Jamf buys ZecOps to bring high-end security to Apple enterprise
The Apple-in-the-enterprise story continues to unfold, this week with Jamf's announced plans to acquire mobile threat detection and response company ZecOps.Already consumer-simple, Jamf becomes government secure
Jamf will likely reveal more about the motivations behind the deal at its JNUC event...
Windows 11 2022 Update is the version enterprises can move to
Microsoft today announced the rollout of the first major feature upgrade to Windows 11. Many of the changes are incremental and focus on user interface and productivity enhancements, but there are some useful additions — including a new password...
Critical zero-days make September's Patch Tuesday a 'Patch Now' release
With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities (CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month's Patch Tuesday release gets a "Patch Now" priority. Key testing areas...
Sadly, IT can no longer trust geolocation for much of anything
Geolocation was once a glorious way to know who your company is dealing with (and sometimes what they are doing). Then VPNs started to undermine that. And now, things have gotten so bad that the Apple App Store and...
When Windows updating goes bad — the case of the problematic patch
Every month, Windows users and administrators receive updates from Microsoft on Patch Tuesday (or Wednesday, depending on where you're located). And each month, most users all apply the same updates. But should we? Case in point: KB5012170, a patch released...
Apple wasn’t fooling when it said it wanted to make Macs more secure
When Craig Federighi, Apple’s senior vice president of software engineering last year said, “We have a level of malware on the Mac that we don’t find acceptable,” he apparently really meant it. And Apple seems to be doing about...
Apple pushes out emergency updates to address zero-day exploits
Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take...
Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach
The four-year-old lawsuit claimed Facebook allowed the British political consulting firm access to private data of over 80 million users.
What is Managed Device Attestation on Apple platforms?
Announced at WWDC 2022, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.Secure the endpoints, not the end times
This adjustment reflects a reality shift. Work doesn’t happen on specific...
Planned ‘fixes’ for credit-card interchange fees will actually make fraud easier
I love it when organizations try and do something good, but don’t think things through and end up delivering unintended negative consequences.Today’s case in point: the US Senate and the Federal Reserve, both of whom are looking to reduce...
Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android...
What is USB Restricted Mode in macOS Ventura, and why do you want it?
Once upon a time, one attack vector for industrial sabotage consisted of exfiltrating data from Macs using a standard-issue USB storage card. Researchers have also shown that it’s possible to hijack computers with malware-infested cables. It’s a jungle out there, so...
Q&A: How employee monitoring can sometimes do more harm than good
Digital surveillance in the workplace became a growing concern for many workers during the COVID-19 pandemic, with a reported increase in use of productivity monitoring tools to track staffers working from home or “gig workers” subject to location and productivity monitoring...
Patch Tuesday update addresses 123 vulnerabilities, two critical zero-days
Microsoft's August Patch Tuesday release addresses 123 security issues in Microsoft Windows, Office, Exchange (it's back!) and Visual Studio — and unfortunately, we have two zero-days with reports of active exploitation in the wild. Since this is a broad update,...
Microsoft urges Windows users to run patch for DogWalk zero-day exploit
Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible.The vulnerability, known...
Ukraine fears ‘massive’ Russian cyberattacks on power, infrastructure
Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…
BrandPost: Extortion Economics: Ransomware’s New Business Model
Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And...
Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says
Purported hackers post ultimatum demanding $1m within four days after massive Optus data breachFollow our Australia news live blog for the latest updatesGet our free news app, morning email briefing or daily news podcastThe chief executive of Optus, Kelly...
Barracuda Unveils New Capabilities To Protect Against Persistent And Evolving Threats
Barracuda announced a number of product enhancements and innovative new capabilities at its recent Secured.22 virtual conference to expand the protection for customers and help them defend against the latest cyber threats.
Zoho ManageEngine flaw is actively exploited, CISA warns
A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities...
