Will new EU crypto rules change how ransomware is played?

Credit to Author: Evan Schuman| Date: Wed, 20 Jul 2022 05:55:00 -0700

Cryptocurrency has always been the payment method of choice for bad guys. Get hit with an enterprise ransomware attack and plan to pay? You’ll need crypto. The key reason cyberthieves love cryptocurrency so much is that it is far harder to trace payments. 

That is why a move being attempted by the European Union has so much potential. The EU — in a move that will likely be mimicked by many other regional regulatory forces, including in the United States — is putting in place tracking requirements for all cryptocurrency. 

If it is successful, and the EU has an excellent track record on precisely these kinds of changes, cryptocurrency may quickly fade as the thief’s payment of choice.

To read this article in full, please click here

Read more

How to stay smart about Android app permissions

Credit to Author: JR Raphael| Date: Wed, 20 Jul 2022 03:00:00 -0700

Read more

With a light July Patch Tuesday, it's time to invest in your IT processes

Credit to Author: Greg Lambert| Date: Fri, 15 Jul 2022 12:04:00 -0700

Though we get a reprieve from Exchange updates in this month’s Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft’s new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)

Though the numbers are still quite high (with 86+ reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.

To read this article in full, please click here

Read more

Drop, crack, d'oh! My broken Android phone epiphany

Credit to Author: JR Raphael| Date: Wed, 13 Jul 2022 03:00:00 -0700

Man, I had one hell of a streak.

All these years — approximately 7,967 since I first started using and writing about Android — and somehow, rather miraculously, I’d never outright broken a phone.

Impressive, I know. But don’t let yourself get wrapped in awe yet, my fellow drop-dreading denizen: My streak of impeccable Android phone protection has officially come to a crashing halt.

Now, I didn’t technically drop my phone, mind you. And I didn’t technically break it myself, either. But it was definitely broken. And it happened on my watch.

To read this article in full, please click here

Read more

Now’s the time to prep for Microsoft’s Excel macro crackdown

Credit to Author: Susan Bradley| Date: Mon, 11 Jul 2022 08:56:00 -0700

On July 8, Microsoft pulled back from its decision in February to block macros in Excel documents by default. Microsoft had said it would block Excel files that contained macros if they were downloaded from the internet. (Malicious actors use these lures as a way to launch attacks on networks; specifically, ransomware and other types of malicious activity can launched from a plain, old malicious spreadsheet.)

Microsoft still plans to put this blocking in place, but only after “a better experience.” In the meantime, there are actions you can take now so you won’t need to worry about the change in the future.

If you work for a firm that’s developed spreadsheets for your own internal office use, chances are the spreadsheet does not have a digital signature. Signing machos is similar to how websites use SSL certificates to validate the site is legit. The hardest part of the self-signing process is deciding whether you want to purchase a code-signing certificate or use the self-signed certificate process. (I can tell you from personal experience that trying to purchase a code-signing certificate is an expensive and cumbersome process. I don’t recommend that option, except for large enterprises where the code-signing process is routine.)

To read this article in full, please click here

Read more

Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry

Credit to Author: Jonny Evans| Date: Thu, 07 Jul 2022 06:17:00 -0700

Apple has struck a big blow against the mercenary “surveillance-as-a-service” industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.

Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”

To read this article in full, please click here

Read more

Microsoft backs off facial recognition analysis, but big questions remain

Credit to Author: Evan Schuman| Date: Thu, 07 Jul 2022 03:00:00 -0700

Microsoft is backing away from its public support for some AI-driven features, including facial recognition, and acknowledging the discrimination and accuracy issues these offerings create. But the company had years to fix the problems and didn’t. That’s akin to a car manufacturer recalling a vehicle rather than fixing it.

Despite concerns that facial recognition technology can be discriminatory, the real issue is that results are inaccurate. (The discriminatory argument plays a role, though, due to the assumptions Microsoft developers made when crafting these apps.)

Let’s start with what Microsoft did and said. Sarah Bird, the principal group product manager for Microsoft’s Azure AI, summed up the pullback last month in a Microsoft blog

To read this article in full, please click here

Read more

European Parliament approves sweeping big tech antitrust laws

Credit to Author: Charlotte Trueman| Date: Wed, 06 Jul 2022 06:28:00 -0700

Read more