MonthNovember 2017

Lawsuits Pile Up on Uber

Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.

The Critical Difference Between Vulnerabilities Equities & Threat Equities

Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.

5 Free or Low-Cost Security Tools for Defenders

Not all security tools are pricey.

Qualys Buys NetWatcher Assets for Cloud-based Threat Intel

The cloud security company plans to add threat detection, incident response, and compliance management to its platform.

The Good News about Breaches: It Wasn’t You this Time

Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions

Get November Windows and Office updates installed — carefully

The list of complaints about this month’s patches goes on forever. I covered the high points a couple of days ago. We’ve seen people who are running Win10 Creators Update and who specifically said they didn’t want to upgrade to Fall Creators Update get pushed into an upgrade anyway. Those using Epson dot matrix or POS printers lost them for a couple of weeks. Add to that a heaping handful of hooey and there were enough problems to keep most Windows customers shaking their heads. Or quaking in their boots.

To read this article in full, please click here

First US Federal CISO Shares Security Lessons Learned

Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.

Tech Talk: Uber hack, Google tracks, AWS packs (in China) … and Firefox is back

Compare and contrast: How Uber handled its data breach last year and how Imgur handled the same kind of thing last week. (Hint: Each company responded in radically different ways.)

That's what our tech panel – CSO's Michael Nadeau, Network World's Brandon Butler, Macworld's Michael Simon and Computerworld's Ken Mingis – chewed over first in this month's episode of Tech Talk. In short: Why did Uber keep the breach secret for so long and pay the hackers $100,000? And is that really better than Imgur, which found out it had been hacked three years ago and went public within 24 hours. On Thanksgiving Day.

To read this article in full, please click here

Tech Talk: Uber hack, Google tracks, AWS packs (in China) … and Firefox is back

Our tech panel looks at how Uber (secretly) handled last year's hack and the controversy around Google's decision to track Android users' locations. Then it's time to discuss why AWS is selling off hardware in China and what Mozilla is up to with its new Firefox Quantum.

Apple apologizes, issues Mac login security patch

With great apology, Apple has rushed to respond to the appalling macOS High Sierra security flaw, issuing a software update that has been made immediately available for download and will be automatically installed in existing Macs.

‘We greatly regret’

Apple has shared the following statement:

"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.


“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. 

To read this article in full, please click here