Skip to main content
Please wait...

Apple announces a new iPhone (and you can’t have it)

2 months 1 week ago

Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers – along with huge bounties to anyone alerting the company to a new OS vulnerability.

Probably the world’s most exclusive iPhone

Ivan Krstić, Apple’s head of security engineering, provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019.

To read this article in full, please click here

Jonny Evans

The best privacy and security apps for Android

2 months 1 week ago

Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android features are more than enough to keep most devices safe.

To read this article in full, please click here

JR Raphael

Many VPN apps on Apple’s App store can’t be trusted, researcher warns

2 months 1 week ago

I’m told Apple is at last looking into the privacy and security of free VPN apps made available across its platforms, following a report from researcher, Simon Migliano.

Who owns your VPN service?

The researcher has flagged up several concerns that really should be recognized by anyone choosing a VPN service from both the Apple and Google App Stores:

  • Ownership: Migliano claims that almost 60 percent of the most popular VPN apps are actually owned (sometimes opaquely) by Chinese companies.
  • Privacy: The researcher also found that as many as 77% of these VPN apps may have what he calls “serious privacy flaws”,including no privacy policy at all, generic policies with no mention of VPN or no detailed logging policy.
  • Data protection: Migliano claims Apple is not enforcing its third-party data-sharing ban against VPN apps, with 80 percent of the top free VPN apps “in breach of the rules”, he said. Many are sharing data with third parties, he claims.

That last allegation is particularly concerning.

To read this article in full, please click here

Jonny Evans

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.

2 months 1 week ago

One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That's far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn't work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that's often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

To read this article in full, please click here

Evan Schuman

Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business

2 months 1 week ago

Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.

With Windows 10 1903, aka "Windows 10 May 2019 Update," which debuted in late May, organizations no longer are required to set the "diagnostic data level" for their devices to "Basic" or higher.

[ Related: Windows 10 May 2019 Update: Key enterprise features ]

That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed "telemetry," the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.

To read this article in full, please click here

Gregg Keizer

Slack beefs up mobile security controls for Enterprise Grid

2 months 1 week ago

Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack’s biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here

Matthew Finnegan

Train to become an ethical hacker for only $39

2 months 1 week ago

There are countless hackers and threats looming on the internet, so IT departments are in high demand for cybersecurity professionals to pinpoint threats before they strike. Luckily, there’s no better way to fight fire than with fire; ethical hackers study hacking techniques so that IT infrastructures will be better prepared for attacks. If you’re interested in becoming a hacker (legally, of course), then this $39 bundle is right for you.

To read this article in full, please click here

DealPost Team

Apple suspends Siri snooping (and promises more control for the rest of us)

2 months 2 weeks ago

Apple has once again proved that it listens to valid criticism with the immediate global suspension of the Siri listening program that attracted so much controversy.

When it comes to privacy, Siri listens

At issue was quality control.

A small number of conversational snippets were shared with third party human contractors for quality control purposes.

To read this article in full, please click here

Jonny Evans

The latest large-scale data breach: Capital One | TECH(feed)

2 months 2 weeks ago
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

How an attacker can target phishing attacks

2 months 2 weeks ago
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

Microsoft Patch Alert: Welcome to the Upside Down

2 months 2 weeks ago

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions... and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here

Woody Leonhard

Apple’s shock Siri surveillance demands a swift response

2 months 3 weeks ago

News that Siri records snippets of our conversations with the voice assistant isn’t new, but claims that those short recordings are listened to by human agents is — particularly in light of the company’s big push on privacy.

These are bad optics for Apple

I’m a passionate believer in the importance of privacy.

It isn’t only important in terms of preserving hard-won liberties and protecting public discourse; it’s also of growing importance across every part of human existence — for every school, medical facility, or enterprise. History shows that the absence of privacy has a corrosive effect on society, turning family members against each other and dampening innovation.

To read this article in full, please click here

Jonny Evans

Android security: Analysis, advice, and next-level knowledge

2 months 3 weeks ago

It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here

JR Raphael

Mozilla blames 'interlocking complex systems' and confusion for Firefox's May add-on outage

2 months 3 weeks ago

Mozilla has issued multiple after-action reports analyzing the major mix-up in May that crippled most Firefox add-ons. The reports also made recommendations for preventing similar incidents in the future.

The fiasco started just after 8 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted - that they were potentially malicious - and disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here

Gregg Keizer

Researchers to launch intentionally ‘vulnerable’ blockchain at Black Hat

2 months 3 weeks ago

Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm  Kudelski Security next week plans to launch the industry’s first "purposefully vulnerable" blockchain – and will demo it at next month's Black Hat conference.

Kudelski Security’s FumbleChain project is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.

[ Read the Download: Beginner's guide to blockchain special report ]

The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it's modular – allowing users to hack and add new challenges to promote continuous learning.

To read this article in full, please click here

Lucas Mearian

5 smart questions that'll smother most Android security scares

2 months 3 weeks ago

I haven't looked at today's tech news too closely just yet, but I have a sneaking suspicion some evil-sounding virtual gremlin or other is probably on the brink of invading my smartphone, stealing my secrets, and setting me up for a lifetime of dread and despair.

He might even be covertly eating all the salty snacks from my kitchen this very second. ALL THE SALTY SNACKS, DAMN IT!

I don't have to scan the headlines too closely to know there's a decent chance of all of this happening — because all of this happens practically every other week here in the Android world. A solid few to several times a month, it seems, some hilariously named and made-to-seem-scary new piece of malware (ViperRat! Desert Scorpion! Ooga-Booga-Meanie-Monster!) is making its way onto our phones and into our lives. Or so we're told, rather convincingly and repeatedly. (All right, so I may have made Ooga-Booga-Meanie-Monster up just now, but c'mon: It's probably only a matter of time til we see something using that name.)

To read this article in full, please click here

JR Raphael
Checked
6 minutes 35 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.