July 2019 – Page 17 – PossibleThreat Articles

Credit to Author: Evan Schuman| Date: Mon, 01 Jul 2019 05:47:00 -0700

Ready for the mobile security news that IT doesn’t want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We’ll plunge into the details momentarily, but here’s the upshot: “High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications” and “most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code.”

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets

July 19, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 01 Jul 2019 04:36:00 -0700

How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.

To read this article in full, please click here

ComputerWorld Independent

Mozilla takes swipe at Chrome with 'Track THIS' project

July 19, 2019 0 Comments Browsers, Security, Software

Credit to Author: Gregg Keizer| Date: Thu, 27 Jun 2019 04:28:00 -0700

Mozilla this week touted Firefox’s anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes.

Tagged as “Track THIS,” the only-semi-tongue-in-cheek project lets users select from four personas – including “hypebeast,” “filthy rich,” “doomsday prepper,” and “influencer” – for illustrative purposes. Track THIS then opens 100 tabs “to fool trackers into thinking you’re someone else.”

To read this article in full, please click here

ComputerWorld Independent

How updates to MongoDB work to prevent data breaches | TECH(talk)

July 19, 2019 0 Comments Database, encryption, Security

CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

ComputerWorld Independent

How ‘Find My’ Mac works in macOS Catalina and iOS 13

July 19, 2019 0 Comments Apple, Macs, Mobile, Security

Credit to Author: Jonny Evans| Date: Fri, 21 Jun 2019 08:13:00 -0700

Apple is changing how its Find My Mac tool works in macOS Catalina and iOS – it will now use Bluetooth and should find your Mac even when it is asleep.

How does ‘Find My’ Mac work?

Apple is combining two apps – Find My Friends and Find My iPhone into a new ‘Find My’ app.

The combined app offers what we are used to from each one of these individual apps, but introduces new tools based on Bluetooth.

The ideas is that it will use low energy Bluetooth signals to help bring people together with lost things.

To read this article in full, please click here

ComputerWorld Independent

Google asks Chrome users for help in spotting deceptive sites

July 19, 2019 0 Comments Browsers, Security

Credit to Author: Gregg Keizer| Date: Wed, 19 Jun 2019 12:46:00 -0700

Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.

The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. “By clicking the icon, you’re now able to report unsafe sites to Safe Browsing for further evaluation,” Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.

Safe Browsing is the name of the technology used by Google’s search engine, Chrome, Mozilla’s Firefox, Apple’s Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.

To read this article in full, please click here

ComputerWorld Independent

What the latest iOS passcode hack means for you

July 19, 2019 0 Comments Apple, Government, Mobile, Security

Credit to Author: Lucas Mearian| Date: Tue, 18 Jun 2019 14:25:00 -0700

A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.

Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and “high-end Android” devices.

On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can “determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means.”

To read this article in full, please click here

ComputerWorld Independent

How the Huawei ban could become a security threat | TECH(feed)

July 19, 2019 0 Comments 5G, Huawei, Mobile, Security

We’ve already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei’s Android-powered devices. And even if Huawei responds with its own OS, will people trust it? In this episode of TECH(feed), Juliet discusses those security implications and what some people think the U.S. should do instead.

ComputerWorld Independent

Time-Machine Tuesday: Get a room!

July 19, 2019 0 Comments IT Leadership, Microsoft Exchange, Security

Credit to Author: Sharky| Date: Tue, 18 Jun 2019 03:00:00 -0700

This security pilot fish is a big believer in automated systems. And he’s very impressed when his company moves into new offices where the meeting rooms take the manual labor out of scheduling meetings.

“There are room wizards outside every door to assist in scheduling,” fish says. “And there’s full integration with Microsoft Exchange, so that your meeting information is accurate and timely and always shows the proper room.”

One of fish’s most important meetings is a committee meeting every month on the day after Patch Tuesday to consider how to handle that batch of Microsoft updates. It’s been a regular meeting for years, and after the move the new scheduling system seems to handle it fine.

To read this article in full, please click here

PossibleThreat Articles

Month: July 2019

Message to IT: Trusting Apple and Google for mobile app security is career suicide

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets

Mozilla takes swipe at Chrome with 'Track THIS' project

How updates to MongoDB work to prevent data breaches | TECH(talk)

How ‘Find My’ Mac works in macOS Catalina and iOS 13

How does ‘Find My’ Mac work?

Google asks Chrome users for help in spotting deceptive sites

What the latest iOS passcode hack means for you

How the Huawei ban could become a security threat | TECH(feed)

Time-Machine Tuesday: Get a room!