small and medium business – Page 14 – PossibleThreat Articles

In a time of war, it’s important to stay secure

February 28, 2022 0 Comments Apple, Security, small and medium business, Windows

Credit to Author: Susan Bradley| Date: Mon, 28 Feb 2022 06:09:00 -0800

As Russia invaded Ukraine, seeing the disruption in the world occur in near real time on social media brought poignancy to what was happening. While I don’t know anyone in Ukraine, I know many people who have friends or family members that have been impacted by the war. Ukraine has many technology ties around the world. It’s also been a source of cyberattacks, which is why there’s extra concern about what we can do to protect ourselves in case of attack. (Eastern Europe has often been the source of many of the ransomware attacks that occur around the world.)

So what can tech users do to ensure you protect yourself from possible cyberattacks arising from the conflict?

To read this article in full, please click here

ComputerWorld Independent

Behavioral Analytics is getting trickier

February 28, 2022 0 Comments Mobile, Security, small and medium business

Credit to Author: Evan Schuman| Date: Mon, 28 Feb 2022 03:00:00 -0800

Behavioral analytics is one of the best authentication methods around — especially when it’s part of continuous authentication. Authentication as a “one-and-done” is something that simply shouldn’t happen anymore. Then again, I’ve argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms.

Oh well.

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they’re resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.

To read this article in full, please click here

ComputerWorld Independent

Windows is in Moscow’s crosshairs, too

February 25, 2022 0 Comments Security, small and medium business, Windows

Credit to Author: Preston Gralla| Date: Fri, 25 Feb 2022 03:00:00 -0800

Russia telegraphed its intentions to invade Ukraine well ahead of this week’s attack by massing nearly 200,000 soldiers along Ukraine’s borders, and by Vladimir Putin’s increasingly belligerent threats.

Behind the scenes, Russia was doing more than that, including dangerous cyberattacks launched against Ukraine. And as is typically the case in such attacks, Windows was the attack vector.

“We’ve observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government, Tom Burt, Microsoft corporate vice president for customer security and trust, wrote in a blog post in mid-January. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.” In a related technical post detailing how the malware works, Microsoft added: “These systems [under cyberattack] span multiple government, non-profit, and information technology organizations, all based in Ukraine.”

To read this article in full, please click here

ComputerWorld Independent

Take your time testing these February Patch Tuesday updates

February 11, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Credit to Author: Greg Lambert| Date: Fri, 11 Feb 2022 12:21:00 -0800

There are (as of now) 51 patches to the Windows ecosystem for February, but no critical updates and no “Patch Now” recommendations from the Readiness team. I’m hoping that with this month’s list of Patch Tuesday updates, we can enjoy the quiet after the storm. January was tough for a lot of folks. And, with this month’s very light release from Microsoft, corporate security and systems administrators can take the time needed to test their applications and desktop/server builds. It’s also important to invest in their testing methodologies, release practices, and how their applications may be affected by OS-level updates and patches.

To read this article in full, please click here

ComputerWorld Independent

Second Israeli firm accused of undermining iPhones, like NSO Group

February 3, 2022 0 Comments Apple, iPhone, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800

As if recent revelations about NSO Group weren’t bad enough, yet another Israeli firm — QuaDream — has now been accused of using the same hack to undermine iPhone security.

QuaDream also used the hack, Reuters claims

A Reuters report has the details:

QuaDream made use of the same flaw to commit similar attacks against iPhones.
The company is smaller than NSO Group, but also sells smartphone hacking tools to governments.
Both companies used the same highly sophisticated “zero-click” ForcedEntry attack, which enabled them to remotely break into iPhones without an owner needing to click a malicious link.
Once deployed, attackers using the software could access messages, intercept calls, and use the device as a remote listening device. They also gained access to the camera and more.
Apple closed this vulnerability in September 2021.
It is believed NSO Group software was used to target the family of murdered Saudi journalist Jamal Khashoggi.

The news follows the revelation that the FBI also obtained NSO’s Pegasus spyware, but claims it did not use it. That also follows another recent claim that NSO Group offered “bags of cash” in exchange for access to US cellular networks via the SS7 network.

To read this article in full, please click here

ComputerWorld Independent

Why Apple’s improved 2FA protection matters to business

February 2, 2022 0 Comments Apple, iOS, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Tue, 01 Feb 2022 06:01:00 -0800

Apple has introduced a new layer of protection to its existing two-factor authentication (2FA) system, making it a little harder for phishing attacks to successfully steal valuable authentication credentials.

Given that Apple, PayPal, and Amazon were the top three brands used for successful phishing attacks last year, according to a recent Jamf report, this matters.

Phishing costs billions and is bad for business

Phishing is a huge problem. The scale of these attacks shot up during the pandemic. The FBI Internet Crime Report 2020 revealed that phishing attacks affected 241,342 victims in 2020, up from 114,702 in 2019, with adjusted losses of more than $54 billion. Verizon’s 2021 Data Breach Investigations Report confirmed that 36% of data breaches that year involved phishing.

To read this article in full, please click here

ComputerWorld Independent

Jamf CEO weighs in on Apple deployments and enterprise security

February 2, 2022 0 Comments Apple, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Thu, 27 Jan 2022 08:34:00 -0800

“Apple will become the number one device ecosystem in the enterprise by the end of this decade,” Jamf CEO Dean Hager told me while introducing an in-depth enterprise security trends report that enterprises should look at.

Apple continues to see incredible growth

The nature of enterprise IT is rapidly becoming multiplatform. Jamf recently shared some details concerning the rapid growth in Apple device deployments it is seeing in business. For example, it now has 60,000 active customers, up from 36,000 two years before that – and believes new services such as Apple Business Essentials will help maintain this growth.

To read this article in full, please click here

ComputerWorld Independent

How to keep your apps up to date in Windows 10 and 11

February 2, 2022 0 Comments Security, small and medium business, Windows, Windows 10, windows 11

Credit to Author: Ed Tittel| Date: Wed, 19 Jan 2022 03:00:00 -0800

Look around a typical Windows desktop. Whether it’s running Windows 10 or 11, chances are that it’s running at least a couple of dozen Windows applications (.exe files), and at least four dozen Microsoft Store apps. On my local fleet of 10 PCs, the range for applications is from a low of 24 to a high of 120; for Store apps, it ranges from 49 to 81. Such numbers are quite typical, if my online research is at all accurate.

In general, it’s considered good security practice to keep apps and applications up-to-date. Why? Because many updates involve security patches and fixes that block potential attacks and prevent unauthorized and unwanted access to applications and their data (and sometimes, the host OS and the PCs they run on). In this story, I will offer some tools to help you streamline this process, along with some instructions on how to put them to work to help you keep your apps and applications current and safe.

To read this article in full, please click here

ComputerWorld Independent

20 years after Gates’ call for trustworthy computing, we’re still not there

February 2, 2022 0 Comments Microsoft, Security, small and medium business, Windows, Windows 10

Credit to Author: Susan Bradley| Date: Mon, 17 Jan 2022 03:42:00 -0800

Do you feel more secure? Is your computing experience more trustworthy these days?

Seriously — you’re reading this article on a computer or phone, connecting to this site on an internet shared with your Grandma as well as Russian hackers, North Korean attackers, and lots of teenagers looking at TikTok videos. It’s been 20 years since then-Microsoft CEO Bill Gates wrote his Trustworthy Computing memo where he emphasized security in the company’s products.

So are we actually more secure now?

I’m going to keep in mind the side effects from last week’s Patch Tuesday security updates and consider them in my answer. First, the good news: I don’t see major side effects occurring on PCs not connected to active directory domains (and I haven’t seen any showstoppers in testing my hardware at home). I can still print to my local HP and Brother printers. I can surf and access files. So, while I’m not ready yet to give an all-clear to install the January updates, when I do, I doubt you’ll see side effects.

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday gets off to a busy start for January

February 2, 2022 0 Comments Microsoft, Security, small and medium business, Windows, Windows 10, windows 11

Credit to Author: Greg Lambert| Date: Fri, 14 Jan 2022 12:10:00 -0800

For this week’s Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of them rated critical. Though six vulnerabilities have been publicly reported, I do not classify them as zero-days. Microsoft has fixed a lot of security related issues and is aware of several known issues that may have inadvertently caused significant server issues including:

Hyper-V, which no longer starts with the message, “Virtual machine xxx could not be started because the hypervisor is not running.”
ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic).
And Windows domain controller boot loops.

There are a variety of known issues this month, and I’m not sure whether we’ll see more issues reported with the January server patches. You can find more information on the risk of deploying these latest updates with our helpful infographic.

To read this article in full, please click here