ComputerWorld – Page 25 – PossibleThreat Articles

With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities (CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month’s Patch Tuesday release gets a “Patch Now” priority. Key testing areas include printing, Microsoft Word, and in general application un-installations. (The Microsoft Office, .NET and browser updates can be added to your standard release schedules.)

To read this article in full, please click here

ComputerWorld Independent

Sadly, IT can no longer trust geolocation for much of anything

September 16, 2022 0 Comments Android, iOS, Mobile, mobile apps, Security, small and medium business

Credit to Author: eschuman@thecontentfirm.com| Date: Fri, 16 Sep 2022 03:00:00 -0700

Geolocation was once a glorious way to know who your company is dealing with (and sometimes what they are doing). Then VPNs started to undermine that. And now, things have gotten so bad that the Apple App Store and Google Play both offer apps that unashamedly declare they can spoof locations — and neither mobile OS vendor does anything to stop it.

Why? It seems both Apple and Google created the holes these developers are using.

In a nutshell, Apple and Google — to test their apps across various geographies — needed to be able to trick the system into thinking that their developers are wherever they wanted to say that they are. What’s good for the mobile goose, as they say.

To read this article in full, please click here

ComputerWorld Independent

When Windows updating goes bad — the case of the problematic patch

September 6, 2022 0 Comments Security, small and medium business, Windows, Windows 10, windows 11

Credit to Author: Susan Bradley| Date: Tue, 06 Sep 2022 04:08:00 -0700

Every month, Windows users and administrators receive updates from Microsoft on Patch Tuesday (or Wednesday, depending on where you’re located). And each month, most users all apply the same updates.

But should we?

Case in point: KB5012170, a patch released on Aug. 9 that either causes no issues — or triggers Bitlocker recover key requests or won’t install at all, demanding that you go find a firmware update. This patch, called the Security update for Secure Boot DBX, applies to nearly all supported Windows releases. Specifically, it affects Windows Server 2012; Windows 8.1 and Windows Server 2012 R2; Windows 10, version 1507; Windows 10, version 1607 and Windows Server 2016; Windows 10, version 1809 and Windows Server 2019; Windows 10, versions 20H2, 21H1, and 21H2; Windows Server 2022; Windows 11, version 21H2 (original release), and Azure Stack HCI, version 1809, all the way to Azure Stack Data Box, version 1809 (ASDB).

To read this article in full, please click here

ComputerWorld Independent

Apple wasn’t fooling when it said it wanted to make Macs more secure

September 2, 2022 0 Comments Apple, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Fri, 02 Sep 2022 04:55:00 -0700

When Craig Federighi, Apple’s senior vice president of software engineering last year said, “We have a level of malware on the Mac that we don’t find acceptable,” he apparently really meant it. And Apple seems to be doing about something about it.

Apple is giant taking steps to secure the Mac

Federighi characterized Apple as being in an enduring battle against malware on the Mac. He also explained that between May 2020 and May 2021 the company identified 130 types of Mac malware that infected 300,000 systems.

Given the Mac’s reputation for security, that may seem counter intuitive, but maintaining a secure platform requires constant watchfulness.

To read this article in full, please click here

ComputerWorld Independent

Apple pushes out emergency updates to address zero-day exploits

September 1, 2022 0 Comments Apple, enterprise mobile management, Mobile, Security, small and medium business

Credit to Author: Lucas Mearian| Date: Thu, 01 Sep 2022 16:46:00 -0700

Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.

The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple’s advisory HT213428 and apply the necessary updates.

To read this article in full, please click here

ComputerWorld Independent

Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach

August 29, 2022 0 Comments data breach, facebook, legal

Credit to Author: Varun Aggarwal| Date: Mon, 29 Aug 2022 04:19:00 -0700

The four-year-old lawsuit claimed Facebook allowed the British political consulting firm access to private data of over 80 million users.

ComputerWorld Independent

What is Managed Device Attestation on Apple platforms?

August 26, 2022 0 Comments Apple, endpoint protection, iOS, mobile device management, Security

Credit to Author: Jonny Evans| Date: Fri, 26 Aug 2022 09:43:00 -0700

Announced at WWDC 2022, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.

Secure the endpoints, not the end times

This adjustment reflects a reality shift. Work doesn’t happen on specific servers or behind defined firewalls today. VPN access can differ across teams. And yet, in a workplace defined by multiple remote devices (endpoints), the security threat is greater than ever.

Managed Device Attestation works to create a second boundary of trust around which device management solutions can work to protect against attack.

To read this article in full, please click here

ComputerWorld Independent

Planned ‘fixes’ for credit-card interchange fees will actually make fraud easier

August 26, 2022 0 Comments finance and accounting systems, Financial Services Industry, Security

Credit to Author: Evan Schuman| Date: Fri, 26 Aug 2022 03:00:00 -0700

I love it when organizations try and do something good, but don’t think things through and end up delivering unintended negative consequences.

Today’s case in point: the US Senate and the Federal Reserve, both of whom are looking to reduce high interchange costs, but are unintentionally increasing costs for merchants and sharply boosting the undiscovered fraud rate. Not bad for government work.

Let’s start with the Senate, where Sens. Dick Durbin (D-IL) and Roger Marshall (R-KS) have crafted The Credit Card Competition Act of 2022. Its stated goal: reduce the interchange fee that financial institutions and card brands (Visa, MasterCard, Amex, etc.) charge retailers.

To read this article in full, please click here

ComputerWorld Independent

What is USB Restricted Mode in macOS Ventura, and why do you want it?

August 15, 2022 0 Comments computers and peripherals, iOS, MacOS, Security

Credit to Author: Jonny Evans| Date: Mon, 15 Aug 2022 06:35:00 -0700

Once upon a time, one attack vector for industrial sabotage consisted of exfiltrating data from Macs using a standard-issue USB storage card. Researchers have also shown that it’s possible to hijack computers with malware-infested cables. It’s a jungle out there, so Apple has toughened up (Apple Silicon) Mac protection with USB Restricted Mode.

What is USB Restricted Mode?

Beginning with macOS Ventura, the new layer of protection comes in the form of USB Restricted mode, which should provide a little reassurance to enterprise IT and is enabled by default.

To read this article in full, please click here

ComputerWorld Independent