Apple Releases Security Update for macOS Mojave

Original release date: September 24, 2018

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourag…

Original release date: September 24, 2018

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Apple's security page for macOS Mojave 10.14 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices

Original release date: September 24, 2018

NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:Monday, S…

Original release date: September 24, 2018

NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:

NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies.


This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft offers completely passwordless authentication for online apps

Phone-based authentication is the way forward instead.

Article intro image

Applications using Azure Active Directory (AD) to authenticate—a category that includes Office 365, among other things—will soon be able to stop using passwords entirely.

Azure AD accounts can already use the Microsoft Authenticator app for two factor authentication, combining a password with a one-time code. With the new passwordless support, authentication is handled entirely by the app; the app itself represents "something you have," and this is combined with either biometric authentication or a PIN. Passwords have a long, problematic history; while they can be very strong, if suitably long and suitably random, human passwords are often short, non-random, and reused across multiple sites. App-based authentication avoids this long-standing weakness.

Enabling two-factor authentication is just one of the things that organizations can do to improve their security. To that end, Microsoft has extended "Microsoft Security Score," a tool used to assess organizational policy and provide guidance on measures that can be taken to harden an organization against attack. Secure Score already spans Office 365 and Windows security features; to these, Microsoft has added Azure AD, Azure Security Center, and Enterprise Mobility Suite, covering a wider range of settings and options.

Read 2 remaining paragraphs | Comments