Details of how the feds broke into iPhones should shake up enterprise IT

Credit to Author: Evan Schuman| Date: Mon, 19 Apr 2021 03:18:00 -0700

Apple has an awkward history with security researchers: it wants to tout that its security is excellent, which means trying to silence those who aim to prove otherwise. But those attempts to fight security researchers who sell their information to anyone other than Apple undercuts the company’s security message.

A recent piece in The Washington Post spilled the details behind Apple’s legendary fight with the U.S. government in 2016, when the Justice Department pushed Apple to create a security backdoor related to the iPhone used by a terrorist in the San Bernardino shooting. Apple refused; the government pursued it in court. Then when the government found a security researcher who offered a way to bypass Apple security, the government abandoned its legal fight. The exploit worked and, anticlimactically, nothing of value to the government was found on the device.

To read this article in full, please click here

Read more

The Patch Tuesday focus for April: Windows and Exchange (again)

Credit to Author: Greg Lambert| Date: Fri, 16 Apr 2021 10:57:00 -0700

On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest “Patch Now” rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here

Read more

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Credit to Author: BrianKrebs| Date: Fri, 16 Apr 2021 12:57:19 +0000

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.

Read more

Appogee becomes one-stop shop for enterprise iOS deployment

Credit to Author: Jonny Evans| Date: Fri, 16 Apr 2021 07:21:00 -0700

The Apple-focused enterprise services market continues to evolve. Case in point: Apple-only value-added-reseller Appogee is now offering a fully-managed iOS hardware deployment thanks to an arrangement with TRUCE Software.

A one-stop enterprise mobile shop

At its simplest, this means enterprises choosing to deploy iOS devices across their business can approach Appogee to purchase, deploy, and create contextually-aware management tools for these new fleets. The system integrates tools from both TRUCE and Jamf and means businesses can accelerate their mobile strategy, and do so while ensuring their own policies can be enforced on a device and user basis.

To read this article in full, please click here

Read more

2 big questions to ask about Google and privacy

Credit to Author: JR Raphael| Date: Thu, 15 Apr 2021 04:00:00 -0700

I don’t know if you’ve noticed, but it’s become a teensy bit trendy to trash Google and its position on privacy these days.

This wiggly ol’ web of ours has always spent a fair amount of energy focusing on how Google uses personal data, of course — and that’s a good thing. We absolutely should be aware of how companies do and don’t tap into our information.

Lately, though, the conversation has turned especially heated, with a growing chorus of virtual voices suggesting it’s time to ditch this-or-that Google service because of how it handles privacy and (insert spooky horror music and/or Sting ballad here) watches every move you make.

To read this article in full, please click here

Read more

Microsoft Patch Tuesday, April 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 13 Apr 2021 23:12:19 +0000

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

Read more

Apple and Google reject UK COVID-19 app

Credit to Author: Jonny Evans| Date: Tue, 13 Apr 2021 08:59:00 -0700

Apple and Google have been forced to reject the UK’s latest COVID-19 Test and Trace app update because it failed to follow privacy rules the nation had already agreed to follow in order to use the frameworks the tech firms provide.

Keeping deals

In line with World Health Organization (WHO) advice to test widely and act fast in the event of COVID-19 outbreaks, Apple and Google moved quickly at the beginning of the pandemic to develop a private-by-design Exposure Notifications system the world’s health authorities could use to build digital track-and-trace systems.

To read this article in full, please click here

Read more

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Credit to Author: BrianKrebs| Date: Mon, 12 Apr 2021 22:18:59 +0000

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Read more