Apple security updates for iOS 13.3, macOS Catalina 10.15.2 and other products

Apple has released security updates for iOS 13.3 and macOS Catalina 10.15.2, as well as other products to include Safari, watchOS, tvOS, iTunes, iCloud and Xcode.

Continue Reading Apple security updates for iOS 13.3, macOS Catalina 10.15.2 and other products

Attackers reverse Outlook vulnerability CVE-2017-11774 patch functionality

Researchers at FireEye have spotted an uptick in active exploits of CVE-2017-11774, an Outlook security feature bypass vulnerability. Attackers are also actively reversing Outlook vulnerability patch functionality. To help protect against such exploits, FireEye has provided Outlook hardening guidelines.

Continue Reading Attackers reverse Outlook vulnerability CVE-2017-11774 patch functionality

NIST SP 800-128: Security-Focused Configuration Management of Information Systems Guidelines

The National Institute of Standards and Technology (NIST) has issued new Security-Focused Configuration Management of Information Systems guidelines (SP 800-128).

Continue Reading NIST SP 800-128: Security-Focused Configuration Management of Information Systems Guidelines

Lenovo warns of critical WiFi vulnerabilities

Lenovo warned its customers about two critical Broadcom WiFi vulnerabilities that affect 25 ThinkPad models. The firmware vulnerabilities impact Broadcom’s BCM4356 Wireless LAN Driver for Windows 10 and contain buffer overflow flaws.

Continue Reading Lenovo warns of critical WiFi vulnerabilities

My 6 Favorite Mac Security Hardening Recommendations

In the wake of Apple's most recent and embarassing blunder regarding the macOS High Sierra root login flaw, I felt it was a good time to revisit Apple Mac hardening guidelines that can help users and IT admins better secure Apple's OS, to include macOS and OS X.

Continue Reading My 6 Favorite Mac Security Hardening Recommendations