
Google’s open-source security move may be pointless. In a perfect world, it should be.
Given that one of the uglier threats to enterprise cybersecurity involves re-purposed third-party code and open-source code, you might think that Google addressing the issue would be a big help. Think again.

DOJ reverses itself, says good-faith security researchers should be left alone
The US Department of Justice last week reversed its own policy, telling prosecutors not to prosecute anyone who has engaged in “good-faith security research.”

Apple’s self-repair program is bad for consumers, but might work well for IT
Apple has changed its self-repair program and has gone out of its way to make the program a horrible option for its intended audience: consumers. But it might make a lot of sense for enterprise IT wanting to do iOS device repairs.

Apple is the latest example of how the remote work fight has gone lunatic
The recent corporate pushback against working from remote locations (referred to, unfortunately, as work from home) is both self-destructive and bizarre.

Expect to see more online data scraping, thanks to a misinterpreted court ruling
In a case involving LinkedIn, a US appellate court has come to an obvious conclusion: scraping publicly-visible online data and content doesn't violate The Computer Fraud and Abuse Act. What does it mean? That's where things get...

Think the video call mute button keeps you safe? Think again
Have you recently been on a video call, muted and then said something nasty about a client — or maybe even the boss? Were you confident the mute button was protecting your secret? You shouldn't have been.

Apple quietly stops meaningful auto-updates in iOS
Craig Federighi, Apple’s senior vice president of software engineering, acknowledged Apple has dramatically slowed down auto updates — by as much as a month.

The Russian cyberattack threat might force a new IT stance
With the threat of Russian cyberattacks still with us, companies need to be on a war footing when it comes to security.

When should the data breach clock start?
Time is of the essence when a data breach occurs. The tricky part is figuring out exactly when a company first knows about a breach, and how long it has before making it public.

CVS app glitch makes — then cancels — vaccine appointments. And it gets worse.
CVS Pharmacy has a widely used app and site to schedule various vaccinations, including for COVID-19. The problem? It has a glitch that allows customers to schedule appointments that are then cancelled without explanation.

Behavioral Analytics is getting trickier
One of the best authentication methods today relies on behavioral analytics, especially when it’s used as part of continuous authentication. But it is getting a bit trickier to do so reliably.

Signing up with a cloud provider? Don't forget to set an exit plan
It’s not simply about getting easy permission to go when it's time to part ways; it’s about IT making sure any decisions don’t complicate that eventual departure.

Rackspace is now the roach motel of cloud platforms
Ever since its layoffs last summer and a plunge in quality, Rackspace lets customers in — but won’t let them out. A cautionary tale of a business that had to fight like heck to escape.

Google finds a nation-state level of attacks on iPhone
Much of mobile security advice these days is for users to be careful, not click on suspicious links nor open suspicious emails or attachments. But the growing popularity of no-click attacks sidesteps these defenses — and Google has...

Apple is sneaking around its own privacy policy — and will regret it
Apple has a complicated relationship with privacy. It loves to tout its efforts, especially as a differentiator with Google. But actually delivering privacy? That’s a different story.

When biometrics can be outsmarted this way, we need to talk
It’s a sad fact of mobile authentication: the industry tends to initially support the least effective and secure options. Take the recent case of the sleeping woman in China, for instance.

Latest Android security hole shows why IT should consider a mobile app allow list
The mobile app security headaches continue. This time it's spyware found by mobile security firm Zimperium that not only steals data, but can silently control mic and camera — and secretly delete security apps. Fun times.

Store your corporate card on an iPhone? Uh-oh
Apple, Google, and especially Visa this month have given us yet another example of how security and convenience are at odds in the mobile world. Convenience seems to have won out.

Google now tells criminals when Chrome users are 'idle.' What could go wrong?
Another day, another revelation that mobile vendors might not always have users’ needs in mind, but they sure are helpful to cyberthieves.

How one coding error turned AirTags into perfect malware distributors
A security researcher found that an open area for typing in a phone number has unintentionally turned AirTags into God’s gift to malware criminals.
Top Blog Posts