Google Releases Security Updates for Chrome OS

Original release date: June 27, 2019

Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US Government Cyber Security Still Inadequate

US Government Cyber Security Still Inadequate

Surprise, surprise, surprise – an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.

US Government security has often been called into question but we’d hope in 2019 it would have gotten better and at least everyone would have adopted the anti-virus solution introduced in 2013..

A committee report (PDF) examining a decade of internal audits this week concluded that outdated systems, unpatched software, and weak data protection are so widespread that it’s clear American bureaucrats fail to meet even basic security requirements.

Read the rest of US Government Cyber Security Still Inadequate now! Only available at Darknet.

NIST Releases Report on Managing IoT Risks

Original release date: June 26, 2019

The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages information security and privacy practitioners to review NISTIR 8228 for more information and CISA’s Tip on Securing IoT for best practices.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options

The Microsoft logo displayed at Microsoft's booth at a trade show.

Enlarge / Microsoft at a trade show. (credit: Getty Images | Justin Sullivan)

Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage that's accessed through two-step verification, or a "strong authentication method," although Microsoft didn't define the latter term.

Microsoft notes that fingerprinting, face scans, PINs, and one-time codes by email, SMS, or an authenticator app are among the acceptable two-step verification methods. And you’ll automatically get de-authenticated after a period of inactivity—that's the key to Microsoft's special security argument here. Two-factor authentication using text or email is less secure than other options. Using the more heavy-duty face or fingerprint verification will require the appropriate hardware, such as a device with Windows Hello.

It also has options for transferring physical documents to the OneDrive mobile app. You can scan documents or take photos directly into the Personal Vault section without needing to store the file in a less secure part of your device first.

Read 4 remaining paragraphs | Comments