Most bugs in Microsoft's June patches have been fixed; go ahead and patch

Credit to Author: Woody Leonhard| Date: Wed, 08 Jul 2020 07:48:00 -0700

The most obvious problem with June patches was a conflict between Microsoft’s latest version of Windows and Microsoft’s latest version of Office (er, Microsoft 365) Click-to-Run: If you installed patches as soon as they came out, Outlook wouldn’t run. That bug got cleared up when Microsoft fixed Office a week later, even though Windows was to blame.

We also saw a bunch of belated patches for printers that didn’t work after installing the June Windows updates.

To read this article in full, please click here

Read more

E-Verify’s “SSN Lock” is Nothing of the Sort

Credit to Author: BrianKrebs| Date: Sat, 04 Jul 2020 22:24:14 +0000

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online. A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security’s myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.

Read more

13 privacy improvements Apple announced at WWDC

Credit to Author: Jonny Evans| Date: Thu, 02 Jul 2020 07:29:00 -0700

Apple continues to focus on the challenge of providing technology-driven convenience while protecting customer privacy in its upcoming operating system releases. Here are all the privacy-related improvements to expect in iOS 14, macOS 11 and iPad.

Why privacy matters

Fundamentally, the challenge with mobile technologies is the sheer quantity of personal data that can be collected and used against people.

A smartphone, for example, knows when it is picked up, how often, how high, who by, who it is in contact with, which websites you visit and much, much more.

To read this article in full, please click here

Read more

Microsoft Patch Alert: June 2020

Credit to Author: Woody Leonhard| Date: Thu, 02 Jul 2020 06:11:00 -0700

There’s never a dull moment for folks who try to keep Windows and Office patched.

Windows 10 version 2004 continues to make slow inroads among the “Go ahead and kick me” crowd, in spite of its (now documented) lack of update deferral settings, while those of us who are still trying to keep Win10 versions 2009, 2003 and 1809 afloat have our hands full.

June saw two truly innovative patching methods: A fix for a Windows bug delivered as an update to Office Click-to-Run and a fix for a different Windows bug delivered through the Microsoft Store.

If you can’t fix things the normal way, I guess there’s always the back door.

The two printer bugs

All of the Win10 cumulative updates in June broke some printers, some of the time. The damage fell into two heaps:

To read this article in full, please click here

Read more

Ransomware Gangs Don’t Need PR Help

Credit to Author: BrianKrebs| Date: Thu, 02 Jul 2020 01:10:45 +0000

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism.

Read more

COVID-19 ‘Breach Bubble’ Waiting to Pop?

Credit to Author: BrianKrebs| Date: Tue, 30 Jun 2020 15:00:48 +0000

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.

Read more