Sunday, November 24, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Mobile

ComputerWorld Independent 

It's time to secure the Apple enterprise

admin , , , ,

Credit to Author: Jonny Evans| Date: Thu, 03 Mar 2022 09:35:00 -0800

It’s not unreasonable to assume that war in Ukraine will generate a wave of cyberattacks. That means every business or personal computer user should audit their existing security protections, particularly for companies that have embraced the hybrid workplace.

While larger enterprises usually employ Chief Information Security Officers (CISOs) and security consultants to manage such tasks, what follows is useful advice for Mac, iPad, and iPhone users seeking to start such an audit.  

To read this article in full, please click here

Read more
ComputerWorld Independent 

Behavioral Analytics is getting trickier

admin , ,

Credit to Author: Evan Schuman| Date: Mon, 28 Feb 2022 03:00:00 -0800

Behavioral analytics is one of the best authentication methods around — especially when it’s part of continuous authentication. Authentication as a “one-and-done” is something that simply shouldn’t happen anymore. Then again, I’ve argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms.

Oh well.

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they’re resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Second Israeli firm accused of undermining iPhones, like NSO Group

admin , , , ,

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800

As if recent revelations about NSO Group weren’t bad enough, yet another Israeli firm — QuaDream — has now been accused of using the same hack to undermine iPhone security.

QuaDream also used the hack, Reuters claims

A Reuters report has the details:

  • QuaDream made use of the same flaw to commit similar attacks against iPhones.
  • The company is smaller than NSO Group, but also sells smartphone hacking tools to governments.
  • Both companies used the same highly sophisticated “zero-click” ForcedEntry attack, which enabled them to remotely break into iPhones without an owner needing to click a malicious link.
  • Once deployed, attackers using the software could access messages, intercept calls, and use the device as a remote listening device. They also gained access to the camera and more.
  • Apple closed this vulnerability in September 2021.
  • It is believed NSO Group software was used to target the family of murdered Saudi journalist Jamal Khashoggi.

The news follows the revelation that the FBI also obtained NSO’s Pegasus spyware, but claims it did not use it. That  also follows another recent claim that NSO Group offered “bags of cash” in exchange for access to US cellular networks via the SS7 network.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Why Apple’s improved 2FA protection matters to business

admin , , , , ,

Credit to Author: Jonny Evans| Date: Tue, 01 Feb 2022 06:01:00 -0800

Apple has introduced a new layer of protection to its existing two-factor authentication (2FA) system, making it a little harder for phishing attacks to successfully steal valuable authentication credentials.

Given that Apple, PayPal, and Amazon were the top three brands used for successful phishing attacks last year, according to a recent Jamf report, this matters.

Phishing costs billions and is bad for business

Phishing is a huge problem. The scale of these attacks shot up during the pandemic. The FBI Internet Crime Report 2020 revealed that phishing attacks affected 241,342 victims in 2020, up from 114,702 in 2019, with adjusted losses of more than $54 billion. Verizon’s 2021 Data Breach Investigations Report confirmed that 36% of data breaches that year involved phishing.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Jamf CEO weighs in on Apple deployments and enterprise security

admin , , , ,

Credit to Author: Jonny Evans| Date: Thu, 27 Jan 2022 08:34:00 -0800

“Apple will become the number one device ecosystem in the enterprise by the end of this decade,” Jamf CEO Dean Hager told me while introducing an in-depth enterprise security trends report that enterprises should look at.

Apple continues to see incredible growth

The nature of enterprise IT is rapidly becoming multiplatform. Jamf recently shared some details concerning the rapid growth in Apple device deployments it is seeing in business. For example, it now has 60,000 active customers, up from 36,000 two years before that – and believes new services such as Apple Business Essentials will help maintain this growth.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Cellular networks revolt against Apple privacy moves

admin , , , , ,

Credit to Author: Jonny Evans| Date: Wed, 12 Jan 2022 09:43:00 -0800

Every time Apple attempts to inject a little more privacy into the digital world, it faces pushback – but the evidence suggests opponents would be better off going along for the ride.

A bigger business with more privacy

Take Do Not Track for ads and the move to quash IDFA tracking in iOS 14. When Apple first announced its plan, critics across the ad industry complained it would damage their business.

Apple counter-argued that it would simply inspire advertisers to think more creatively about how to reach customers — while also providing more privacy to those customers.  

To read this article in full, please click here

Read more
ComputerWorld Independent 

Google finds a nation-state level of attacks on iPhone

admin , ,

Credit to Author: Evan Schuman| Date: Tue, 11 Jan 2022 03:31:00 -0800

When it comes to mobile security, users are routinely warned to be extremely careful, avoid suspicious links, emails, and attachments. But the growth of no-click attacks sidesteps these soft defenses.

Google recently drilled into one such attack, which happened to have hit an iPhone. “We assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities (one vendor) provides rival those previously thought to be accessible to only a handful of nation states,” said the Google advisory.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Apple is sneaking around its own privacy policy — and will regret it

admin , , , ,

Credit to Author: Evan Schuman| Date: Fri, 07 Jan 2022 03:04:00 -0800

Apple has a rather complicated relationship with privacy, which it always points to as a differentiator with Google. But delivering on it is a different tale. 

Much of this involves the definition of privacy. Fortunately for Apple’s marketing people, “privacy” is the ultimate undefinable term because every user views it differently. If you ask a 60-year-old man in Chicago what he considers to be private, you’ll get a very different answer than if you asked a 19-year-old woman in Los Angeles. Outside the US, privacy definitions vary even more. Germans and Canadians truly value privacy, but even they don’t agree on what they personally consider private.

To read this article in full, please click here

Read more