Skip to main content
Please wait...

McDonald's serves up a master class in how not to explain a system outage

2 weeks 3 days ago

The global outage that last month prevented McDonald's from accepting payments prompted the company to release a lengthy statement that should serve as a master  class in how not to report an IT problem. It was vague, misleading and yet the company used language that still allowed many of the technical details to be figured out. 

(You know you've moved far from home base when Burger King UK makes fun of you— in response to news of the McDonald's outage, Burger King played off its own slogan by posting on LinkedIn: “Not Loving I.T.”)

The McDonald's statement was vague about what happened, but it did opt to throw the chain’s point-of-sale (POS) vendor under the bus — while not identifying which vendor it meant. Classy.

To read this article in full, please click here

If you get an unexpected call from Apple Support, you’re being hacked

3 weeks ago

Have you ever had an unexpected direct phone call from Apple support? I have not, and if you do ever receive one, you probably aren’t talking to Apple. The company says you should immediately hang up.

“If you get an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple Support, just hang up,” the company support website states.

Don’t fall for it

Other things it warns against are suspicious calendar invitations in Mail or Calendar, annoying pop-ups in the browser, unexpected software download prompts, and fraudulent emails.

To read this article in full, please click here

For March's Patch Tuesday, no zero-day flaws

1 month ago

Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they're just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

Known issues

Each month, Microsoft publishes a list of known issues that relate to the operating system and platforms included in the latest update cycle; for March, there are two minor issues reported:

To read this article in full, please click here

A call for digital-privacy regulation 'with teeth' at the federal level

1 month ago

How did we get to the point where the tech industry is in the user-data business instead of the tech business?

Every day, Google collects data on billions of people worldwide, according to The Regulatory Review. The dodge that users gain some benefit from ad targeting is fallacy. For example, if Google's search were decoupled from its advertising, there would be less chance for users to be misled by ignored search terms and seemingly hard-wired results.

There's nothing beneficial to the user about Google's sponsored search results. That's also true of  the adjacent Google ads that follow you around from site to site.

To read this article in full, please click here

EC's use of Microsoft 365 violates data-privacy rules, watchdog group says

1 month ago

The European Commission (EC) has violated several key data protection rules in its use of Microsoft 365 regarding the transfer of people's personal data from Europe to other regions not covered by EU data-protection laws, a key European privacy watchdog found.

The European Data Protection Supervisor (EDPS) on Tuesday chastized the EC after finding it did not take proper protective measures when sending personal data outside the EU and European Economic Area (EEA) when using the cloud-based app.

To read this article in full, please click here

Researchers, legal experts want AI firms to open up for safety checks

1 month 1 week ago

More than 150 leading artificial intelligence (AI) researchers, ethicists and others have signed an open letter calling on generative AI (genAI) companies to submit to independent evaluations of their systems, the lack of which has led to concerns about basic protections.

The letter, drafted by researchers from MIT, Princeton, and Stanford University, called for legal and technical protections for good-faith research on genAI models, which they said is hampering safety measures that could help protect the public.

To read this article in full, please click here

EC to grill Meta on Facebook ‘subscription for no ads’ plan

1 month 2 weeks ago

The European Commission (EC) on Friday said it needs more information from Facebook and Instagram parent company Meta to assess its compliance with applicable privacy and security laws in the European Union (EU).

The EC, in a statement, said Meta also needs to speed up its responses to requests in December for information, which centered on election information, terrorism and the protection of minors. The company has until March 15 to provide that information, with the new info about Meta’s pay-to-opt-out-of-tracking program due March 22.

To read this article in full, please click here

Apple warns of increased iPhone security risks

1 month 2 weeks ago

Apple is telling European customers that new EU competition laws will make iPhones less safe once the company is forced to open up its platforms to third-party App Stores. The company, not exactly happy about this, has published a 32-page white paper where it spells out the risks arising from the EU’s big experiment.

The EU’s formal adoption of the Digital Markets Act (DMA) means Apple must make several changes to its App Store and business models. Changes include the introduction of support for third-party app stores, opening up to payment systems other than Apple Pay, and more.

To read this article in full, please click here

Eight European consumer watchdogs file complaints over Meta’s data processing

1 month 2 weeks ago

Eight European consumer organizations have filed complaints against Facebook parent Meta accusing it of breaching the EU’s General Data Protection Regulation (GDPR) with its so-called “pay-or-consent” policy and opaque internal policies.

The organizations are all members of BEUC, the European Consumer Organization.  Their complaints, publicized Thursday, argue that the large-scale consumer data collection practiced by Meta violates the GDPR, and that the company has abused its dominant market position to essentially coerce customers into accepting its terms. Each of the eight groups filed their complaints with their national data protection authorities, as there is no pan-European office to accept such complaints.

To read this article in full, please click here

Enterprise mobility 2024: Welcome, genAI

1 month 2 weeks ago

Generative artificial intelligence (genAI) has become a focal point for many organizations over the past year, so it should come as no surprise that the technology is moving into the enterprise mobility space, including unified endpoint management (UEM).

“Generative AI is the latest trend to impact the UEM space,” says Andrew Hewitt, principal analyst, Forrester. “This has been the main topic of interest in the last year. We see generative AI having impacts in multiple areas, such as script creation, knowledge-based article creation, NLP [natural language processing]-based querying of endpoint data, and help desk chatbots. All of these are considerations for inclusion within the UEM stack.”

To read this article in full, please click here

Download: UEM vendor comparison chart 2024

1 month 2 weeks ago

Unified endpoint management (UEM) is a strategic IT approach that consolidates how enterprises secure and manage an array of deployed devices including phones, tablets, PCs, and even IoT devices.

As remote and hybrid work models have become the norm over the past two years, “mobility management” has come to mean management of not just mobile devices, but all devices used by mobile employees wherever they are. UEM tools incorporate existing enterprise mobility management (EMM) technologies, such as mobile device management (MDM) and mobile application management (MAM), with tools used to manage desktop PCs and laptops.

To read this article in full, please click here

,

Microsoft, OpenAI move to fend off genAI-aided hackers — for now

1 month 2 weeks ago

Of all the potential nightmares about the dangerous effects of generative AI (genAI) tools like OpenAI’s ChatGPT and Microsoft’s Copilot, one is near the top of the list: their use by hackers to craft hard-to-detect malicious code. Even worse is the fear that genAI could help rogue states like Russia, Iran, and North Korea unleash unstoppable cyberattacks against the US and its allies.

The bad news: nation states have already begun using genAI to attack the US and its friends. The good news: so far, the attacks haven’t been particularly dangerous or especially effective. Even better news: Microsoft and OpenAI are taking the threat seriously. They’re being transparent about it, openly describing the attacks and sharing what can be done about them.

To read this article in full, please click here

JAMF warns: Many Apple-using businesses still aren’t secure

1 month 3 weeks ago

Your enterprise security does not live in isolation — the threat environment extends across all your colleagues, partners, and friends.

That's why it’s very concerning that so many businesses continue to fail to meet basic security hygiene standards, according to the latest Security 360 report from Jamf.

Data is gold, which attackers recognize — even many in business don’t. Every stolen address, email, phone number, name, or even passport number is an ID attack waiting to happen, a path to enable a more complex phishing scam, or just an opportunity to call someone up and claim the target has a problem with their computer that they can help them with.

To read this article in full, please click here

Apple’s iMessage gains industry-leading quantum security

1 month 3 weeks ago

Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.

Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple's messaging system being more secure against both current and future foes.

What is the protection?

Announced on Apple’s Security Research blog, the new iMessage protection is called PQ3 and promises the “strongest security properties of any at-scale messaging protocol in the world.”

To read this article in full, please click here

EU begins formal investigation of TikTok over potential violations of Digital Services Act

1 month 3 weeks ago

The European Commission has opened formal proceedings to assess whether TikTok may have breached the European Union’s Digital Services Act (DSA) in various ways associated with the protection of minors, advertising transparency, data access for researchers, and managing risk for addictive design and harmful content.

The formal investigation adds to the privacy and safety concerns that have plagued the video-sharing platform, giving enterprises yet another reason to consider banning its use by employees while they access corporate networks. The Commission had previously conducted a preliminary investigation and risk assessment that found further oversight to be necessary.

To read this article in full, please click here

Miro boosts security for its visual collaboration app

1 month 3 weeks ago

Miro has unveiled a set of security tools designed to help businesses protect sensitive data shared on its digital whiteboard application. The new Miro Enterprise Guard includes features to automate detection and classification of sensitive data, manage content for legal audits, and provide IT admins with greater control over encryption.

Visual collaboration is one of the fastest-growing areas of the wider collaboration software market, according to IDC. Digital whiteboard apps provide a shared canvas for co-workers to brainstorm ideas and plan projects, with Miro competing against the likes of Mural, Figma, Microsoft and others.

To read this article in full, please click here

Microsoft fixes two zero-days with Patch Tuesday release

2 months ago

Microsoft on Tuesday released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe and two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).

Including the recent reports that the Windows SmartScreen vulnerability (CVE-2024-21351) is under active exploitation, we have added “Patch Now” schedules to Microsoft Office, Windows and Exchange Server. The team at Readiness has provided this detailed infographic outlining the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Microsoft and the Taylor Swift genAI deepfake problem

2 months ago

The last few weeks have been a PR bonanza for Taylor Swift in both good ways and bad. On the good side, her boyfriend Travis Kelce was on the winning team at the Super Bowl, and her reactions during the game got plenty of air time. On the much, much worse side, generative AI-created fake nude images of her have recently flooded the internet.

As you would expect, condemnation of the creation and distribution of those images followed swiftly, including from generative AI (genAI) companies and, notably, Microsoft CEO Satya Nadella. In addition to denouncing what happened, Nadella shared his thoughts on a solution: “I go back to what I think’s our responsibility, which is all of the guardrails that we need to place around the technology so that there’s more safe content that’s being produced.”

To read this article in full, please click here

Apple is ramping up its fight against malware

2 months ago

Ensuring platform security is hard, but when a company the stature of Apple begins to ramp up protection of its ecosystem, every IT decision maker should pay attention. Unfortunately, this is precisely what's happening: Apple is now updating fundamental protection at a faster clip than it's ever done before.

Apple’s security teams are alert

That important revelation comes from Howard Oakley at the excellent Eclectic Light Company blog. He notes that in the six weeks ending Feb. 9 Apple, has updated a Mac security feature called XProtect five times — introducing 11 new rules to the service.

To read this article in full, please click here

Checked
38 minutes 20 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.