Apple publishes in-depth M1, Mac, and iOS security guide

Credit to Author: Jonny Evans| Date: Thu, 18 Feb 2021 13:00:00 -0800

Apple has published its annual Apple Platform Security Guide, which includes updated details concerning the security of all its platforms, including the new M1 and A14 chips inside Apple Silicon Macs and current iPhones, respectively.

The first look inside M1 Mac security

The extensive 196-page report explains how Apple continues to develop its core security models along the premise of mutually distrusting security domains. The idea here is that each element in the security chain is independent, gathers little user information, and is built with a zero-trust model that helps boost security resilience.

To read this article in full, please click here

Read more

U.S. Indicts North Korean Hackers in Theft of $200 Million

Credit to Author: BrianKrebs| Date: Wed, 17 Feb 2021 21:12:56 +0000

The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide.

Read more

Bluetooth Overlay Skimmer That Blocks Chip

Credit to Author: BrianKrebs| Date: Mon, 15 Feb 2021 22:34:22 +0000

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States that recently found bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.

Read more

For February, a 'bumpy' Patch Tuesday ride

Credit to Author: Susan Bradley| Date: Mon, 15 Feb 2021 04:31:00 -0800

One week out from Patch Tuesday and it’s been a bumpy release for the month, especially for older versions of Windows 10 and Server 2016. (Less affected: the consumer versions of Windows 10 2004 and 20H2.)

Windows Server 2016/1607 suffered the worst of the issues: the original version of the Servicing Stack update KB4601392 caused patching to get “stuck.” Server patchers had to jump through a ton of hoops to get the monthly security update installed. Microsoft pulled the bad update and replaced it with KB5001078. If you were unlucky and installed KB4601392 before it was pulled, Microsoft has this  guidance to manually reset Windows updates components.

To read this article in full, please click here

Read more

What's not to love with this month’s Patch Tuesday?

Credit to Author: Greg Lambert| Date: Fri, 12 Feb 2021 09:23:00 -0800

With only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you’d be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numbers for updates and patches, four vulnerabilities have been publicly disclosed and we are seeing a growing number of reports of exploits in the wild.

In short: this is a big, important update that will require immediate attention and a rapid response to testing and deployment.

For example, Microsoft has just released an out-of-band update to fix a Wi-Fi issue that is leading to Blue Screens of Death (BSODs). Somebody is going to run into trouble unless this gets fixed fast. We have included a helpful infographic that this month looks a little lopsided (again), as all of the attention should be on the Windows components

To read this article in full, please click here

Read more

Can Apple Watch boost your endpoint security?

Credit to Author: Jonny Evans| Date: Fri, 12 Feb 2021 08:14:00 -0800

Enterprises seeking tools with which to improve endpoint security for the new remote working business environment may want to spend a little time considering the Apple Watch.

Access all areas

My argument is simple: Apple’s growing place in the enterprise means its complementary ecosystems can help support your business. As deal follows deal, the number of iPhones in use across the sector is growing fast, which means millions of workers already have access to the watch.

To read this article in full, please click here

Read more

Apple wants Safari in iOS to be your private browser

Credit to Author: Jonny Evans| Date: Thu, 11 Feb 2021 08:14:00 -0800

Apple seems focused on building Safari to become the world’s leading privacy-focused web browser, continuing development of under-the-hood enhancements to protect private lives.

Better privacy by proxy

Beginning with (currently in beta) iOS 14.5, Apple is improving privacy by changing how Safari accesses Google’s Safe Browsing service. The latter warns users when they visit a fraudulent website. (Apple uses the service to drive the “Fraudulent Website Warning” in Settings>Safari on iOS or iPadOS devices.)

The Safe Browsing service works by identifying potentially compromised sites from Google’s web index. If it suspects a site is compromised, virtual machines are despatched to see whether the site attempts to compromise them.

To read this article in full, please click here

Read more

What’s most interesting about the Florida water system hack? That we heard about it at all.

Credit to Author: BrianKrebs| Date: Wed, 10 Feb 2021 22:13:45 +0000

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all.

Read more