Apple joins industry effort to eliminate passwords

Credit to Author: Lucas Mearian| Date: Fri, 21 Feb 2020 03:00:00 -0800

In a somewhat unusual move for Apple, the company has joined the Fast IDentity Online (FIDO) Alliance, an authentication standards group dedicated to replacing passwords with another, faster and more secure method for logging into online services and apps.

Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.

“Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them,” said Jack Gold, president and principal analyst at J. Gold Associates. “Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.

To read this article in full, please click here

Read more

Private photos leaked by PhotoSquared’s unsecured cloud storage

Credit to Author: Lisa Vaas| Date: Wed, 19 Feb 2020 11:49:20 +0000

With no password required and no encryption in place, a burglar or ID thief could have seen your photos, your address and more.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/v6L-VwD68-Y” height=”1″ width=”1″ alt=””/>

Read more

Mobile security: Worse than you thought

Credit to Author: Evan Schuman| Date: Tue, 18 Feb 2020 03:00:00 -0800

Many security professionals have long held that the words “mobile security” are an oxymoron. True or not, with today’s mobile usage soaring in enterprises, that viewpoint may become irrelevant. It’s a reasonable estimate that 2020 knowledge workers use mobile devices to either supplement or handle much of their work 98% of the time. Laptops still have a role (OK, if you want to get literal, I suppose a laptop can be considered mobile), but that’s only because of their larger screens and keyboards. I’d give mobile players maybe three more years before that becomes moot.

That means that security on mobile needs to become a top priority. To date, that usually has been addressed with enterprise-grade mobile VPNs, antivirus and more secure communication methods (such as Signal). But in the latest Verizon Data Breach Investigations Report — always a worthwhile read — Verizon eloquently argues that aside from wireless, the form factor of mobile in and of itself poses security risks.

To read this article in full, please click here

Read more

MIT researchers say mobile voting app piloted in U.S. is rife with vulnerabilities

Credit to Author: Lucas Mearian| Date: Thu, 13 Feb 2020 13:30:00 -0800

Elections officials in numerous states have piloted various mobile voting applications as a method of expanding access to the polls, but MIT researchers say one of the more popular apps has security vulnerabilities that could open it up to tampering by bad actors.

The MIT analysis of the application, called Voatz, highlighted a number of weaknesses that could allow hackers to “alter, stop, or expose how an individual user has voted.”

Additionally, the researchers found that Voatz’s use of Palo Alto-based vendor Jumio for voter identification and verification poses potential privacy issues for users.

To read this article in full, please click here

Read more

BlackBerry says its new Digital Workplace eliminates need for VPN, VDI

Credit to Author: Lucas Mearian| Date: Wed, 12 Feb 2020 13:18:00 -0800

BlackBerry has unveiled its Digital Workplace platform, a web portal and workspace for secure online and offline access to corporate on-premise or cloud content,  including Microsoft Office 365 resources.

Digital Workplace, announced last week, integrates a secure browser-based workspace sold by Awingu, a Belgium company that penned a partnership with BlackBerry in 2018. Businesses can access their legacy Windows, Linux, SaaS or internal web apps, desktops and files inside of Awingu’s secure managed browser. Awingu’s unified workspace runs Windows, Linux, web and intranet apps.

To read this article in full, please click here

Read more

Why the Fed is considering a cash-backed cryptocurrency

Credit to Author: Lucas Mearian| Date: Tue, 11 Feb 2020 03:00:00 -0800

The Federal Reserve is investigating the potential of a central bank digital currency (CBDC) as the backbone for a new, secure real-time payments and settlements system.

The move toward a form of government-backed digital currency is being driven by Fintech firms and a banking industry already piloting or planning to pilot cash-backed digital tokens, according to Lael Brainard, a member of the U.S. Federal Reserve’s Board of Governors.

“Today, it can take a few days to get access to your funds. A real-time retail payments infrastructure would ensure the funds are available immediately – to pay utility bills or split the rent with roommates, or for small business owners to pay their suppliers,” said Brainard, who serves as chair of the committees overseeing Financial Stability and Payments, Clearing and Settlements.

To read this article in full, please click here

Read more

UEM to marry security — finally — after long courtship

Credit to Author: Lucas Mearian| Date: Mon, 10 Feb 2020 03:00:00 -0800

The days of enterprise security being a separate entity from mobile and desktop endpoint management are coming to an end, which should delight infrastructure and security teams who’ll eventually have more powerful machine learning-enabled tools at their disposal — and a single console through which to control them.

Security around mobile and desktop infrastructures has traditionally depended on what’s being managed; you purchase one for mobile devices and another for the rest of your endpoints, whether laptop or desktop.

While security threats are growing, particularly phishing attacks via email, SMS or hyperlinks, the amount of money companies spend on mobile security appears to be shrinking. And yet, the percentage of organizations that admit to having suffered a mobile compromise grew in 2019, according to a Verizon survey.

To read this article in full, please click here

Read more

UEM to marry security – finally – after long courtship

Credit to Author: Lucas Mearian| Date: Mon, 10 Feb 2020 03:00:00 -0800

The days of enterprise security being a separate entity from mobile and desktop endpoint management are coming to an end, which should delight infrastructure and security teams who’ll eventually have more powerful machine learning-enabled tools at their disposal – and a single console through which to control them.

Security around mobile and desktop infrastructures has traditionally depended on what’s being managed; you purchase one for mobile devices and another for the rest of your endpoints, whether laptop or desktop.

While security threats are growing, particularly phishing attacks via email, SMS or hyperlinks, the amount of money companies spend on mobile security appears to be shrinking. And yet, the percentage of organizations that admit to having suffered a mobile compromise grew in 2019, according to a Verizon survey.

To read this article in full, please click here

Read more

Smart lighting security flaw illuminates risk of IoT

Credit to Author: Jonny Evans| Date: Fri, 07 Feb 2020 06:35:00 -0800

The latest smart home security nightmare sheds light on the risk you take each time you add another connected item to your home, office or industrial network – and even market leading brands make mistakes.

The story of Hue

Philips Hue smart lighting systems are probably among the most widely installed smart home solutions in the world, so plenty of people deserve to learn about the latest Check Point research which warns of a major security flaw in them.

To read this article in full, please click here

Read more

Is Apple's iCloud folder sharing a shadow IT problem?

Credit to Author: Jonny Evans| Date: Thu, 06 Feb 2020 06:35:00 -0800

After a long delay, Apple is preparing to introduce iCloud Folder Sharing across both its Mac and iOS platforms. This is a big blessing for collaboration, but is it safe?

What is iCloud Folder Sharing?

iCloud Folder Sharing was first announced at WWDC 2019, but delayed until – well, at present it is still delayed and was only recently made available inside the latest iOS and macOS developer betas. Which means it should be on the way.

Probably.

How it works?

To read this article in full, please click here

Read more