Independent – Page 132 – Computer Security Articles

Credit to Author: Woody Leonhard| Date: Thu, 11 Jul 2019 03:16:00 -0700

Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes – and we frankly don’t know what else – rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing “security-only” patches, not cumulative; these were meant to address just the security holes.

To read this article in full, please click here

Independent Krebs

July 9, 2019 admin

Patch Tuesday Lowdown, July 2019 Edition

Credit to Author: BrianKrebs| Date: Tue, 09 Jul 2019 22:32:11 +0000

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.

ComputerWorld Independent

July 9, 2019 admin

Microsoft delivers Defender ATP security service to Macs

Credit to Author: Gregg Keizer| Date: Tue, 09 Jul 2019 11:42:00 -0700

Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.

Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls “general availability” on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest – “Threat & Vulnerability Management,” which made it to general availability a week ago – now serve Macs.

To read this article in full, please click here

ComputerWorld Independent

July 9, 2019 admin

How Apple is improving iCloud this year

Credit to Author: Jonny Evans| Date: Tue, 09 Jul 2019 07:06:00 -0700

Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what’s going on?

What we know so far

Apple at WWDC made several announcements that will be reliant on iCloud – these include obvious things like new services and support for new functions, and less evident topics around sync, data and AI.

Most recently, the company began beta-testing Touch ID and Face ID access to iCloud.com online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone) you can access your online iCloud services with the touch of a finger or a quick eye scan.

This may also be Apple’s way of testing the privacy-protecting Sign-in with Apple service it intends launching later this year.

To read this article in full, please click here

Independent Krebs

July 8, 2019 admin

Who’s Behind the GandCrab Ransomware?

Credit to Author: BrianKrebs| Date: Mon, 08 Jul 2019 17:27:42 +0000

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

ComputerWorld Independent

July 8, 2019 admin

The top 8 problems with blockchain

Credit to Author: Lucas Mearian| Date: Mon, 08 Jul 2019 03:00:00 -0700

While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it’s often erroneously seen as a panacea for business problems.

The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don’t always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.

To read this article in full, please click here

(Insider Story)

ComputerWorld Independent

July 4, 2019 admin

Throwback Thursday: Spoilsport

Credit to Author: Sharky| Date: Thu, 04 Jul 2019 03:00:00 -0700

This IT security pilot fish knows something about audits — and knows what he expects of auditors.

“I have more than 15 years of audit experience in IT,” fish says. “I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards.”

Then the internal audit director decides to perform an audit of fish’s group — and sends a young auditor who thinks he knows everything IT.

After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.

To read this article in full, please click here

ComputerWorld Independent

July 1, 2019 admin

Message to IT: Trusting Apple and Google for mobile app security is career suicide

Credit to Author: Evan Schuman| Date: Mon, 01 Jul 2019 05:47:00 -0700

Ready for the mobile security news that IT doesn’t want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We’ll plunge into the details momentarily, but here’s the upshot: “High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications” and “most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code.”

To read this article in full, please click here