Posts

Showing posts with the label #2020-Aug

Microsoft: This Office 365 feature update lets you open attachments without fear of malware

Image
  Microsoft releases public preview of Application Guard for Office. Microsoft is edging closer to general availability of its Application Guard security technology for Microsoft 365 apps, which gives IT admins and security staff a little more assurance that users opening risky attachments won't cause a malware outbreak.  Application Guard offers additional protections for enterprises using Word, Excel, and PowerPoint for Microsoft 365 and Windows 10 Enterprise.  Microsoft argues that Application Guard for Office or Microsoft Defender Application Guard for Office "helps prevent untrusted files from accessing trusted resources, keeping your enterprise safe from new and emerging attacks". Microsoft released the private preview of Application Guard for Office in February, extending a feature that had until then only been available for the new Edge browser.  The feature allows users to open websites safely with the protection of hardware-level containerization. The feature is

What we've lost in the push to agile software development, and how to get it back

Image
  The process of software design often begins on a messy whiteboard that doesn't prepare anyone for anything, according to design advocate Simon Brown. It's time for more upfront thinking. In the age of agile, too many software designers are afraid to over-design their applications upfront. As a result, many software teams have abandoned architectural thinking, up front design, documentation, diagramming, and modelling. "In many cases this is a knee-jerk reaction to the heavy bloated processes of times past, and in others it's a misinterpretation and misapplication of the  Agile Manifesto ." That's the word from  Simon Brown , author of  Software Architecture for Developers , who urged, in a compelling  talk  at the Yow! conference, that more thinking about applications be moved up to the whiteboard phase of software creation. Incidentally, he eschews whiteboards, noting they often result in confusing or unintelligible sketchings. "Tragically, as an indus

Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days

Image
  Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users' devices. Microsoft has started rolling out today the August 2020 Patch Tuesday security updates. This month, the company has patched 120 vulnerabilities across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework. Among the 120 vulnerabilities fixed this month, 17 bugs have received the highest severity rating of "Critical," and there are also two zero-days — vulnerabilities that have been exploited by hackers before Microsoft was able to provide today's patches. Zero-day #1 The first of the two zero-days patched this month is a bug in the Windows operating system. Tracked as  CVE-2020-1464 , Microsoft says that an attacker can exploit this bug and have Windows incorrectly validate file signatures. The OS maker says attackers can (ab)use this bug to "bypass security f

Samsung Galaxy Phone Users, Beware of this Fraud Android App

Image
  Samsung Galaxy phones users download this app thinking it will offer them software updates from the company. Samsung phones are known for getting slow updates compared to other manufacturers and its users have shared that concern regularly. But this month, there’s a big warning for the users of Samsung, who could’ve easily downloaded a fraud app on the phones. This app called  Update for Samsung - Android Update Version  was reportedly asking users to pay to get regular software updates, which should never be the case. The app, downloaded by over 10 million users, according to this report was merely showing them ads and charging them for doing it. Unfortunately, most of these users didn’t realise they were downloading a fraud app, which meant that a lot of people lost money to it. Thankfully, ZDNet reported that Aleksejs Kuprins, malware analyst at the CSIS Security Group reached out to Google Play Store team about the fraudulent app and asked them to remove it immediately. Kuprins b

Google and Facebook to bargain with Aussie news outlets for 'fair' payment terms

Image
  The platforms would be forced to inform news media businesses of algorithm changes that are likely to materially affect referral traffic to news, the ranking of news behind paywalls, and any substantial changes to the display and presentation of news and advertising directly associated with news. The Australian Competition and Consumer Commission (ACCC) has developed a draft code for how media organisations can bargain with Facebook and Google to secure "fair" payment for news content shown on their respective platforms. The draft code of practice [PDF] adopts a model based on negotiation, mediation, and arbitration to "best facilitate genuine commercial bargaining between parties, allowing commercially negotiated outcomes suited to different business models used by Australian news media businesses". Each media business is expected to come to an agreement with the digital platform, with no one-size-fits-all model intended. But the code, as it stands, would allow g