Skip to main content
Please wait...

Microsoft sets post-retirement patching record with Windows XP fix – 5 years after support ended

1 month 1 week ago

Microsoft on Wednesday resurrected Windows XP and Windows Server 2003 long enough to push patches to the long-dead products. It was the first time since 2017 that Microsoft deemed the situation serious enough to warrant a security fix for XP.

Windows XP fell off the public support list in April 2014, while Windows Server 2003 was removed in July 2015.

[ Related: Windows 7 to Windows 10 migration guide ]

"If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows," Simon Pope, director of incident response at the Microsoft Security Response Center, asserted in a post to a company blog. "Even so, we are making fixes available for these out-of-support versions of Windows."

To read this article in full, please click here

Gregg Keizer

Do Apple devices need anti-virus software?

1 month 1 week ago

Apple’s devices are far better defended against malware and viruses than other platforms, but does that mean they don’t need anti-virus software?

No, yes, and maybe

I’ve lost track of the number of times Mac users have told me Macs don’t need virus protection because the machines are inherently more robust against such attacks.

I’ve also lost count of how many security researchers have said that Apple devices are becoming more liable to being attacked as their market share grows.

Both are right. Both are wrong.

To read this article in full, please click here

Jonny Evans

WhatsApp attacked by spyware | TECH(feed)

1 month 1 week ago
WhatsApp’s recent spyware hack took advantage of a security vulnerability and allowed attackers to access private, digital communication. In this episode of TECH(feed), Juliet walks through the hack, who was affected and how you can secure your devices ASAP.

If you’re running Windows XP, 7 or associated Servers, patch them

1 month 1 week ago

As of very early Wednesday morning, I don’t hear any loud screams of pain from the May Patch Tuesday bumper crop of patches. There’s still much we don’t know about the “WannaCry-like” security hole in pre-Win8 versions of Windows — more about that in a moment — but all indications at this point lead me to believe that it’s smarter to patch now and figure out how to fix any damage later.

The cause is a bug in Microsoft’s Remote Desktop Services that can allow an attacker to take over your earlier-generation Windows PC if it’s connected to the internet. Not all machines are vulnerable. But the number of exposed machines — the size of the honey jar — makes it likely that somebody will come up with a worm shortly.

To read this article in full, please click here

Woody Leonhard

The iPhone user's guide to the WhatsApp hack attack

1 month 1 week ago

Hackers have used a security bug inside WhatsApp to install spyware through an infected WhatsApp voice call, and Apple users are affected.

What WhatsApp users need to do

If you are one of the 1.5 billion people who use WhatsApp, you should immediately update both your app and your iOS software to the latest version.

The app update includes fixes that should prevent hackers from taking over your iPhone, while future Apple updates will also likely address these flaws.

[ Related: Apple is learning why shortcut security is a bad idea ] What is the threat?

Israeli hackers from a company called the NSO Group developed the spyware specifically so they could get into people’s devices.

To read this article in full, please click here

Jonny Evans

Why Microsoft is building a Bitcoin-based ID verification system

1 month 1 week ago

After more than a year in development, Microsoft has chosen Bitcoin as the blockchain platform for a decentralized identification (DID) verification system that will allow users to have secure access to an online persona via an encrypted database hub.

The implications of the new ID network could include the elimination of passwords. A company would be able to verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer could verify their identity for a loan without exposing personally identifiable information – again with a click of a button.

To read this article in full, please click here

Lucas Mearian

Business laptop? $1,000. Sending away the thief? Priceless.

1 month 1 week ago

The time is 2001, not long after 9/11, and the place is New York City. Heightened security awareness is the order of the day, and everyone in pilot fish’s office is required to carry an access card that activates the office doors. Look out for tailgaters, they’re all told. Those are people dressed like professionals who slide in behind someone with an access card and then steal wallets, coats and more.

One morning, fish arrives at the office and passes a man in business-casual attire carrying a laptop tucked under his arm and headed for the elevators. Fish doesn’t recognize the fellow, but he does know the co-worker who is running behind him, calling for someone to call building security and the police. The co-worker had returned to an empty desk just seconds after this tailgater had snatched his laptop, well before the tailgater could make a clean getaway.

To read this article in full, please click here

Sharky

No, Google, Apple's privacy is not a luxury item

1 month 2 weeks ago

Why is privacy a luxury? Possibly because surveillance capitalist firms have subsidized product prices by collecting and trading in the personal data of the people that use their products, enabling them to sell hardware cheap.

The consequences of convenience

The crux of Google CEO Sundar Pichai’s argument against firms such as (obviously including but never named) Apple is that his company offers convenience in exchange for personal secrets, makes its services available for free, and has a “profound commitment” to protecting user privacy.

To read this article in full, please click here

Jonny Evans

The SAP/Apple partnership changes everything

1 month 2 weeks ago

SAP and Apple are working together to help businesses build applications that use Apple’s machine learning and augmented reality (AR) technologies.

Apple is the enterprise

Apple CEO Tim Cook joined SAP CEO Bill McDermott at the latter company’s SAPPHIRE conference to announce the news.

“A man who is the last to accept the status quo, and the first to change it,” said McDermott introducing Cook.

[ Related: AR in the enterprise: Tips for a better augmented reality app ]

Since entering into a business app development partnership with Apple in 2016, SAP has become an increasingly Apple-based business with around 100,000 Apple devices in use across the company.

To read this article in full, please click here

Jonny Evans

Mozilla issues fix after it lets cert expire and Firefox add-ons go belly-up

1 month 2 weeks ago

Mozilla over the weekend scrambled to come up with a fix for a bug that crippled most Firefox add-ons.

Engineers issued an update for the desktop browser Sunday afternoon that addressed the issue. That update followed a Saturday hotfix released via a little-known component that lets Mozilla feed pre-release code to Firefox users and then collect data from the browser.

[ Further reading: 14 must-have Firefox add-ons ]

The problem was traced to the certificate used by Mozilla to digitally sign Firefox extensions. When the organization neglected to renew the certificate, Firefox assumed the add-ons could not be trusted - that they were, in other words, illegitimate at best, potentially malicious at worst - and then disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here

Gregg Keizer

Now’s the time to install the April Windows and Office patches

1 month 3 weeks ago

April was a tough month for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 customers who ran specific antivirus products. Blue screens, freezes, slow-as-sludge drippings all bedeviled a large number of Sophos, Avira, Avast, AVG and even McAfee users.

Looks like we’re over that hump, with the AV manufacturers scurrying to fix their wares.

To read this article in full, please click here

Woody Leonhard

Wayback Wednesday: At least he asked

1 month 3 weeks ago

Malware from the web is slowly becoming a problem where this support pilot fish works.

“We have about two tickets a week with users saying they have thousands of viruses and they need to download software,” says fish.

“Now, every machine has virus protection, and everyone runs locked-down in user-only mode to prevent the rogue installation of software. But we have decided we need to increase our user awareness after the following ticket was received at the help desk:

“‘I just received an ominous warning that my computer was infected with several viruses. I tried running the program to remove these viruses (as it indicated for me to do), but I’m not sure it worked.

To read this article in full, please click here

Sharky

Microsoft tells IT admins to nix 'obsolete' password reset practice

1 month 3 weeks ago

Microsoft last week recommended that organizations no longer force employees to come up with new passwords every 60 days.

The company called the practice - once a cornerstone of enterprise identity management - "ancient and obsolete" as it told IT administrators that other approaches are much more effective in keeping users safe.

[ Related: The best places to find Windows 10 ISOs ]

"Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don't believe it's worthwhile for our baseline to enforce any specific value," Aaron Margosis, a principal consultant for Microsoft, wrote in a post to a company blog.

To read this article in full, please click here

Gregg Keizer

Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing

1 month 3 weeks ago

You have to wonder who’s testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn’t show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month – the mythical “E week” that Microsoft never talks about – so the month may yet end with both a bang and whimper.

To read this article in full, please click here

Woody Leonhard

Why wearables, health records and clinical trials need a blockchain injection

1 month 3 weeks ago

TORONTO – The opportunity exists in healthcare to hand over control of medical records to patients who can choose not only what info providers can see but what personal data gets added to records via wearables, genomics and even lifestyle choices.

And once patients begin accumulating more data about themselves in personal health records (PHRs), they can opt to anonymize that information and sell it to researchers, vastly expanding the pool of information available for clinical studies.

[ Further reading: Blockchain: The complete guide ]

Because no data is as sensitive as a medical record, being able to assure its security and immutability through blockchain encryption represents a unique opportunity to "repatriate" and "monetize" that record for the patient, according to Dr. Eric Hoskins, chair of Canada's Federal Advisory Council on the Implementation of National Pharmacare.

To read this article in full, please click here

Lucas Mearian

FedEx CIO: It’s time to mandate blockchain for international shipping

1 month 4 weeks ago

TORONTO -- When railroad tracks were first laid across the western U.S., there were eight different gauges all competing to dominate the industry – making a nationwide, unified rail system impossible; it took an act of Congress in 1863 to force the adoption of an industry standard gauge of 4-ft., 8-1⁄2 inches.

FedEx CIO Rob Carter believes the same kind of thing needs to happen for blockchain to achieve widespread enterprise adoption.

[ Further reading: Blockchain: The complete guide ]

While the promise of blockchain to create a more efficient, secure and open platform for ecommerce can be realized using a proprietary platform, it won't be a global solution for whole industries now hampered by a myriad of technical and regulatory hurdles. Instead, a platform based on open-source software and industry standards will be needed to ensure process transparency and no one entity profits from the technology over others.

To read this article in full, please click here

Lucas Mearian

Apple edges closer to cursory code review for all Mac apps

2 months ago

Apple will soon make a code review mandatory for all applications distributed outside its own Mac App Store by new developers, a first step towards requiring all Mac software to pass similar reviews.

The Cupertino, Calif. company argued that the process, which it calls "notarization," would build a more secure macOS environment. "We're working with developers to create a safer Mac user experience through a process where all software, whether distributed on the [Mac] App Store or outside of it, is signed or notarized by Apple," the company stated in an April 10 message on its developer portal.

To read this article in full, please click here

Gregg Keizer

Security theater, ’80s style

2 months ago

It’s the late 1980s and pilot fish is working on business application development for an aerospace and defense contractor where physical security is surprisingly lax. There’s a guard on duty at the front desk during business hours, but that’s about the extent of it. That changes with the announcement that all personal gear will be subject to inspection on leaving the building.
Now there are guards 24/7, and everyone leaving the building is politely requested by those guards to open their briefcases and backpacks. The guards then take a look inside before waving the owners through.
Rumor has it that this security push came about because some Apple Mac computers have gone missing. And it continues for about six months, and then suddenly ceases.
What happened? Employees have to rely on rumor again, which holds that the cleaning crew had taken the Macs, which makes sense given that large, wheeled trashcans would make the job easy.
The exit checks never turned up anything, but even law-abiding pilot fish can’t help but notice that it would be pretty easy to cover any contraband in a bag with a few clothes or newspapers and never be discovered, given the cursory nature of the searches.

To read this article in full, please click here

Sharky
Checked
5 minutes 53 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.