Skip to main content
Please wait...

How and why you need HomeKit-secured smart homes

1 day 23 hours ago

Once upon a time, the Internet was amazing, enabling niche interests and connecting people. Apple’s iMac was the epitome of the era, while the iPhone became the prophet of change.

Now, the home is the next connected frontier, and one that should be as secure – as much as possible – as the office. That's especially true given recent trends toward more remote work from home, where corporate data can be endangered by weak security.

What is HomeKit-secured and why should you use it?

These days hackers break into home networks using our routers and smart home devices, which is why everyone must learn how to use HomeKit-secured routers to keep their connected homes safe.

To read this article in full, please click here

Jonny Evans

Firefox starts switching on DNS-over-HTTPS to encrypt lookups, stymie tracking

2 days 17 hours ago

Mozilla has started to turn on DNS-over-HTTPS, or DoH, as part of its overall strategy of stressing user privacy.

"We know that unencrypted DNS is not only vulnerable to spying but is being exploited," wrote Selena Deckelmann, Mozilla's new vice president of desktop Firefox, in a Feb. 25 post to a company blog. "We are make the shift to more secure alternatives [and] do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit."

To read this article in full, please click here

Gregg Keizer

Microsoft Patch Alert: February 2020 patches bring fire and ice but seem to have settled – finally.

2 days 18 hours ago

The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it – leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month’s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn’t been officially acknowledged by Microsoft outside of a blog post. But at least it’s well known and understood.

Folks running SQL Server and Exchange Server networks need to get patched right away.

Win10 UEFI update KB 4524244 blockages

Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I talked about it last week.

To read this article in full, please click here

Woody Leonhard

10 steps to smarter Google account security

3 days 1 hour ago

There are important accounts to secure, and then there are important accounts to secure. Your Google account falls into that second category, maybe even with a couple of asterisks and some neon orange highlighting added in for good measure.

I mean, really: When you stop and think about how much stuff is associated with that single sign-in — your email, your documents, your photos, your files, your search history, maybe even your contacts, text messages, and location history, if you use Android — saying it's a "sensitive account" seems like an understatement. Whether you're using Google for business, personal purposes, or some combination of the two, you want to do everything you possibly can to keep all of that information locked down and completely under your control.

To read this article in full, please click here

JR Raphael

Top secret

4 days 1 hour ago

It’s back when 5-inch floppy disks roamed the Earth, and a customer service tech sends a software update to a customer known to be a bit more than a little computer-challenged, says a pilot fish in the know. This involves physically mailing a stack of disks to the customer, along with a note saying to call the tech when she’s ready to install the update.

When the call comes, the tech is prepared to walk her through the installation step by step. After getting the computer booted up and verifying that the user has located disk No. 1, the tech says, “Insert the floppy disk into the disk drive, with the label facing up.”

Customer: “Done.”

Tech: “Type ‘A,’ and press the Enter key.”

To read this article in full, please click here


Why every user needs a smart speaker security policy

4 days 22 hours ago

Does your voice assistant wake up randomly when you are engaged in normal conversation, listening to radio, or watching TV? You’re not alone, and this could have serious implications in enterprise security policy.

All things being equal (they’re not)

“Anyone who has used voice assistants knows that they accidentally wake up and record when the 'wake word' isn't spoken - for example, 'seriously' sounds like the wake word 'Siri' and often causes Apple's Siri-enabled devices to start listening," the Smart Speakers research study says.

To read this article in full, please click here

Jonny Evans

Apple joins industry effort to eliminate passwords

1 week 1 day ago

In a somewhat unusual move for Apple, the company has joined the Fast IDentity Online (FIDO) Alliance, an authentication standards group dedicated to replacing passwords with another, faster and more secure method for logging into online services and apps.

Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.

“Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them,” said Jack Gold, president and principal analyst at J. Gold Associates. "Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.

To read this article in full, please click here

Lucas Mearian

The mess behind Microsoft’s yanked UEFI patch KB 4524244

1 week 1 day ago

Remember the warning about watching how sausage is made? This is an electronic sausage-making story with lots of dirty little bits.

First, the chronology. On February’s Patch Tuesday, Microsoft released a bizarre standalone security patch, KB 4524244, which was then called “Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: Feb. 11, 2020.” The name has changed, but bear with me.

The original problems with KB 4524244

That patch had all sorts of weird hallmarks as I discussed at the time:

To read this article in full, please click here

Woody Leonhard

Complying with CCPA: Answers to common questions

1 week 3 days ago
Enforcement of the California Consumer Privacy Act begins this summer, but lawsuits are already being filed. To help you comply and avoid being sued, CSO contributor Maria Korolov joins IDG TECH(talk) host Juliet Beauchamp to discuss critical components of the CCPA and answer viewers’ questions.

Dump Windows 7 already! Jeez!

1 week 3 days ago

Why am I still writing about Windows 7? It’s dead, Jim! The tombstone reads, “June 22, 2009 – January 14, 2020.” It was a good run, but unless you’re shelling out some serious coin for Windows 7 Extended Security Updates (ESU), you shouldn’t be running Windows 7.

But many of you are. According to the best survey of who’s running what, the U.S. government’s Digital Analytics Program (DAP), on Feb. 14, weeks after Win7’s end of life, just over one in 20 of Windows users was still using Windows 7! Oh, come on! More than 5%! A dead and buried OS! Get with the program!

To read this article in full, please click here

Steven J. Vaughan-Nichols

Mobile security: Worse than you thought

1 week 4 days ago

Many security professionals have long held that the words "mobile security" are an oxymoron. True or not, with today's mobile usage soaring in enterprises, that viewpoint may become irrelevant. It's a reasonable estimate that 2020 knowledge workers use mobile devices to either supplement or handle much of their work 98% of the time. Laptops still have a role (OK, if you want to get literal, I suppose a laptop can be considered mobile), but that's only because of their larger screens and keyboards. I'd give mobile players maybe three more years before that becomes moot.

That means that security on mobile needs to become a top priority. To date, that usually has been addressed with enterprise-grade mobile VPNs, antivirus and more secure communication methods (such as Signal). But in the latest Verizon Data Breach Investigations Report — always a worthwhile read — Verizon eloquently argues that aside from wireless, the form factor of mobile in and of itself poses security risks.

To read this article in full, please click here

Evan Schuman

How blockchain could help block fake news

1 week 5 days ago

In 2018, a video of former President Barrack Obama surfaced on YouTube explaining how easily technology could be used to manipulate video and create fake news. It got more than 7.2 million views.

In the video, Obama explains how we live in dangerous times when “enemies” can make anyone say anything at any point in time. Moments later, it’s revealed that the video was itself faked.

Whether its news articles, images or video, fake and misleading content has proliferated across the internet over the past five or so years. One possible solution to the problem now being proposed would standardize how content is delivered online, with anything outside those standards not trusted.

To read this article in full, please click here

Lucas Mearian

Microsoft springs last-minute demand on buyers of Windows 7 after-expiration support

1 week 6 days ago

Microsoft this week threw a wrench into the workings of its long-touted Windows 7 post-retirement support, telling IT administrators that there was a brand new prerequisite that must be installed before they can download the patches they'd already paid for.

The last-minute requirement was titled "Extended Security Updates Licensing Preparation Package" and identified as KB4538483 in Microsoft's numerical format.

The licensing prep package can be downloaded manually from the Microsoft Update Catalog. It should also appear in WSUS (Windows Server Update Services), the patch management platform used by many commercial customers. It will not, however, be automatically delivered through the Windows Update service, which some very small businesses rely on to provide them necessary patches.

To read this article in full, please click here

Gregg Keizer

MIT researchers say mobile voting app piloted in U.S. is rife with vulnerabilities

2 weeks 1 day ago

Elections officials in numerous states have piloted various mobile voting applications as a method of expanding access to the polls, but MIT researchers say one of the more popular apps has security vulnerabilities that could open it up to tampering by bad actors.

The MIT analysis of the application, called Voatz, highlighted a number of weaknesses that could allow hackers to “alter, stop, or expose how an individual user has voted.”

Additionally, the researchers found that Voatz’s use of Palo Alto-based vendor Jumio for voter identification and verification poses potential privacy issues for users.

To read this article in full, please click here

Lucas Mearian

A large – but manageable – February Patch Tuesday brings critical browser updates

2 weeks 2 days ago

With 99 reported vulnerabilities and patches to both Microsoft browsers, Office and Windows, this month's Patch Tuesday update is not as large an administrative burden as you might initially think. We've rated the browser updates as a “Patch Now” update due to issues with the Chakra engine, but both Office and Windows can be scheduled according to a regular patch cadence. Unfortunately, we have another Adobe Flash update to deploy, but no critical development updates for February.

You can find more information in our helpful infographic here.

To read this article in full, please click here

Greg Lambert

BlackBerry says its new Digital Workplace eliminates need for VPN, VDI

2 weeks 2 days ago

BlackBerry has unveiled its Digital Workplace platform, a web portal and workspace for secure online and offline access to corporate on-premise or cloud content,  including Microsoft Office 365 resources.

Digital Workplace, announced last week, integrates BlackBerry Desktop (for access to corporate email, contacts, calendar and intranet web apps), CylanceProtect (for workstation protection), and a browser-based workspace from Awingu, a Belgium company that penned a partnership with BlackBerry in 2018. Businesses can access their legacy Windows, Linux, SaaS or internal web apps, desktops and files inside of BlackBerry’s secure managed browser. Awingu's unified workspace runs Windows, Linux, web and intranet apps.

To read this article in full, please click here

Lucas Mearian
50 minutes 32 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.