8 reasons why you should strengthen your iOS passcode today

Every enterprise IT manager knows the ghastly truth: the biggest security weaknesses in any system are the humans using it. So, if you are one of the nearly one-in-ten iOS users (or even the one-in-three Android users) who don’t use a passcode, if you happen to be one of the many who use the same passcode for everything, or even one of the 15 percent of users who still insist on using any of these ten passcodes, then this article is for you. It’s time to toughen up. Here’s why:

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

How IT should prep for Apple's public OS betas

As has become Apple’s standard practice in recent years, the company will soon roll out public betas of iOS 11 and macOS High Sierra. Both are expected to arrive by the end of June.

Public betas can be useful for Apple and other tech companies. They accelerate feedback and can ensure that bugs — including ones that internal testing might not spot — get fixed before the final version of an operating system ships. And because public betas are exciting for early adopters who want to play with new features of an upcoming upgrade before everyone else, they tend to generate useful buzz.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

The price of security is eternal phone calls

This city government is going through an extended validation process with one of its IT security providers, according to a pilot fish in the loop.

“I got an email that said to call them, since they couldn’t reach me at the number they had,” fish says. “That’s no surprise, because the number isn’t mine — it’s our Human Resources main line.

“I’ve told them in the past to call me at my actual number for this, but they always insist that they need a ‘published’ number.”

After yet another round of this for the new security certification, fish calls customer support for the security outfit and suggests they replace the HR number with the number for the city’s IT department. That’s on the city’s official website, so it should qualify as “published.”

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

The 2 cloud security myths that must die

There seem to be two groups of people out there when it comes to cloud security: There are those who believe that public clouds are systemically unsafe, and those who believe clouds are impenetrable.

They’re both wrong. Both of these myths are dangerous, and so they need to die.

Kill this myth: If my data is in a pubic cloud, it’s inherently unsafe

The thinking goes like this: Because I can’t see it or touch it, others can steal it.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

Rogue cell phone surveillance gives rise to mobile threat defense

Researchers have created a device using off-the-shelf components that can sniff out controversial cell phone surveillance devices, known as IMSI-catchers or StingRays, used by federal and state law enforcement as well as hackers.

The International Mobile Subscriber Identity-catchers have not only been used to locate mobile devices but also to sometimes eavesdrop on users, send spam or upload malware, according to University of Washington (UW) security researchers.

“The threats remain the same when looking at enterprises: tracking and, under certain circumstances, eavesdropping are possible through this attack,” said Dionisio Zumerle, a Gartner research director for Mobile Security. “The attack requires technical expertise and equipment that was once hard to find; today it is easier and that is the main source of concern.”

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Microsoft resurrects Windows XP patches for second month straight

Microsoft today followed May’s unprecedented release of security updates for expired operating systems, including Windows XP, by issuing another dozen patches for the aged OS.

The Redmond, Wash., company cited fears of possible attacks by “nation-states,” a label for government-sponsored hackers or foreign intelligence services, for the updates’ release. “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” said Adrianne Hall, general manager, issues and crisis management, for Microsoft.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

What Microsoft owes customers, and answers to other 'WannaCry' questions

A month ago, Microsoft took the unprecedented step of issuing security patches for Windows XP, an edition supposedly interred in Support Cemetery more than three years ago.

The decision to help aged personal computers running Windows XP — as well as also-retired Windows 8 and Windows Server 2003 — was intended to slow the spread of the “WannaCry” ransomware, which encrypted files on hundreds of thousands of PCs worldwide. The cyber criminals than tried to extort payments from the machines’ owners in return for unlocking the files.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Predict – Prevent – Detect – Analyse – Respond | Cyber Security