For March's Patch Tuesday, no zero-day flaws

Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they’re just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

To read this article in full, please click here

Read more

Apple warns of increased iPhone security risks

Apple is telling European customers that new EU competition laws will make iPhones less safe once the company is forced to open up its platforms to third-party App Stores. The company, not exactly happy about this, has published a 32-page white paper where it spells out the risks arising from the EU’s big experiment.

The EU’s formal adoption of the Digital Markets Act (DMA) means Apple must make several changes to its App Store and business models. Changes include the introduction of support for third-party app stores, opening up to payment systems other than Apple Pay, and more.

To read this article in full, please click here

Read more

Miro boosts security for its visual collaboration app

Miro has unveiled a set of security tools designed to help businesses protect sensitive data shared on its digital whiteboard application. The new Miro Enterprise Guard includes features to automate detection and classification of sensitive data, manage content for legal audits, and provide IT admins with greater control over encryption.

Visual collaboration is one of the fastest-growing areas of the wider collaboration software market, according to IDC. Digital whiteboard apps provide a shared canvas for co-workers to brainstorm ideas and plan projects, with Miro competing against the likes of Mural, Figma, Microsoft and others.

To read this article in full, please click here

Read more

Microsoft fixes two zero-days with Patch Tuesday release

Microsoft on Tuesday released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe and two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).

Including the recent reports that the Windows SmartScreen vulnerability (CVE-2024-21351) is under active exploitation, we have added “Patch Now” schedules to Microsoft Office, Windows and Exchange Server. The team at Readiness has provided this detailed infographic outlining the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Read more

Russia hacks Microsoft: It’s worse than you think

Another day, another hack of Microsoft technology. Ho-hum, you might think, this has happened before and will happen again — as surely as the sun rises in the morning and sets at night.

This time is different. Because this time the targets weren’t Microsoft customers, but rather the top echelons of Microsoft itself. And the hacker group, called Midnight Blizzard, or sometimes Cozy Bear, the Dukes, or A.P.T. 29, is sponsored by Russia’s Foreign Intelligence Service (and has been since at least 2008).

To read this article in full, please click here

Read more

10 must-have security tips for digital nomads

Ive been a digital nomad since 2006. Since then, I’ve spent more time abroad than in the United States, working all the while, no matter where. And I’ve learned a lot about safety, security and privacy in specific locations on the European, African, and American continents — often the hard way.

Lots of people travel for business or vacation. The difference with digital nomads abroad (and bleisure and workcation travelers) is that you’re more likely to be carrying your most expensive electronics, more likely to be staying at an Airbnb than a hotel, and more likely to be in serious trouble if you lose work computers and devices (not to mention passports and your wallet).

To read this article in full, please click here

Read more

For Patch Tuesday, 48 updates, no zero-day flaws

Microsoft has eased us into the new new year with just 48 updates for the Windows, Office and .NET platforms. There were no zero-days for January, and no reports of publicly exposed vulnerabilities or exploited security issues.

Developers of complex, line-of-business applications might need to pay particular attention to how Microsoft has updated the Message Queue system. Printing has been patched and minor updates to bluetooth and Windows shell sub-systems (shortcuts and wallpaper) require some testing before deployment.

The team at Readiness has crafted a useful infographic that outlines the risks associated with each of the updates for this January release.

To read this article in full, please click here

Read more

Security tips for Apple-using workers in co-working spaces

For Apple-using workers on the go, especially if you frequent shared co-working spaces or public places, don’t assume you’re as secure as you think you are.  

Co-working spaces are particularly under threat, in part because criminals have already figured out that the people using them are good targets for data theft, ransomware, and more.

They’ve also realized that at least some of those working from such spaces might well be part of, or connected with, larger corporate entities — meaning a successful data heist could unlock the gates to greater and more profitable kingdoms. There are useful resources from government and industry aimed at helping workers lock down their devices and data. In the US, for instance, the National Institute of Standards and Technology has published a useful guide to explain some of the risks, while the US Office of Personnel Management offered up even more useful advice.

To read this article in full, please click here

Read more

How to securely erase your Android device in 3 simple steps

It’s an inevitable moment in the smartphone-owning cycle: the point at which a newer, shinier model comes along and your trusty old device is no longer needed.

Maybe your company bought you a new Android phone. Maybe your old one was getting too slow. Or maybe you just love electronics and couldn’t resist the lure of whatever eye-catching new Android gizmo your favorite manufacturer started selling.

Whatever the case, it’s common nowadays to find yourself with an extra phone. And while there are plenty of practical uses for an old Android device, there’s also a time when the best choice is to sell, donate, or otherwise pass it along.

To read this article in full, please click here

Read more

For December, an exceptionally light Patch Tuesday

Over the past year, we’ve seen Microsoft make radical improvements in its browser stability and significant positive changes to its Windows update communication and telemetry strategies.  And this month’s Patch Tuesday release brings with it an incredibly light set of updates — maybe the fewest number of updates I have ever seen.

There are no zero-days, which is a great finish to 2023, though Windows gets three critical updates and Visual Studio will require immediate attention due to several re-releases of past critical application patches.

The team at Readiness has created a helpful infographic to outline the risks associated with each update in this last release of 2023. One note of caution: we have seen several potential updates to older patches (October/November) potentially coming down the release pipeline from Microsoft. It might be worth checking in during the upcoming holiday break to see whether there are any out-of-band patches for the Windows ecosystem.

To read this article in full, please click here

Read more