16 Wall Street firms fined $1.8B for using private text apps, lying about it

The US Securities and Exchange Commission (SEC) has fined big-name banks and brokerages a collective $1.8 billion over workers’ use of private texting apps to discuss work and for not always saving those messages. The fines include $1.1 billion assessed by the SEC and a $710 million fine from the Commodity Futures Trading Commission (CFTC).

The SEC investigation uncovered what the agency called “pervasive off-channel communications,” that were collected by the firms themselves from employee devices. The employees included senior and junior investment bankers and debt and equity traders.

To read this article in full, please click here

Read more

How Ukraine’s MacPaw got its business ready for war

Read more

Jamf touts big boost to enterprise security at JNUC

Jamf opened its annual JNUC event for Apple admins today with a slew of announcements focused on device management and security, a new Jamf Trust app, further information on its recently announced ZecOps deal and other updates likely to be of interest to Apple IT professionals.

The company also committed to supporting Microsoft Device Compliance on Macs later this year, with support for Google’s context-aware zero trust framework (BeyondCorp) on iOS devices in early 2023.

To read this article in full, please click here

Read more

Jamf buys ZecOps to bring high-end security to Apple enterprise

The Apple-in-the-enterprise story continues to unfold, this week with Jamf’s announced plans to acquire mobile threat detection and response company ZecOps.

Already consumer-simple, Jamf becomes government secure

Jamf will likely reveal more about the motivations behind the deal at its JNUC event for Apple admins, which begins tomorrow. The purchase is the latest move by the Apple-focused enterprise MDM provider to supplement device management with an increasingly effective set of tools to bolster device security.

To read this article in full, please click here

Read more

Windows 11 2022 Update is the version enterprises can move to

Microsoft today announced the rollout of the first major feature upgrade to Windows 11. Many of the changes are incremental and focus on user interface and productivity enhancements, but there are some useful additions — including a new password security feature.

Mostly, Windows 11 version 22H2, known as the Windows 11 2022 Update, is about polishing up the user experience introduced with Windows 11, while rounding out the feature set with some additional enterprise-targeted capabilities, according to Stephen Kleynhans, a vice president analyst at research firm Gartner.

To read this article in full, please click here

Read more

Critical zero-days make September's Patch Tuesday a 'Patch Now' release

With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities (CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month’s Patch Tuesday release gets a “Patch Now” priority. Key testing areas include printing, Microsoft Word, and in general application un-installations. (The Microsoft Office, .NET and browser updates can be added to your standard release schedules.)

To read this article in full, please click here

Read more

Sadly, IT can no longer trust geolocation for much of anything

Credit to Author: eschuman@thecontentfirm.com| Date: Fri, 16 Sep 2022 03:00:00 -0700

Geolocation was once a glorious way to know who your company is dealing with (and sometimes what they are doing). Then VPNs started to undermine that. And now, things have gotten so bad that the Apple App Store and Google Play both offer apps that unashamedly declare they can spoof locations — and neither mobile OS vendor does anything to stop it.

Why? It seems both Apple and Google created the holes these developers are using.

In a nutshell, Apple and Google — to test their apps across various geographies — needed to be able to trick the system into thinking that their developers are wherever they wanted to say that they are. What’s good for the mobile goose, as they say.

To read this article in full, please click here

Read more

When Windows updating goes bad — the case of the problematic patch

Credit to Author: Susan Bradley| Date: Tue, 06 Sep 2022 04:08:00 -0700

Every month, Windows users and administrators receive updates from Microsoft on Patch Tuesday (or Wednesday, depending on where you’re located). And each month, most users all apply the same updates. 

But should we?

Case in point: KB5012170, a patch released on Aug. 9 that either causes no issues — or triggers Bitlocker recover key requests or won’t install at all, demanding that you go find a firmware update. This patch, called the Security update for Secure Boot DBX, applies to nearly all supported Windows releases. Specifically, it affects Windows Server 2012; Windows 8.1 and Windows Server 2012 R2; Windows 10, version 1507; Windows 10, version 1607 and Windows Server 2016; Windows 10, version 1809 and Windows Server 2019; Windows 10, versions 20H2, 21H1, and 21H2; Windows Server 2022; Windows 11, version 21H2 (original release), and Azure Stack HCI, version 1809, all the way to Azure Stack Data Box, version 1809 (ASDB).

To read this article in full, please click here

Read more