Not all patching problems are created equal

Credit to Author: Susan Bradley| Date: Mon, 16 May 2022 09:00:00 -0700

It’s the third week of the month — the week we find out whether Microsoft acknowledges any side effects it’s investigating as part of the monthly patch-release process.

First, a bit of background. Microsoft has released patches for years. But they haven’t always been released on a schedule. In the early days, Microsoft would release updates any day of the week. Then in October 2003, Microsoft formalized the release of normal security updates on the second Tuesday of the month. Thus was born Patch Tuesday. (Note: depending on where you are in the world, Patch Tuesday may be a Patch Wednesday.) The following day, or in some cases, over the next week, users and admins report issues with updates — and Microsoft finally acknowledges that, yes, there are issues.

To read this article in full, please click here

Read more

May's Patch Tuesday updates make urgent patching a must

Credit to Author: Greg Lambert| Date: Sat, 14 May 2022 05:51:00 -0700

This past week’s Patch Tuesday started with 73 updates, but ended up (so far) with three revisions and a late addition (CVE-2022-30138) for a total of 77 vulnerabilities addressed this month. Compared with the broad set of updates released in April, we see a greater urgency in patching Windows — especially wiith three zero-days and several very serious flaws in key server and authentication areas. Exchange will require attention, too, due to new server update technology.

To read this article in full, please click here

Read more

Europe puts Apple’s CSAM plans back in the spotlight

Credit to Author: Jonny Evans| Date: Thu, 12 May 2022 08:38:00 -0700

Apple may have put some of its plans to scan devices for CSAM material on hold, but the European Commission has put them right back in the spotlight with a move to force messaging services to begin monitoring for such material.

CSAM is emerging as a privacy test

In terms of child protection, it’s a good thing. Child Sexual Abuse Material (CSAM) is a far bigger problem than many people realize; victims of this appalling trade end up with shattered lives.

To read this article in full, please click here

Read more

DEA Investigating Breach of Law Enforcement Data Portal

Credit to Author: BrianKrebs| Date: Thu, 12 May 2022 11:00:30 +0000

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Read more

Microsoft Patch Tuesday, May 2022 Edition

Credit to Author: BrianKrebs| Date: Wed, 11 May 2022 02:34:59 +0000

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.

Read more

Just what does Windows 11 bring to the table?

Credit to Author: Susan Bradley| Date: Mon, 09 May 2022 07:43:00 -0700

The other day, my Dad — my bellwether for technology — mentioned in passing that he’d read online that Windows 11 shouldn’t be used and that the operating system wasn’t being adopted.

Dad had a point. He’s more of an Apple user now — I have him on my phone plan to support his tech needs, he uses an iPhone and has an iPad. As his needs have changed, his reliance on Windows devices has decreased. In fact, his current Windows needs involve applications not on the Apple platform. (And because he’s a standalone user, not a domain user, many of the advances in Windows 11 having to do with authentication won’t be available to him.)

To read this article in full, please click here

Read more

Your Phone May Soon Replace Many of Your Passwords

Credit to Author: BrianKrebs| Date: Sat, 07 May 2022 13:31:17 +0000

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Read more

Google responds to EU data rulings with new Workspace controls

Credit to Author: Charlotte Trueman| Date: Wed, 04 May 2022 04:22:00 -0700

Google Cloud has announced a new set of Sovereign Controls for users of its Workspace productivity software, aimed at allowing organizations in both the public and private sector to better control, limit, and monitor data transfers to and from the European Union.

The changes look to have come in response to a range of recent European Union efforts to better protect the personal data of members when using cloud services, following the collapse of Privacy Shield.

To read this article in full, please click here

Read more