, Microsoft Teams, Google Duo, Cisco Webex, FaceTime, Jitsi, Signal and WhatsApp. What does their encryption look like? What are the trade-offs?(Insider Story)

rssfeedwidget.com