Credit to Author: Jonny Evans| Date: Fri, 02 Aug 2019 04:27:00 -0700
Apple has once again proved that it listens to valid criticism with the immediate global suspension of the Siri listening program that attracted so much controversy.
At issue was quality control.
A small number of conversational snippets were shared with third party human contractors for quality control purposes.
Every year, thousands of hackers arrive in Las Vegas for three large security conferences — DEF CON, Black Hat and Bsides Las Vegas — taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.
Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700
This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.
As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.
Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.
Credit to Author: Jonny Evans| Date: Mon, 29 Jul 2019 07:51:00 -0700
News that Siri records snippets of our conversations with the voice assistant isn’t new, but claims that those short recordings are listened to by human agents is– particularly in light of the company’s big push on privacy.
I’m a passionate believer in the importance of privacy.
It isn’t only important in terms of preserving hard-won liberties and protecting public discourse, it’s also of growing importance across every part of human existence, for every school, medical facility or enterprise. History shows that the absence of privacy has a corrosive effect on society, turning family members against each other and dampening innovation.
Credit to Author: JR Raphael| Date: Fri, 26 Jul 2019 09:39:00 -0700
It’s tough to talk about Android security without venturing into sensational terrain.
A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let’s face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.
In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I’ve been covering Android security closely since the platform’s earliest days, and I’ve busted more myths and called out more shameless publicity stunts than I can even count at this point.
Credit to Author: Gregg Keizer| Date: Fri, 26 Jul 2019 03:00:00 -0700
Mozilla has issued multiple after-action reports analyzing the major mix-up in May that crippled most Firefox add-ons. The reports also made recommendations for preventing similar incidents in the future.
The fiasco started just after 8 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted – that they were potentially malicious – and disabled any already installed. Add-ons could not be added to the browser for the same reason.
Credit to Author: Lucas Mearian| Date: Thu, 25 Jul 2019 14:06:00 -0700
Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm Kudelski Security next week plans to launch the industry’s first “purposefully vulnerable” blockchain – and will demo it at next month’s Black Hat conference.
Kudelski Security’s FumbleChain project is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.
The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it’s modular – allowing users to hack and add new challenges to promote continuous learning.
Credit to Author: JR Raphael| Date: Thu, 25 Jul 2019 03:00:00 -0700
I haven’t looked at today’s tech news too closely just yet, but I have a sneaking suspicion some evil-sounding virtual gremlin or other is probably on the brink of invading my smartphone, stealing my secrets, and setting me up for a lifetime of dread and despair.
He might even be covertly eating all the salty snacks from my kitchen this very second. ALL THE SALTY SNACKS, DAMN IT!
I don’t have to scan the headlines too closely to know there’s a decent chance of all of this happening — because all of this happens practically every other week here in the Android world. A solid few to several times a month, it seems, some hilariously named and made-to-seem-scary new piece of malware (ViperRat! Desert Scorpion! Ooga-Booga-Meanie-Monster!) is making its way onto our phones and into our lives. Or so we’re told, rather convincingly and repeatedly. (All right, so I may have made Ooga-Booga-Meanie-Monster up just now, but c’mon: It’s probably only a matter of time til we see something using that name.)