A pre-Thanksgiving all-clear to install patches

Credit to Author: Susan Bradley| Date: Mon, 23 Nov 2020 10:43:00 -0800

In the U.S., we’re quickly coming up to the start of holiday season, meaning it’s time for, well, time off. I typically add technology maintenance jobs to the monthly mix of patching and maintaining servers and workstations. This month, I’m also taking time to better understand the impact of one specific security bulletin — I honestly can’t figure out exactly what I’m supposed to do to keep my network secure. 

The good news: for most readers, none of these concerns apply to you. I’m ready to give the all-clear to go ahead and install Microsoft’s November updates on laptops, desktops and workstations — especially if you are running the Windows 10 1909 feature release. That said, do your Thanksgiving Zoom get-together first and then install any updates. I’d hate to have you see nothing but the spinning wheel of Windows updates instead of your family and friends.

To read this article in full, please click here

Read more

How to stay as private as possible on the Mac

Credit to Author: Jonny Evans| Date: Mon, 23 Nov 2020 09:29:00 -0800

Apple believes in your right to privacy. Here is some advice on how to use the privacy tools it provides on your Mac. We have a guide for iPhones and iPads here.

Use a strong passcode

To secure your Mac, all your data, and your privacy it is essential to create a strong alphanumeric login password.

The temptation to use something short or easy to remember is completely understandable, but if your Mac goes missing your life is on show, so visit Security & Privacy>General and tap Change Password to pick something more challenging.

To read this article in full, please click here

Read more

Deciphering (and understanding) Microsoft’s patch management options

Credit to Author: Susan Bradley| Date: Thu, 19 Nov 2020 08:06:00 -0800

If you asked a normal user what they dislike most about Windows 10, the answer would likely be related to patching, rebooting and the generally confusing update process. Entire web sites have sections devoted to explaining the updating process and how to manage it — and I’ve written my fair share about the topic. 

In addition to writing about Microsoft patches here (and about Windows security for CSO), I’m also a moderator on the Patchmanagement.org listserve. We have many people who rely on various patching tools to deploy updates and maintain workstations.  There are a number of options, so it’s important to understand how they work (and how they vary) so you can get the most out of them.

To read this article in full, please click here

Read more

Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes

Credit to Author: Gregg Keizer| Date: Mon, 16 Nov 2020 06:45:00 -0800

A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

“It’s time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms,” asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. “These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today.”

To read this article in full, please click here

Read more

Browser updates are back for Update Tuesday; testing may be needed for Windows patches

Credit to Author: Greg Lambert| Date: Fri, 13 Nov 2020 04:43:00 -0800

Though we return to monthly browser updates after last month’s brief respite — none of this November’s browser security issues are worm-able, and we have not seen anything that would require a return to an urgent browser update cycle. The Windows platform gets the most attention this time, but no single issue requires immediate deployment — though some legacy systems may require full testing for graphically intensive applications that rely on older graphic/media conversion technology. And the Microsoft Office and associated development platforms receive some lower-rated patches, with recommendations for a standard roll-out regime. 

To read this article in full, please click here

Read more

The November Patch Tuesday aftermath

Credit to Author: Susan Bradley| Date: Thu, 12 Nov 2020 04:57:00 -0800

November’s updates held a few surprises. 

First, for those still running Office 2010 last month was supposed to be the drop-dead date for support.  No more security updates at all.  None.  Zilch.  Zippo.  

And yet, we week received updates for Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and for Word (KB4486740) — all of which patch for remote code executions.  (I remember when Office 2007 had its swan song, we received updates after its end-of-life notice as well.) My guess is that these updates were probably still in testing and had not yet been completed, hence the late release. So, if you are still running Office 2010, you get one more month’s worth of updates.  I don’t expect another set next month. But then again, I didn’t expect this month’s either.

To read this article in full, please click here

Read more

Online privacy: Best browsers, settings, and tips

Credit to Author: Galen Gruman| Date: Thu, 12 Nov 2020 03:00:00 -0800

“You have zero privacy anyway. Get over it,” Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he’s been proven largely correct.

Where mainstream mobile browsers differ in privacy settings

To read this article in full, please click here

(Insider Story)

Read more

11 Android settings that'll strengthen your security

Credit to Author: JR Raphael| Date: Tue, 10 Nov 2020 04:00:00 -0800

You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here

Read more