The surveillance-as-a-service industry needs to be brought to heel

Credit to Author: Jonny Evans| Date: Fri, 24 Jun 2022 09:40:00 -0700

Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there’s justification for keeping mobile platforms utterly locked down.

What has happened?

I don’t intend to focus too much on the news, but in brief it is as follows:

  • Google’s Threat Analysis Group has published information revealing the hack.
  • Italian surveillance firm RCS Labs created the attack.
  • The attack has been used in Italy and Kazakhstan, and possibly elsewhere.
  • Some generations of the attack are wielded with help from ISPs.
  • On iOS, attackers abused Apple’s enterprise certification tools that enable in-house app deployment.
  • Around nine different attacks were used.

The attack works like this: The target is sent a unique link that aims to trick them into downloading and installing a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to trick targets into downloading the app to recover that connection.

To read this article in full, please click here

Read more

Trouble with Windows? You have support options

Credit to Author: Susan Bradley| Date: Tue, 21 Jun 2022 05:15:00 -0700

So, you finally got around to installing a Windows update from Microsoft, and there’s a problem. Where do you go for support and assistance?

Short answer: it depends.

If you are an Enterprise customer and have an issue with your work computer — whether in the office or remote — there should be a designated IT administrator or help desk for you. You either call the help desk or open a trouble ticket and someone gets back to you. Often, they have tools to remotely connect to your computer and see what’s going on.  If the issue is so serious your machine can’t be fixed, they’ll deploy a new computer or reimage your PC using tools such as Autopilot to deploy a fresh copy of Windows for you.

To read this article in full, please click here

Read more

Microsoft delivers solid Windows-focused updates for June's Patch Tuesday

Credit to Author: Greg Lambert| Date: Fri, 17 Jun 2022 12:09:00 -0700

June’s Patch Tuesday updates, released on June 14, address 55 vulnerabilities in Windows, SQL Server, Microsoft Office, and Visual Studio (though there are oo Microsoft Exchange Server or Adobe updates this month). And a zero-day vulnerability in a key Windows component, CVE-2022-30190, led to a “Patch Now” recommendation for Windows, while the .NET, Office and SQL Server updates can be included in a standard release schedule.

To read this article in full, please click here

Read more

Will COVID's legacy be a healthier workplace?

Credit to Author: Paul Gillin| Date: Fri, 17 Jun 2022 04:30:00 -0700

Read more

Jamf CIO: Apple will be the No. 1 enterprise endpoint by 2030

Credit to Author: Jonny Evans| Date: Thu, 16 Jun 2022 04:02:00 -0700

I spoke with Jamf CIO Linh Lam on a recent UK visit to mark the company’s 20th anniversary. The 2020 Bay Area CIO of the Year Finalist joined Jamf in 2021 – and thinks Apple will be the top enterprise endpoint by 2030 as its current momentum accelerates.

The changing landscape of enterprise IT

“The way the demand is growing and the expectations of younger generations joining the workforce, Apple devices will be the number one endpoint by 2030,” she told me.

To read this article in full, please click here

Read more

Before Patch Tuesday, a to-do list to avoid trouble

Credit to Author: Susan Bradley| Date: Mon, 13 Jun 2022 10:11:00 -0700

You could call today Patch-Tuesday Eve. It’s the day before Windows machines get offered updates from Microsoft. What should you be doing to prepare?

It depends on what kind of computer user you are.

If your files are stored in the cloud

You keep everything in the cloud, you use a Microsoft account, you don’t mind reinstalling your OS if need be. Your data is protected by a username and a password, and if you are savvy, your data is protected by two-factor authentication.  

Prior to Patch Tuesday, you might decide you don’t need to back up your computer system since you know if something happens to your computer, you can reinstall the operating system and merely reconnect to your various online storage services. You’ve double-checked that all cloud services you use have file versioning enabled, so if you need to roll back to a prior version of a file, you can do so.

To read this article in full, please click here

Read more

After a Windows update, what should you expect?

Credit to Author: Susan Bradley| Date: Mon, 06 Jun 2022 05:17:00 -0700

Let’s get this straight: It’s not normal for a Windows update to remove software. It’s designed to install the update, not change software already in place on your system. 

At least, updates are not supposed to remove software. Since March, however, if you run the RDgateway broker service on Server 2022 (and only that version), the monthly cumulative updates have removed that service. This behavior is not normal; this is a bug.

As Microsoft notes in the Microsoft 365 Admin dashboard: “We have received reports that after installing KB5005575 or later updates on Windows Server 2022 Standard Edition, Remote Desktop Services Connection Broker role and supporting services might be removed unexpectedly. We have expedited investigation and are working on a resolution. Note: Windows Server 2022 Datacenter edition and other versions of Windows Server are not affected by this issue.”

To read this article in full, please click here

Read more

Apple confirms the scale of App Store fraud

Credit to Author: Jonny Evans| Date: Thu, 02 Jun 2022 08:30:00 -0700

Apple says millions of fraudulent attempts are made against the App Store and its users each year. The company prevented $1.5 billion in fraudulent transactions in 2021, it said, in line with similar levels of fraud in 2020.

How people attempt to commit App Store fraud

The company explains how fraudsters attempt to commit fraud via the store.

To read this article in full, please click here

Read more