A pre-Thanksgiving all-clear to install patches

Credit to Author: Susan Bradley| Date: Mon, 23 Nov 2020 10:43:00 -0800

In the U.S., we’re quickly coming up to the start of holiday season, meaning it’s time for, well, time off. I typically add technology maintenance jobs to the monthly mix of patching and maintaining servers and workstations. This month, I’m also taking time to better understand the impact of one specific security bulletin — I honestly can’t figure out exactly what I’m supposed to do to keep my network secure. 

The good news: for most readers, none of these concerns apply to you. I’m ready to give the all-clear to go ahead and install Microsoft’s November updates on laptops, desktops and workstations — especially if you are running the Windows 10 1909 feature release. That said, do your Thanksgiving Zoom get-together first and then install any updates. I’d hate to have you see nothing but the spinning wheel of Windows updates instead of your family and friends.

To read this article in full, please click here

Read more

How to stay as private as possible on the Mac

Credit to Author: Jonny Evans| Date: Mon, 23 Nov 2020 09:29:00 -0800

Apple believes in your right to privacy. Here is some advice on how to use the privacy tools it provides on your Mac. We have a guide for iPhones and iPads here.

Use a strong passcode

To secure your Mac, all your data, and your privacy it is essential to create a strong alphanumeric login password.

The temptation to use something short or easy to remember is completely understandable, but if your Mac goes missing your life is on show, so visit Security & Privacy>General and tap Change Password to pick something more challenging.

To read this article in full, please click here

Read more

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Credit to Author: BrianKrebs| Date: Sat, 21 Nov 2020 18:15:49 +0000

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned.

Read more

Convicted SIM Swapper Gets 3 Years in Jail

Credit to Author: BrianKrebs| Date: Fri, 20 Nov 2020 15:05:15 +0000

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping, a […]

Read more

Deciphering (and understanding) Microsoft’s patch management options

Credit to Author: Susan Bradley| Date: Thu, 19 Nov 2020 08:06:00 -0800

If you asked a normal user what they dislike most about Windows 10, the answer would likely be related to patching, rebooting and the generally confusing update process. Entire web sites have sections devoted to explaining the updating process and how to manage it — and I’ve written my fair share about the topic. 

In addition to writing about Microsoft patches here (and about Windows security for CSO), I’m also a moderator on the Patchmanagement.org listserve. We have many people who rely on various patching tools to deploy updates and maintain workstations.  There are a number of options, so it’s important to understand how they work (and how they vary) so you can get the most out of them.

To read this article in full, please click here

Read more

Trump Fires Security Chief Christopher Krebs

Credit to Author: BrianKrebs| Date: Wed, 18 Nov 2020 16:02:32 +0000

President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud.

Read more

Be Very Sparing in Allowing Site Notifications

Credit to Author: BrianKrebs| Date: Tue, 17 Nov 2020 14:13:29 +0000

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Read more

Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes

Credit to Author: Gregg Keizer| Date: Mon, 16 Nov 2020 06:45:00 -0800

A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

“It’s time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms,” asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. “These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today.”

To read this article in full, please click here

Read more