Credit to Author: BrianKrebs| Date: Tue, 10 Dec 2019 16:46:05 +0000
CISO Magazine, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue.
Read more
Credit to Author: JR Raphael| Date: Tue, 10 Dec 2019 04:00:00 -0800
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.
As we’ve discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you’ll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?)
Credit to Author: Gregg Keizer| Date: Mon, 09 Dec 2019 11:05:00 -0800
Microsoft will not provide new malware signatures for its home-grown Security Essentials software after it retires Windows 7 in five weeks.
“No, your Windows 7 computer is not protected by MSE ((Microsoft Security Essentials)) after January 14, 2020,” the company said in a support document mainly concerned about the Extended Security Updates (ESU) being shilled to enterprises. “MSE is unique to Windows 7 and follows the same lifecycle dates for support.”
Security Essentials, a free antivirus (AV) program that launched in 2008, was originally limited to consumers. However, in 2010, Microsoft expanded the licensing to small businesses, defined as those with 10 or fewer PCs. Two years after that, MSE was replaced by Windows Defender with the launch of Windows 8.
Credit to Author: BrianKrebs| Date: Sat, 07 Dec 2019 21:17:24 +0000
A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service.
Read more
Credit to Author: Jonny Evans| Date: Fri, 06 Dec 2019 07:05:00 -0800
That story going round that claims iPhone 11 devices are secretly harvesting your location information even though you’ve told them not to do so? You don’t need to worry about it, and here’s why:
The tale begins when a security researcher noticed the devices seemed to be sending out location data even when Location Services were switched off on the iPhone.
He thought this was weird, but Apple reassured him that this was “expected behaviour” – and while the company took a little time to figure out what to say about this, it’s answer is convincing, once you know what it means.
The matter relates to iPhone 11’s U1 chip, which brings in an exciting (yet veteran) technology called Ultra Wideband (UWB).
Credit to Author: BrianKrebs| Date: Thu, 05 Dec 2019 19:46:02 +0000
KrebsOnSecurity ran a story this week that puzzled over Apple’s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this behavior is tied to the inclusion of a new short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.
Read more
Credit to Author: Woody Leonhard| Date: Thu, 05 Dec 2019 07:46:00 -0800
The November passel of patches didn’t include anything earth-shattering; there were no emergency security breaches storming the gates, but good patching hygiene dictates that you get your machine braced for the next round.
If you install patches manually one by one (“Group B,” which I don’t recommend for mere mortals), you need to make sure you have the proper Servicing Stack Updates in place. They’ve all changed in the past month.
Credit to Author: Sharky| Date: Thu, 05 Dec 2019 03:00:00 -0800
It’s the late 1980s, and this pilot fish is working as a teller at small suburban bank with a few branches.
“Automation is catching on, but slowly,” says fish. “We have terminals to process deposits, withdrawals and money orders — but at the end of the day, the branch manager still takes our totals and enters them into a handwritten ledger.”
The terminals use a text-based menu for everything, but for some operations that require a manager’s approval — say, printing a cashier’s check — the manager must walk over, hold down an override key and type in a password to let the teller access the check-printing menu.
Fish notices that the console beeps now and then during the password process. But it doesn’t happen every time, and there’s no pattern he can detect.
Credit to Author: BrianKrebs| Date: Wed, 04 Dec 2019 03:51:15 +0000
One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.
Read more
Credit to Author: Woody Leonhard| Date: Tue, 03 Dec 2019 10:29:00 -0800
What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.
November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).