Slack beefs up mobile security controls for Enterprise Grid

Credit to Author: Matthew Finnegan| Date: Tue, 06 Aug 2019 08:00:00 -0700

Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack’s biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here

Read more

Train to become an ethical hacker for only $39

Credit to Author: DealPost Team| Date: Tue, 06 Aug 2019 07:05:00 -0700

There are countless hackers and threats looming on the internet, so IT departments are in high demand for cybersecurity professionals to pinpoint threats before they strike. Luckily, there’s no better way to fight fire than with fire; ethical hackers study hacking techniques so that IT infrastructures will be better prepared for attacks. If you’re interested in becoming a hacker (legally, of course), then this $39 bundle is right for you.

To read this article in full, please click here

Read more

Apple suspends Siri snooping (and promises more control for the rest of us)

Credit to Author: Jonny Evans| Date: Fri, 02 Aug 2019 04:27:00 -0700

Read more

The latest large-scale data breach: Capital One | TECH(feed)

Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

Read more

Microsoft Patch Alert: Welcome to the Upside Down

Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here

Read more

Apple’s shock Siri surveillance demands a swift response

Credit to Author: Jonny Evans| Date: Mon, 29 Jul 2019 07:51:00 -0700

News that Siri records snippets of our conversations with the voice assistant isn’t new, but claims that those short recordings are listened to by human agents is– particularly in light of the company’s big push on privacy.

These are bad optics

I’m a passionate believer in the importance of privacy.

It isn’t only important in terms of preserving hard-won liberties and protecting public discourse, it’s also of growing importance across every part of human existence, for every school, medical facility or enterprise. History shows that the absence of privacy has a corrosive effect on society, turning family members against each other and dampening innovation.

To read this article in full, please click here

Read more

Mozilla blames 'interlocking complex systems' and confusion for Firefox's May add-on outage

Credit to Author: Gregg Keizer| Date: Fri, 26 Jul 2019 03:00:00 -0700

Mozilla has issued multiple after-action reports analyzing the major mix-up in May that crippled most Firefox add-ons. The reports also made recommendations for preventing similar incidents in the future.

The fiasco started just after 8 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted – that they were potentially malicious – and disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here

Read more

Researchers to launch intentionally ‘vulnerable’ blockchain at Black Hat

Credit to Author: Lucas Mearian| Date: Thu, 25 Jul 2019 14:06:00 -0700

Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm  Kudelski Security next week plans to launch the industry’s first “purposefully vulnerable” blockchain – and will demo it at next month’s Black Hat conference.

Kudelski Security’s FumbleChain project is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.

The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it’s modular – allowing users to hack and add new challenges to promote continuous learning.

To read this article in full, please click here

Read more