Wednesday, April 8, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security

ComputerWorldIndependent
admin

Apple just made Safari a better fit for the enterprise

Credit to Author: Jonny Evans| Date: Wed, 25 Sep 2019 07:15:00 -0700

Enterprise users can now wrap a new layer of security around their web services, thanks to Apple’s introduction of support for USB security keys in Safari 13.0.1.

Enterprise class security

Dongles aren’t a terribly convenient security protection for most people, but government, military and regulated industries are always searching out new ways to secure themselves, and their data.

FIDO2-compliant USB security keys – such as those made by Yubico – add a layer of security to the verification process:

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft releases emergency IE patches inside 'optional, non-security' cumulative updates

Credit to Author: Woody Leonhard| Date: Tue, 24 Sep 2019 12:13:00 -0700

I’ve seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed – the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.

On a Monday.

In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They’re “optional non-security” and “Monthly Rollup preview” patches, so you won’t get them unless you specifically go looking for them.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft delivers emergency security update for antiquated IE

Credit to Author: Gregg Keizer| Date: Tue, 24 Sep 2019 03:00:00 -0700

Microsoft on Monday released an emergency security update to patch a vulnerability in Internet Explorer (IE), the legacy browser predominantly used by commercial customers.

The flaw, which was reported to Microsoft by Clement Lecigne, a security engineer with Google’s Threat Analysis Group (TAG), has already been exploited by attackers, making it a classic “zero-day,” a vulnerability actively in use before a patch is in place.

In the security bulletin that accompanied the release of the IE patch, Microsoft labeled the bug a remote code vulnerability, meaning that a hacker could, by exploiting the bug, introduce malicious code into the browser. Remote code vulnerabilities, also called remote code execution, or RCE, flaws, are among the most serious. That seriousness, as well as the fact that criminals are already leveraging the vulnerability, was reflected in Microsoft’s decision to go “out of band,” or off the usual patching cycle, to plug the hole.

To read this article in full, please click here

Read More