RSS Reader for Computer Security Articles
Host Steve Ragan reports from RSA 2018 conference, talking with Wendy Nather, director, advisory CISOs at Duo Security, about how organizations can build a zero trust model, including consistently authenticating users.
Credit to Author: Woody Leonhard| Date: Sat, 02 Jun 2018 19:34:00 -0700
At least the really bad bugs, introduced by “security” patches earlier this month, have been fixed. The problems that remain reside in the dregs — not likely to bite, but worth knowing about in case something suddenly goes bump in the night.
And if you’re using Win10 1803, you should definitely ask Microsoft for an increase in combat-duty pay.
Remember when Win7 was relatively stable? OK, OK; “stable” is a relative term that’s unlikely to apply to any version of Windows, but you know what I mean. Win7 and Server 2008 R2 have gone through months of problems with networking in general, and apoplectic network interface cards in particular.
Credit to Author: BrianKrebs| Date: Fri, 01 Jun 2018 14:29:00 +0000
Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who’ve been busy cataloging thousands of companies that are using public Google Groups lists to manage customer support and in some cases sensitive internal communications.
Read More
Credit to Author: BrianKrebs| Date: Fri, 01 Jun 2018 14:29:00 +0000
Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who’ve been busy cataloging thousands of companies that are using public Google Groups lists to manage customer support and in some cases sensitive internal communications.
Read More
Credit to Author: Jonny Evans| Date: Thu, 31 May 2018 06:48:00 -0700
Have you installed iOS 11.4? Once you’d looked at AirPlay 2and Messages in iCloud, did you happen to take a look at the contents of the security updates?
If you did you’ll have been disappointed.
Apple hasn’t disclosed details concerning the security content of the new software. It hasn’t revealed anything concerning USB Restricted Mode, which apparently makes it harder for people to hack into your device.
Credit to Author: Jonny Evans| Date: Wed, 30 May 2018 05:30:00 -0700
Along with key HomePod improvements, Apple also introduced Messages in iCloud with iOS 11.4. It’s a useful feature designed to store your Messages and attachments in iCloud, but enterprise users should think twice before enabling it.
I’m not saying iCloud is not secure – so long as you use a six-or more digit passcode or (better, but more awkward) an alphanumeric passcode, it’s highly secure. I’m reasonably confident a strong password, Apple’s own systems and its insistence you use two-factor authentication is enough for most of us.
Credit to Author: Woody Leonhard| Date: Wed, 30 May 2018 03:49:00 -0700
Once more we have a monthly Windows/Office patch scorecard that needs a guidebook. Or two. And we just got a handful of buried warnings about problems in old patches, plus a brand new way to fry your network interface card.
Thus continues the tradition of two cumulative updates per month for all of the supported Windows 10 versions – that’s eight cumulative updates in total – in addition to bobs and weaves and a very long list of acknowledged bugs introduced by recent security patches in Windows 7.
The strange behavior of the CredSSP update – where the Patch Tuesday fixes for all versions of Windows seemed to break Remote Desktop Protocol with a strange error message: “This could be due to CredSSP encryption oracle remediation” has been resolved.
Credit to Author: BrianKrebs| Date: Tue, 29 May 2018 16:33:34 +0000
For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known “carding” markets, or online stores that sell stolen credit cards.
Read More