small and medium business – Page 6 – PossibleThreat Articles

Patch now to address a Windows zero-day

April 14, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Microsoft has addressed 97 existing vulnerabilities this April Patch Tuesday, with a further eight previously released patches updated and re-released. There have been reports of a vulnerability (CVE-2023-28252) exploited in the wild, making it a “Patch Now” release.

This update cycle affects Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this April update cycle.

To read this article in full, please click here

ComputerWorld Independent

Cisco to offer Webex air-gapped cloud system for security, defense work

April 13, 2023 0 Comments collaboration software, Compliance, Network security, small and medium business

Building on its WebEx product line, Cisco plans to deliver an air-gapped, cloud-based collaboration system for companies involved in US national security and defense work, extending the secure offerings the company already provides to industries that require collaboration tools with strong security measures to meet US government requirements.

Beginning in 2024, the new Webex system — Air-Gapped Trusted Cloud — will provide an added layer of security for teams collaborating through the Webex App, Cisco said.

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. For example, an air-gapped computer is unable to connect to the internet or any other communications networks so as to have complete security with the information that resides within it.

To read this article in full, please click here

ComputerWorld Independent

Yet more digital spies targeting iPhones exposed by security researchers

April 12, 2023 0 Comments Android, Apple, iPhone, Mobile, Security, small and medium business

Just weeks after President Biden signed an executive order designed to prevent the US government from purchasing commercial spyware used to subvert democracies, researchers have identified yet another shameful zero-click, zero-day exploit that targeted iPhone users. This spy-for-hire ‘solution’ was sold by an Israeli firm called QuaDream.

Making everyone less safe

QuaDream’s attacks have been exposed by security researchers at Microsoft and Citizen Lab. QuaDream is a more secretive entity than NSO Group but shares much of the same pedigree, including being founded by ex-NSO Group employees and having connections to Israeli intelligence. Its attacks were first exposed last year, but the researchers have since found more about how these digital mercenaries worked.

To read this article in full, please click here

ComputerWorld Independent

Still using Windows 10 21H2? Time to upgrade

April 10, 2023 0 Comments Security, small and medium business, Windows, Windows 10

So you have a Windows 10 computer — or a fleet of them. But which exact version of Windows 10? If you are on Windows 10, version 21H2, its end of servicing is coming up on June 13, 2023. For Windows 10 Home, Windows 10 Pro, Windows 10 Pro Education, and Windows 10 Pro for Workstations, version 21H2 will stop being offered updates — including security updates — after June. (For Windows 10 Enterprise and Windows 10 Education customers, support for 21H2 lasts another year.)

Why should you upgrade to a new feature release if your existing machines are working just fine? As Windows 10 comes into its final years of support (through to 2025), it’s key to keep machines on supported versions so you can receive security updates. Take the time to review the machines under your control and ensure that they are ready for the end of 21H2 support.

To read this article in full, please click here

ComputerWorld Independent

Ransomware as a service? Windows users can still fight back.

April 3, 2023 0 Comments Security, small and medium business, Windows, Windows 10, windows 11

Ransomware.

It’s one word that can strike a chill in anyone from a corporate C-suite to a home user. It’s sometimes hard to get a feel for the overall ransomware industry (and yes, it’s now an industry). But based on anecdotal reviews of forums and social media, it appears as though attacks against individuals are slowing. I no longer see people report they’ve been hit by ransomware on their PCs.

But it may be that attackers have realized that going after “one-off” targets isn’t the best business plan. In fact, in a recent Microsoft Secure online seminar (registration required), Jessica Payne and Geoff McDonald discuss how ransomware is now a big business, offered as a service by those who sell access to compromised networks to others.

To read this article in full, please click here

ComputerWorld Independent

Researchers warn of Wi-Fi security flaw affecting iOS, Android, Linux

March 31, 2023 0 Comments Apple, iOS, Mobile, Security, small and medium business

Apple’s decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers say could let attackers hijack network traffic. iOS, Linux, and Android devices may be vulnerable.

The problem is how the standard handles power-saving

The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim the vulnerability is being actively exploited, but warn that it might enable the interception of network traffic.

To read this article in full, please click here

ComputerWorld Independent

Russia’s iPhone ban and the digital supply chain

March 20, 2023 0 Comments Apple, iPhone, Mobile, Security, small and medium business

Russia’s Kremlin ordered officials to stop using iPhones, apparently over concerns the devices could be vulnerable to Western intelligence agencies, Reuters reports. When surveillance-as-a-service firms sit exposed for brazenly undermining device security, it’s hard to think there isn’t an argument there. But the bigger story isn’t the harm to Apple’s small business in Russia, it’s the threat to digital supply chains it shows.

To read this article in full, please click here

ComputerWorld Independent

Patch Office and Windows now to resolve two zero-days

March 17, 2023 0 Comments Microsoft, Security, small and medium business, Windows

Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month’s Patch Tuesday release to 84.

Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a “Patch Now” release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.

To read this article in full, please click here

ComputerWorld Independent

Jamf VP explains enterprise security threats — and how to mitigate them

March 7, 2023 0 Comments Apple, iOS, MacOS, Mobile, mobile device management, Security, small and medium business

Apple-focused device management and security vendor Jamf today published its Security 360: Annual Trends report, which reveals the five security tends impacting organizations running hybrid work environments. As it is every year, the report is interesting, so I spoke to Michael Covington, vice president of portfolio strategy, for more details about what the company found this year.

First, here’s a brief rundown of some of the salient points in the report:

To read this article in full, please click here

ComputerWorld Independent

Maybe one day every platform will be as secure as Apple

March 6, 2023 0 Comments Apple, Government, Mobile, Security, small and medium business

A look at the Biden Administration’s recently updated National Cybersecurity Strategy document seems to reflect some of the approaches to cybercrime Apple already employs.

Take privacy, for example. The proposal suggests that privacy protection will no longer be something big tech can argue against – companies will be required to prioritize privacy. That’s fine if you run a business that does not require wholesale collection and analysis of user information, which has always been Apple’s approach. The best way to keep information private, the company argues, is not to collect it at all.

To read this article in full, please click here