Posts

Security-Updates

January saw a huge collection of security updates

Security patches were issued for patches for iOS, Chrome, Windows, Apple, Firefox and more.

Here’s a short summary but you can find out more on this in Wired here

Apple has released iOS 16.3 along with a new feature that allows you to use security keys as an extra layer of protection for your Apple ID.

Google Chrome has fixed 17 vulnerabilities in the browser and Google Android has posted a number of patches for Android devices in its Android Security Bulletin. It also has fixes for Pixel and Samsung Galaxy devices.

Microsoft has also issued 98 security patches and Software firm Mozilla has released important updates for its Firefox browser, the most serious of which have been the subject of a warning by the US Cybersecurity and Infrastructure Security Agency (CISA).

There are many more fixes and updates included in the article and for the sake of your business security it is worth doing  thorough review of whatever systems you use.

Cyber-Security

Cyber security in 2019 – are you insured?

Cyber security in 2019 – are you insured?

The most recent figures for the extent of cybercrime published by the ONS (Office for National Statistics) in March 2018 state that 4.5 million such crimes had been committed in the previous 12 months.

The ONS figures cover all types of cybercrime, including child pornography.

In the first half of 2018, the number of cyber breaches soared over 140% from a year earlier, leading to 3.3 billion compromised data records worldwide, according to Gemalto, an international data security company.

However, the insurer Hiscox has estimated that UK small businesses are being targeted with an average of 65,000 attempted cyber attacks every day, according to the Insurance Times.

Despite this it estimates that  only 52% of SMEs have clear security strategies despite it costing an average of £25,700 last year in direct costs (eg ransoms paid and hardware replaced) per attack.

The information cyber criminals are most interest in is Email addresses, Social Security numbers, Credit card numbers, Bank information, Product information and Birth dates.

The most vulnerable areas for businesses are online banking details, cloud servers, emails and data leaks and breaches.

One growing problem is the numbers of fraudulent emails using named individuals, such as the CEO or Finance Officer authorising payments to be made.

Business cybercrime is an ever-increasing threat and businesses should regularly conduct security audits, ensuring they have robust back-up systems and should examine and if necessary, restrict entry points into the system, only giving access codes to those within the company who actually need them.

They should also take out cyber insurance, something that was hardly I existence ten years ago, but is now becoming increasingly important.

You should check that the policy includes practical support including legal advice, forensics and reputation management to help get a business back up and running as quickly as possible.

Intel-Security-Flaws

Yet another security flaw in Intel chips

Another security flaw has been discovered in Intel’s computer chips, the third this year, say researchers.

The flaw, named Foreshadow, could be used by hackers to obtain sensitive information from computers released from 2015 onwards.

While Intel has already released a patch to mitigate the problem, this latest revelation is not good news for the company.

It has posted a full list of hardware affected by Foreshadow on its website.

According to an article on the BBC tech pages of its website: “Foreshadow was discovered by collaborative work by researchers from KU Leuven university in Belgium and others from the universities of Adelaide and Michigan.”

Intel subsequently discovered two further weaknesses.

Although there have been warnings that installing the mitigation patch could affect the collective processing power of companies using cloud computing platforms Amazon, Google and Microsoft have already installed fixes for this problem. Individual PC users are unlikely to face this problem, however.

As ever, we advise all our customers and clients to be mindful of their cyber security and to ensure that they download and install security updates promptly as soon as they become available.

Apple-losing-its-edge

Is Apple losing its edge?

Apple laptops and desktops are often the favourite hardware for businesses, partly for quality and partly because they have always been seen as largely hack-proof.

But a recent problem has caused some technical writers to question whether the “big A” is beginning to lose its edge.

A flaw was discovered in the most recent version of MacOS High Sierra, that enabled anyone to enter the machine without a password.

The bug was discovered in late November by a Turkish developer, who discovered that entering the username “root” and leaving the password field blank, hitting “enter” a few times, he could gain access to the machine.

The vulnerability, which fortunately could not be used remotely, could give someone with root access more powers than a normal user, for example to read and write files to other accounts.

More seriously a superuser with root access and with malicious intent could have deleted crucial system files, rendering the computer useless – or install malware that might be undetectable to typical security software.

Apple issued a temporary workaround by allowing users to set a root password while it fixed the problem.

The instructions are here

However, according to the tech publication WIRED, there were more problems when Apple rushed out a patch, within 18 hours, and users discovered that the “root” bug returned if they updated to the 10.13.1, version.  The machine had to be re-booted for the patch to work, but Apple had not included this in the instructions.