ComputerWorld – Page 52 – PossibleThreat Articles

But I’m still me

October 21, 2019 0 Comments passwords, Security

Credit to Author: Sharky| Date: Mon, 21 Oct 2019 03:00:00 -0700

Longtime user at a big bank can’t access the archiving system, the intranet kicks her back to the login screen, and the attendance system that pilot fish supports never heard of her. She’s frantic to be recognized by the system, and she starts flooding the IT department with calls — not just the help desk, but operations and individual IT employees as well.

Everyone who gets a call is solicitous and sympathetic, and they all run down the list of questions that could rule out scenarios. Did she get a new PC? No. Did she change offices? No. Is anyone else affected? No. So what is going on?

The answer is simple after all. The woman had just gotten married, and upon her return from her honeymoon, she started using her new last name with every application — without first requesting to have her name changed in any applications. What isn’t so simple is understanding why she never thought to try logging in with her maiden name.

To read this article in full, please click here

ComputerWorld Independent

Why we need Apple’s HomeKit-enabled routers

October 16, 2019 0 Comments Apple, iOS, Mobile, Security

Credit to Author: Jonny Evans| Date: Wed, 16 Oct 2019 06:47:00 -0700

How secure are the connected smart devices you keep in your home? How much protection have you put in place, and have you even taken a minute to change your default router password?

Computer says no

The truth is many smart home device users (and those running connected devices in smart offices, enterprises, manufacturing and beyond) may not yet have taken stock of their security.

This is a particular problem when it comes to older smart devices, many of which are still in use even though a large number of them shipped with weak or non-replaceable factory default passcodes.

To read this article in full, please click here

ComputerWorld Independent

Microsoft’s Windows, Office 365 advice for secure elections

October 16, 2019 0 Comments Security, Windows

Microsoft has issued guidance and offered resources to help election officials and candidate campaigns to better protect their Windows and Office 365 systems.

ComputerWorld Independent

9 ways to use Windows 7 (safely) when support ends

October 15, 2019 0 Comments IT Strategy, Security, Windows, Windows Security

Credit to Author: Andy Patrizio| Date: Tue, 15 Oct 2019 11:51:00 -0700

With support ending in January, our Windows 7 Survival Guide for 2020 offers ways to protect your older machines that can't or won't be upgraded.

ComputerWorld Independent

A Chrome security setting you shouldn't overlook

October 10, 2019 0 Comments Browsers, chrome, Security, Software

Credit to Author: JR Raphael| Date: Thu, 10 Oct 2019 09:09:00 -0700

We spend tons o’ time talking about Android security settings — like the added Android 10 option to limit how and when apps are able to access your location. Often lost in the shuffle, though, is the fact that the Chrome desktop browser has some significant security options of its own, and they’re just as critical to consider.

In fact, Chrome has an easily overlooked setting that’s somewhat similar to that new location control feature in Android. It’s attached to every Chrome extension you install, as of not that long ago, and it lets you decide exactly when an extension should be able to see what you’re doing on the web and be made privy to all the details (yes, even those details) of your browsing activity.

To read this article in full, please click here

ComputerWorld Independent

Top enterprise VPN vulnerabilities

October 8, 2019 0 Comments Security, Windows

Don’t assume VPNs are always safe. These popular enterprise VPNs all have known remote code execution vulnerabilities.

ComputerWorld Independent

IoT dangers demand a dedicated group

October 4, 2019 0 Comments it governance, IT Leadership, Mobile, Security

Credit to Author: Evan Schuman| Date: Fri, 04 Oct 2019 13:31:00 -0700

The internet of things (IoT) brings with it a wide range of IT security headaches, along with compliance nightmares — and turf wars.

Internal problem No. 1: Departments that typically have little to no interactions with IT are now directly ordering corporate IoT devices. Maybe you’ve got Facilities purchasing IoT door locks or Maintenance buying a ton of IoT light bulbs. Given that those departments have been purchasing door locks and light bulbs for as long as anyone can remember and have never needed IT or security’s signoff, this can be a problem.

Internal problem No. 2: In many ways, IoT devices (think of devices for tracking pallets on ships or for monitoring where every fleet car is and how fast it’s been driven) are very different from anything else that IT or security has dealt with. The units are capturing data that has never been tracked before — Hello, Compliance. Go away, GDPR regulator — and in different ways, such as bypassing enterprise LANs and cloud networks and using internal antennas to directly communicate.

To read this article in full, please click here

ComputerWorld Independent

Will 5G increase mobile security?

October 4, 2019 0 Comments 5G, data breach, Mobile, Mobile Security, Security, Wi-fi

Credit to Author: Jack Gold| Date: Fri, 04 Oct 2019 08:22:00 -0700

We love our smartphones, but there's a dark side. Their prevalence and users’ tendencies to connect over public Wi-Fi make mobile devices a common target of bad guys. Analyst Jack Gold looks at how to mitigate the risk.

ComputerWorld Independent

Microsoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day

October 4, 2019 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Fri, 04 Oct 2019 06:49:00 -0700

You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn’t go out through Windows Update, or through the Update Server.

Sept. 24: Microsoft released “optional, non-security” cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn’t bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they’re “optional” and “Preview,” which means most savvy individuals and companies won’t install them until they’ve been tested.

To read this article in full, please click here