Advertise here
Advertise here

security

now browsing by tag

 
 

Nokia 3 Gets December Android Security Patch Update

HMD Global has started rolling out the monthly software update for the Nokia 3. The Android update, which started rolling out last week, includes Google’s latest Android security patch update. Although this update is still based on Android 7.1.1 Nougat, the security patches offer an improved level of security for HMD’s budget Nokia 3 smartphone. Most high-end, flagship smartphones from other brands haven’t yet received the update for the month of December. The update has been released as part of HMD’s promise of offering monthly updates its smartphones.

Apart from the latest security patch, the December update also includes improved system stability along with a few enhancements to the user interface on the Nokia 3. The new update, available as OTA download, comes with a 345.4 MB file size and is being rolled out to users globally, including India.

We had reported, last week, that the Nokia 3 will receive the Android 8.0 Oreo update directly and HMD is planning to skip Android 7.1.2 Nougat for the phone. The company also stated that it would release Oreo beta builds for the Nokia 5 and Nokia 6 soon.

 

 

The Nokia 3 is a dual-SIM (GSM+GSM) device that runs on stock version of Android 7.1.1 Nougat. The smartphone has a 5.0-inch HD display with a resolution of 720×1280 pixels. It is powered by a 1.3 GHz quad-core MediaTek MT6737 processor coupled with 2GB of RAM.

In the camera department, the Nokia 3 sports an 8-megapixel rear sensor with LED flash. On the front is another 8-megapixel sensor for selfies and video calling. The smartphone has an internal storage of 16GB, which is expandable up to 128GB via microSD card.

In terms of connectivity, the Nokia 3 has Wi-Fi, GPS, Bluetooth, USB OTG, FM, 3G and 4G (with support for Band 40 used by some LTE networks in India). Sensors on the phone include proximity sensor, accelerometer, ambient light sensor, and a gyroscope. It also has a 2630mAh non-removable battery under the hood.

24000 UNC Health Care patients affected by potential security breach

UNC Health Care is notifying 24,000 patients about a potential security breach at a UNC dermatology practice in Burlington.

UNC said Friday that personal patient information was contained on a hard drive of a laptop computer that was stolen from UNC Dermatology Skin Cancer Center in October. The absence of the computer was discovered only recently, prompting alerts to patients as required by federal law governing patient privacy protections, as well as by the N.C. Identity Theft Act.

The computer’s hard drive is password-protected and contains information pertaining to patients seen by the practice through September 2015, when it was acquired by UNC Health Care. The laptop’s patient database contains patient names, addresses, phone numbers, employment status, employer names, birth dates and Social Security numbers.

The affected patients are being offered free credit monitoring services for one year.

Never miss a local story.

Sign up today for a free 30 day free trial of unlimited digital access.

According to the police report filed by the Burlington Police Department, the Oct. 8 theft resulted in the disappearance of a safe, cash, Dell computer and a computer tower. The theft is under investigation.

24000 UNC Health Care patients affected by potential security breach

UNC Health Care is notifying 24,000 patients about a potential security breach at a UNC dermatology practice in Burlington.

UNC said Friday that personal patient information was contained on a hard drive of a laptop computer that was stolen from UNC Dermatology Skin Cancer Center in October. The absence of the computer was discovered only recently, prompting alerts to patients as required by federal law governing patient privacy protections, as well as by the N.C. Identity Theft Act.

The computer’s hard drive is password-protected and contains information pertaining to patients seen by the practice through September 2015, when it was acquired by UNC Health Care. The laptop’s patient database contains patient names, addresses, phone numbers, employment status, employer names, birth dates and Social Security numbers.

The affected patients are being offered free credit monitoring services for one year.

Never miss a local story.

Sign up today for a free 30 day free trial of unlimited digital access.

According to the police report filed by the Burlington Police Department, the Oct. 8 theft resulted in the disappearance of a safe, cash, Dell computer and a computer tower. The theft is under investigation.

24000 UNC Health Care patients affected by potential security breach

UNC Health Care is notifying 24,000 patients about a potential security breach at a UNC dermatology practice in Burlington.

UNC said Friday that personal patient information was contained on a hard drive of a laptop computer that was stolen from UNC Dermatology Skin Cancer Center in October. The absence of the computer was discovered only recently, prompting alerts to patients as required by federal law governing patient privacy protections, as well as by the N.C. Identity Theft Act.

The computer’s hard drive is password-protected and contains information pertaining to patients seen by the practice through September 2015, when it was acquired by UNC Health Care. The laptop’s patient database contains patient names, addresses, phone numbers, employment status, employer names, birth dates and Social Security numbers.

The affected patients are being offered free credit monitoring services for one year.

Never miss a local story.

Sign up today for a free 30 day free trial of unlimited digital access.

According to the police report filed by the Burlington Police Department, the Oct. 8 theft resulted in the disappearance of a safe, cash, Dell computer and a computer tower. The theft is under investigation.

24000 UNC Health Care patients affected by potential security breach

UNC Health Care is notifying 24,000 patients about a potential security breach at a UNC dermatology practice in Burlington.

UNC said Friday that personal patient information was contained on a hard drive of a laptop computer that was stolen from UNC Dermatology Skin Cancer Center in October. The absence of the computer was discovered only recently, prompting alerts to patients as required by federal law governing patient privacy protections, as well as by the N.C. Identity Theft Act.

The computer’s hard drive is password-protected and contains information pertaining to patients seen by the practice through September 2015, when it was acquired by UNC Health Care. The laptop’s patient database contains patient names, addresses, phone numbers, employment status, employer names, birth dates and Social Security numbers.

The affected patients are being offered free credit monitoring services for one year.

Never miss a local story.

Sign up today for a free 30 day free trial of unlimited digital access.

According to the police report filed by the Burlington Police Department, the Oct. 8 theft resulted in the disappearance of a safe, cash, Dell computer and a computer tower. The theft is under investigation.

24000 UNC Health Care patients affected by potential security breach

UNC Health Care is notifying 24,000 patients about a potential security breach at a UNC dermatology practice in Burlington.

UNC said Friday that personal patient information was contained on a hard drive of a laptop computer that was stolen from UNC Dermatology Skin Cancer Center in October. The absence of the computer was discovered only recently, prompting alerts to patients as required by federal law governing patient privacy protections, as well as by the N.C. Identity Theft Act.

The computer’s hard drive is password-protected and contains information pertaining to patients seen by the practice through September 2015, when it was acquired by UNC Health Care. The laptop’s patient database contains patient names, addresses, phone numbers, employment status, employer names, birth dates and Social Security numbers.

The affected patients are being offered free credit monitoring services for one year.

Never miss a local story.

Sign up today for a free 30 day free trial of unlimited digital access.

According to the police report filed by the Burlington Police Department, the Oct. 8 theft resulted in the disappearance of a safe, cash, Dell computer and a computer tower. The theft is under investigation.

Security breach: Aging computer network threatens school safety

The district’s computer network — last updated seven years ago — is so outdated that a school lockdown might fail if initiated.

That was the grim footnote delivered at the end of the Board of Education’s presentation for capital improvement projects for the 2018-19 school year.

Dr. Robert Miller, the district’s director of technology and operations development, recommended the board fund the replacement of more than 200 wireless access points throughout the district, as well as servers at all six elementary schools and both middle schools.

Those pieces of hardware are paramount to keeping the district-wide network operational, Miller explained — something that’s critical to student safety, considering how many school security resources rely on the network.

“Without those core devices, any facility device that’s connected to the network would fail to work within the buildings,” Miller told the board. “Any security device that’s connected to the network would fail to work within the buildings.”

That includes everything from “video surveillance to door access to how these devices actually talk to and get authentication onto the network itself,” Miller said.

Vice Chairman Doug Silver asked whether the $475,700 in network and security upgrades should be given higher priority, as the project ranked fourth on the district’s list of seven capital projects that are planned for the 2018-19 school year.

“When I hear network failures, and I hear threats to the safety of our students and staff — you know, that’s our first responsibility,” Silver said.

“Every element of our operation is connected to the technology,” said Superintendent Karen Baldwin. “And, you know, first and foremost [our top priority] is safety and security.”

“And so, we can’t continue to defer this,” she added.

Miller assured the board he was comfortable listing the upgrades at a lower priority because the hardware most at risk of failure is the network switches. Those could replaced individually if one were to fail, without risking the whole network, Miller said.

Upgrading the wireless access points is projected to cost $162,800, he said, while replacing the servers at the elementary and middle schools would cost a total of $64,000. The funds would be taken out of the schools’ capital budget, which is separate from its operating budget.

Security items

Along with wireless network upgrades, the capital improvement item would also build a security vestibule inside the entrance at East Ridge Middle School. The room would isolate anyone trying to access the building, and is slated to cost $68,900.

The district would also install 47 networked surveillance cameras at all six elementary schools, and at “critical” security points in the high school. The additional cameras would cost around $75,000, Miller said.

The security costs include additional protective film for glass entryways and adjacent windows on all district buildings to prevent an intruder from smashing his or her way into a school. The cost is projected to be $105,000.

“It kind of reminds you of those brave teachers out in California,” said Silver, referring to a recent mass shooting in Rancho Tehama, where the intruder was kept out of the building by a school lockdown.

Costs

The bundled network and security upgrades are the second most expensive project slated for next year, according to Miller.

Replacing the running track at Tiger Hollow, listed at $500,000, is the most expensive project — and of the lowest priority — on the capital improvement plan.

The district’s capital costs are $1,547,521 for the seven major projects next year.

The district’s estimated capital improvement costs are $10,765,787 over the course of the next five years.

What comes first?

The replacement of a 30-year-old heating oil tank and asbestos abatement and retiling — both at Scotland Elementary — were given first and second priority, respectively.

Replacing the heating oil tank is “a must,” said Joe Morits, the district’s facilities manager. And delaying it any longer “is a major code violation with significant fines,” he told the board.

Morits projected the oil tank replacement to cost $100,750 and the asbestos abatement — in phase two of a four-year removal — to cost $121,900.

Heating and cooling

The third item on the list is upgrading the outdated building heating and cooling automation systems at Scotts Ridge Middle School and Ridgebury Elementary School, estimated to cost $97,538.

The heating, ventilation, and air conditioning (HVAC) automated system would be upgraded from a proprietary software system to a Web-based platform, Morits said. That would allow HVAC technicians to remotely access the school’s heating and cooling controls, rather than driving to the schools to adjust the controls onsite.

It’s not the only cooling system causing the district trouble.

At the high school, a 300-ton cooling tower has corroded to the point of needing to be replaced. The project, sixth on the district’s priority list, is projected to cost $153,500.

The failure of the heating and cooling tower during the start of the school year could force a school closure, Baldwin added.

Morits said that while the base of the tower is in good condition, the top of the tower has deteriorated to the point where the whole tower could be lost. Harsh water at the high school has caused a great deal of corrosion, he said.

“We do treat the water — we have chemicals that we use for scale and for hardness,” Morits said. “But the water makeup is just vicious up there at the high school.”

Morits said if the tower failed, 60% of the high school would lose air conditioning.

The tower was installed back in 2002 as part of a package of improvements, Morits explained. At the time, two towers and two chillers were supposed to be installed, but the district opted to install only one of each, because of budget constraints. The corroding tower, in effect, gets twice the workload the system was expected to handle.

“This bad boy does a lot of work,” Morits said. “It was a major budget cut back in the day, so I’m told.”

Inclusive playground

The fifth item on the district’s capital improvement list is building a handicapped-accessible playground at Ridgebury. It would cost $98,133.  

All the projects carry with them some operational or legal risks for the district, the facilities manager explained.

At Ridgebury, if a wheelchair-bound student registered at the school, the parents could hold the district liable for not accommodating the student’s needs, Baldwin said.

Likewise, the district would be on the hook for injuries caused by damage to the Tiger Hollow running track at RHS.

“We’ve had litigation there based on falls on the stairs,” said Morits, referring to the bleachers at Tiger Hollow that the district fixed before the 2016-17 school year.

Quantum Computing Is the Next Big Security Risk

The 20th century gave birth to the Nuclear Age as the power of the atom was harnessed and unleashed. Today, we are on the cusp of an equally momentous and irrevocable breakthrough: the advent of computers that draw their computational capability from quantum mechanics.

WIRED OPINION

ABOUT

US representative Will Hurd (R-Texas) (@HurdOnTheHill) chairs the Information Technology Subcommittee of the Committee on Oversight and Government Reform and serves on the Committee on Homeland Security and the Permanent Select Committee on Intelligence.

The potential benefits of mastering quantum computing, from advances in cancer research to unlocking the mysteries of the universe, are limitless.

But that same computing power can be used to unlock different kinds of secrets—from your personal financial or health records, to corporate research projects and classified government intelligence.

It’s more than just theoretical: An algorithm formulated by mathematician Peter Shor demonstrates that quantum computers are able to factor large numbers more efficiently than classical computers. Large-number factoring is the foundation of today’s encryption standards.

The impact of quantum on our national defense will be tremendous. The question is whether the United States and its allies will be ready.

The consequences of mastering quantum computing, while not as visual or visceral as a mushroom cloud, are no less significant than those faced by the scientists who lit up the New Mexico sky with the detonation at the Trinity test site 72 years ago. In the same way that atomic weaponry symbolized power throughout the Cold War, quantum capability is likely to define hegemony in today’s increasingly digital, interconnected global economy.

Unlike traditional computers, which process information in binary bits, quantum computers exploit the ability of quantum bits (qubits) to exist in multiple states simultaneously. This allows them to perform incredibly complex calculations at speeds unimaginable today and solve certain classes of problems that are beyond the grasp of today’s most advanced super computers.

Today, quantum computers are beginning to move out of research labs in search of broader investment and applications. In October, Google announced that by the end of this year it expects to achieve quantum supremacy—the point at which a quantum computer can outperform a classical computer.

Because nations around the world, including China, are investing heavily in research and development, the world is likely less than a decade away from the day when a nation-state could use quantum computers to render many of today’s most sophisticated encryption systems useless.

From academics to the National Security Agency, there is widespread agreement that quantum computers will rock current security protocols that protect global financial markets and the inner workings of government.

Already, intelligence agencies around the world are archiving intercepted communications transmitted with encryption that’s currently all but unbreakable, in the hopes that in the future computing advances will turn what’s gibberish now into potentially valuable intelligence. Rogue states may also be able to leverage the power of quantum to attack the banking and financial systems at the heart of western capitalism.

    MORE ON QUANTUM COMPUTING

  • Quantum Computers Versus Hackers, Round One. Fight!

  • The Race to Sell True Quantum Computers Begins Before They Really Exist

  • The Quantum Spy Author David Ignatius on the Future of High-Tech Espionage

Everyone has seen the damage individual hackers can do when they infiltrate a system. Imagine a nation-state intercepting the encrypted financial data that flows across the globe and being able to read it as easily as you are reading this. Quantum computers are so big and expensive that—outside of global technology companies and well-funded research universities—most will be owned and maintained by nation-states. That means the first quantum attacks are likely to be organized by countries hostile to the US and our allies. Rogue states could read military communiques the way the United States and its allies did after cracking the Nazi Enigma codes.

In short, quantum computing presents both an unprecedented opportunity and a serious threat. The United States must lead this transition, in collaboration with its allies around the world. Whether lawmakers want to think of it as a new Manhattan Project or a race to the moon, the US cannot abdicate leadership in scientific discovery or international security.

The window is closing, fast. It took more than five years and nearly half a trillion dollars for companies and governments to prepare for Y2K, which resulted in a non-event for most people. But, the US is not ready for what experts call Y2Q (Years to Quantum), and the time to prepare is now. Even in a pre-quantum era, the need for quantum-safe encryption is real. Banks, government agencies, insurers, hospitals, utilities, and airlines all need to be thinking now about how to implement security and encryption that will withstand a quantum attack.

On complex, large-scale networks, it can take years to roll out even a relatively straightforward update. Quantum-safe encryption relies on mathematical approaches that even quantum computers have difficulty solving. The challenge is ensuring that every point through which data flows, and even the data itself, is wrapped in quantum-safe security.

Private sector research and development are happening in pockets across North America and among the US’s allies. Google and IBM both have well-publicized programs to build viable quantum computers. At the same time, though, the US and its allies must take practical steps to prepare for the quantum threat. The National Institute of Standards and Technology is working to evaluate quantum-safe cryptographic candidate algorithms. Other organizations like the European Telecommunications Standards Institute and the United Nations’ International Telecommunications Union are working to ensure our standards for connecting systems continue to evolve to be quantum safe. Companies like ISARA are among a small cadre of cryptographers and programmers building quantum-safe security solutions to help high-risk industries and organizations begin protecting themselves.

It’s these kinds of efforts that the US and its allies must collaborate on to align the goals of scientific discovery, technological advancement, and national security. As companies build powerful quantum machines, leaders must simultaneously understand the risks those machines pose and the counter-measures required. Executives in every industry need to understand the implications that quantum computing will have on their legacy systems, and take steps to be ready. At a minimum, that means retrofitting their networks, computers, and applications with encryption that can withstand a quantum attack.

Nowhere is it more vital to begin preparations than with the vast network of governmental systems that do everything from processing Social Security checks to analyzing vast amounts of electronic intelligence.

Whether it was the discovery of fission or the launch of Sputnik, the United States has responded to scientific challenges of the past century with resolve and determination. The US must do the same with quantum computing.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.

Chrome 63 vs Windows 10 Edge: Google steps up rivalry with site isolation security

1ba91_chromeenterpriseupdates01-max-1000x1000 Chrome 63 vs Windows 10 Edge: Google steps up rivalry with site isolation security

With Chrome 63, businesses can also configure policies to restrict access to extensions based on the permissions required.


Google

Google’s latest effort to pry businesses off Internet Explorer and keep them away from Windows 10 Edge is a new security feature called site isolation, which handles each page in its own process.

With the release of Chrome 63, enterprise admins will be able to configure Chrome to render content for each site in its own dedicated process.

As Google notes, keeping each site isolated from other sites in Chrome offers enterprises the strongest security. The technique is designed to thwart attacks that exploit vulnerabilities in the renderer process to run malicious code inside Chrome’s render sandbox and steal information.

However, it does come with a significant overhead, bumping up Chrome’s memory usage on PCs by between 10 and 20 percent.

Chrome’s optional, per-site isolation comes as Microsoft continues to harden Windows 10 Edge using hardware-based virtualization through tools such as Windows Defender Application Guard (WDAG), which allow Edge to run in an isolated hardware environment.

In October, Microsoft argued that WDAG marked a major breakthrough in sandbox technology since it offers a shield against attacks on the kernel, which is unprotected if an attack escapes the browser sandbox.

The good news for end-users is that Google and Microsoft are competing fiercely on the security front, adopting different approaches to protect against new attacks.

The one-site-per-process feature has been an equally important project for Chrome. Justin Schuh, engineering lead for Chrome security, earlier this year said site isolation was the biggest difference in Google’s approach to security and would make it superior Microsoft’s new Edge defenses. The technology promises to prevent remote code execution inside Chrome’s renderer sandbox.

Admins can choose to turn on Chrome’s site isolation for all sites or select a list of websites to isolate to run in their own rendering process. Google suggests including sites that users log into and important sites such as productivity site or intranet.

Chrome now also offers admins the ability to set a policy that blocks access to extensions based on the permissions they require.

This feature adds to the ability to whitelist and blacklist certain Chrome extensions. Admins have a large selection of permissions to block, including audio capture, USB, and video capture.

Additionally, Chrome 63 introduces Transport Layer Security version 1.3, which is enabled for Gmail in the updated browser.

Google is bringing NTLMv2 support to Mac, Linux, Android and Chrome OS. NTLM or NT LAN Manager is a Microsoft authentication protocol for Windows.

Chrome 64, due out in early 2018, includes support for NTLMv2 and Extended Protection for Authentication. Chrome’s support for non-Windows platforms brings Chrome on these to the same level as Chrome on Windows.

The company will also offer admins some leeway on an incoming crackdown on antivirus software that injects code into Chrome processes. Google argues that this is an outdated process that causes crashes.

Chrome warnings will advise users to uninstall the antivirus. It is encouraging vendors to use other methods, such as Chrome extensions and Native Messaging. Starting with Chrome 66 in April 2018, users may see a notification to update or remove the offending application.

To cater to business, Google will offer a new policy that gives admins extended support for critical apps that need to inject code into Chrome to function.

Finally, Chrome 63 includes fixes for 37 vulnerabilities. Google paid researchers $46,174 for reporting the Chrome bugs, including an award to Microsoft’s Offensive Security Research Team.

Previous and related coverage

Google will lock down Chrome on Windows

Does the Chrome web browser crash on you in Windows? Google plans on fixing a common cause for these problems.

Five tricks to make Google Chrome faster and better

Here are five tricks to help you speed up your browser and increase your productivity.

Top Google Chrome extensions to enhance your productivity, security, and performance

If you are a Google Chrome user and you’re not making use of extensions, then you are really missing out. Here is a selection of extensions aimed specifically at boosting your productivity and privacy.

BlackBerry calls for stricter internet of things security standards

Government and industry-led standards are needed to secure internet of things (IoT) devices that are increasingly being used as vectors for cyber attacks, according to BlackBerry’s chief security officer, Alex Manea.

Speaking to Computer Weekly in Singapore, Manea said such standards should detail specific security requirements, such as mandating that every IoT device supports software updates.

“A lot of people are building devices with software that connects to the internet,” said Manea. “Those devices become targets for hackers as soon as they’re connected, and without security updates, you won’t be able to patch their vulnerabilities.”

Noting that the Mirai botnet – which disrupted internet services and infected home routers around the world in a 2016 distributed denial of service (DDoS) attack – comprises IoT devices that cannot be patched, Manea said security standards would prevent similar attacks from occurring in future.

While standards may set baseline security requirements for IoT devices, Manea acknowledged that it would not be possible to implement the same standards across a broad range of hardware devices.

“The fundamental concepts of authentication and data encryption should apply to all internet-connected devices, but at the same time, there will be standards that make sense for some IoT devices and not others,” he said.

For example, Manea said cars would require higher security standards because of fundamental safety risks. “Somebody who hacks a sensor may not necessarily pose a safety risk, though a hack on my car could take over the controls and steering wheel.”

The automotive industry is already putting in place security standards, and understands the relationship between safety and cyber security, Manea said, noting that BlackBerry was working with car makers to secure connected vehicles.

BlackBerry’s focus on the automotive sector as part of its move towards becoming more of a software and security supplier comes naturally, because its crown jewel, the QNX operating system for embedded devices, is widely used by car makers.

“The automotive industry is the most mature among all IoT verticals, and it’s one that will provide the most value in the short term,” said Manea. “It’s also where we’re getting a lot of demand from customers.”

Asked if BlackBerry planned to expand its reach into other IoT verticals, Manea said the company would look at the broader transportation industry, such as aerospace and trucking. “We’re also looking at healthcare, where there are direct safety concerns when a healthcare device gets hacked.”

According to Gartner, global spending on IoT security is expected to reach $547m in 2018, mostly on securing connected cars, heavy trucks, commercial aircraft and construction equipment.

“The market for IoT security products is currently small, but it is growing as both consumers and businesses start using connected devices in ever greater numbers,” said Ruggero Contu, research director at Gartner.

However, the technology research firm noted that although 25% of cyber attacks on enterprises would involve the internet of things by 2020, IoT security spending would account for less than 10% of IT security budgets.

Consequently, IT security suppliers will need to provide usable internet of things security features because of limited budgets and the decentralised approach to early IoT adoption, Gartner said.

Computer security needs more federal regulation, says US senator

42a3b_gettyimages-653282474 Computer security needs more federal regulation, says US senator

Maggie Hassan, Democratic senator from New Hampshire, has spoken on issues including data breaches, national defense and the security of smart gadgets.


Justin Sullivan/Getty Images

Sen. Maggie Hassan has seen firsthand how much damage a cyberattack can do to a community.

While the Democrat from New Hampshire was running for US Senate last year and still serving as governor, hackers nailed Dyn, one of the largest internet management companies in the US, and shut down major websites for hours. The attack hit home for Hassan: Dyn is based in Manchester, New Hampshire.

She saw the hack as a warning sign for what could happen in the future. As we come to rely more and more on web services, and as the net-connected gadgets of the “internet of things” gain in popularity, the risk of attacks will continue to rise.

IoT security has been notoriously ineffective over the last few years, with hackers taking advantage of vulnerabilities to launch assaults. Hassan has called out IoT makers for their lack of security. She’s co-sponsored an IoT bill for the federal government, which she says will bring connected devices up to speed on security without restricting innovation.

She’s also questioned companies like Equifax and introduced a bill for government bug bounty programs.

CNET spoke with Hassan last week about the rapid expansion of the internet of things and why she thinks the government needs to step in. Here’s an edited transcript.

Q: Where do you see the state of security when it comes to consumer technology?
Hassan: There are 5.2 billion IoT devices this year alone, and there will be more than 50 billion by 2020. While these interconnected and Internet accessible devices have played a critical role in improving the efficiency of our daily routines, there are also significant risks involved with having so many of these things connected to one another and the internet without a lot of consumer understanding and very little standardization to really help us navigate this.

Why is it important for Congress to play a role in regulating IoT security?
Hassan: We know already that hackers have co-opted internet-connected devices that have had little or no security and then turned those devices into cyberweapons.

In my home state of New Hampshire in 2016, these devices flooded the servers of Dyn, a sophisticated web-hosting company. And that overwhelmed and incapacitated not only Dyn, but dozens of companies that use Dyn services.

So the attack on Dyn led to dozens of major retailers and media going offline for several hours, causing an unknown amount of loss of revenue for these companies.

You can see an attack like the one they did on Dyn also being deployed in terms of public safety or other critical infrastructure. So that’s why I think it’s so important that we come together and set some standards here.

But not only set standards, as we’ve been trying to do, for instance with Sen. [Mark] Warner’s bill, but also raise consumer awareness about what they need to do to ensure that their IoT devices can’t be weaponized.

Do you think we would be where we are today in security if government had played a bigger role during the rise of the personal computer?
Hassan: I certainly think that our understanding of the vulnerability of our internet and cyber world has evolved. What’s very important now is that there is bipartisan attention to this issue and bipartisan support for addressing it.

There are differences, obviously, on how exactly to go about it, but what I focused on is working with [Democratic] Sen. Warner and Sen. Ron Wyden, a Democrat from Oregon, and Sen. Cory Gardner, a Republican from Colorado, for instance, on Sen. Warner’s bill, making sure that we move forward and setting standards that allow consumers, for example, to judge what kind of IoT devices they’re going to get, based on their understanding of what standards the companies follow.

Cars have been heavily regulated for safety before they can be sold. Do you see that sort of thing happening with consumer technology?
Hassan: What’s really important to balance here is the need to spur innovation in this space with the need to make sure that there are standards in place to protect people. So one of the reasons that I am a co-sponsor of Sen. Warner’s bill is that the bill would require that anytime the US government purchases an internet-connected device, that device would have to adhere to certain baseline cyberstandards.

Because the federal government is such a massive consumer of these types of devices, that would incentivize private companies to improve their cyberstandards, but also allow them to innovate in terms of their own cybersecurity standards as they do that.

Have you seen cybersecurity being treated as a bipartisan issue, or have you seen political lines drawn?
Hassan: It is a bipartisan issue on the Homeland Security Committee on which I sit. I am co-sponsoring a bill with Sen. Rob Portman, a Republican from Ohio, that would try to help us strengthen Homeland Security cybersystems. There’s a lot of bipartisan support, because we do understand how important this issue is.

It’s important, obviously, in terms of the way the internet of things can be weaponized. It’s important for our Homeland Security systems. It’s important for our election systems, and we all understand that.

Are tech companies willing to work with Congress on fixing their products and their platforms?
Hassan: What the companies are beginning to understand is that our networks and our data are only as secure as the weakest link in the chain. And so, if you just leave it up to the market to eliminate unsecured devices or raise standards, that’s not going to be a short-term or long-term solution. Companies are beginning to understand that.

We always have to work with the private sector to balance their needs to be able to innovate and be nimble in their competitive market with the government’s needs to make sure that we have some standards in place that would protect the consumers, and protect all of us in this increasingly interconnected world.

But I am encouraged by the kind of constructive dialogue that we’ve been able to have with industry, and again, encouraged that there’s bipartisan attention to this, which should help us continue that kind of constructive dialogue with industry.

Silicon Valley’s way of working is usually to push forward first and deal with the issues after. Why doesn’t that fit in with how Capitol Hill operates?
Hassan: What you’re seeing now is a recognition by tech companies that some of their approach to innovation and development has had a series of unintended consequences. Understanding history now, we want to turn our attention to ways in this tech space that we can be intelligent about the kinds of standards we set.

We need to listen to tech companies to be sure about how we go about doing this so that they can continue to innovate, but it’s our job to make them aware, as well as consumers, that we really do have threats we have to address.

That’s something the public sector should be doing in partnership with the private sector, listening to the public’s concerns.

Do you think Americans are getting a bad deal with security when it comes to the technology they buy?
Hassan: It is really important that consumers are aware that the products they purchase actually have internet connectivity, and I think there are a fair number of consumers who may not understand that.

So one of the things we need to be doing is encouraging consumers to read instructions that come with their devices. So that, for instance, they can change their default passwords for some of these internet-connected devices. They can make sure that the software of the device is up-to-date, they can make sure they have the latest security patches.

But it’s the job of the producers to make clear to consumers that their devices are internet-connected, and include instructions about how to change these passwords and take other very simple security measures.

The federal government has a role to play in strengthening awareness of internet connected devices, so that consumers can recognize the devices and what they need to do in order to maintain good cyberhygiene.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

‘Alexa, be more human’: Inside Amazon’s effort to make its voice assistant smarter, chattier and more like you.

5 computer security facts that surprise most people | CSO Online

The five statements below are the causes behind a lot of computer security risk and exploits. If you understand them well enough today, you will be ahead of your peers.

1. Every company is hacked

When the world hears about the latest big breach, people probably think that the company involved must be bad at computer security. The next time a big hack occurs that results in millions of customer records stolen or millions of dollars in losses, what you should think is “Every company is hacked. This is just the one the media is talking about today.”

Every company is completely and utterly owned by a nefarious hacker or easily could be. That’s just a fact. I’m not including top secret military installations that don’t have Internet and require that their hard drives be placed in a locked safe at the end of every day. I’m talking about the average corporate company or small business.

I’ve never consulted at a company (and I’ve consulted at hundreds) where I didn’t find at least one hacker hidden somewhere when asked to do so. In most cases, especially over the last decade, I found multiple groups that had been in for years. My personal record was eight different hacking groups, with some in as long as ten years.

Android security alert: Google’s latest bulletin warns of 47 bugs, 10 critical

8d885_59a5a321e4b081fdb4f16383-1280x7201aug302017211259poster Android security alert: Google's latest bulletin warns of 47 bugs, 10 critical

Google has published its Android security bulletin for December, warning of 47 bugs across the operating system.

Ten of the vulnerabilities are rated ‘critical’ in their potential impact, the most severe type of bug, while the other 37 are rated as ‘high’ priority.

Google said it had split the vulnerabilities into two patch levels in its alert, so that Android smartphone makers can fix a subset of vulnerabilities that are similar across all Android devices more quickly, should they want to.

But it warned: “Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.” It recommended that they bundle the fixes for all the issues they are addressing in a single update.

Google said among the most severe of these flaws is a critical security vulnerability in the media framework that could enable a remote attacker, using a specially crafted file, to execute arbitrary code within the context of a privileged process.

8d885_59a5a321e4b081fdb4f16383-1280x7201aug302017211259poster Android security alert: Google's latest bulletin warns of 47 bugs, 10 critical

Google is urging Android device makers to fix all the issues in its December security bulletin.


Image: Getty Images

The first group of 19 vulnerabilities, 2017-12-01, also includes a flaw in the framework section, which could enable a local malicious application to bypass user interaction requirements to gain access to additional permissions. Under system, the worst bug could allow a “proximate attacker” to execute arbitrary code within the context of a privileged process.

The second group of 27 bugs, 2017-12-05, security patch level includes under kernel components a vulnerability that could allow local malicious applications to execute arbitrary code.

There are also vulnerabilities in MediaTek and Nvidia components that could let a local malicious app execute arbitrary code within the context of a privileged process. The bulletin also lists nine vulnerabilities in Qualcomm components and nine vulnerabilities in Qualcomm closed-source components.

These bugs won’t come as a surprise to the makers of Android smartphones. Google’s partners are notified of all issues at least a month before publication. Source-code patches for these issues will be released to the Android Open Source Project repository in the next 48 hours.

Google said exploiting issues on Android is made more difficult by features in newer versions of the Android platform: “We encourage all users to update to the latest version of Android where possible.”

However, not all Android makers feel that updating old hardware to the newest version of Android is a particular priority, leaving many smartphones languishing on older and therefore less secure versions.

Previous and related coverage

Android’s big problem: Over a billion devices are more than two years out of date

Android’s rapid growth and update challenges have left over one billion devices running very out of date software.

Android security triple-whammy: New attack combines phishing, malware, and data theft

Attacks on three fronts ensure attackers have all the information they need to steal banking details in the latest evolution of the Marcher malware, warn researchers.

Google says these are the best Android apps of 2017 but do you agree?

Google names most popular and best Android apps of the year.

Read more on Android security

5 computer security facts that surprise most people

The five statements below are the causes behind a lot of computer security risk and exploits. If you understand them well enough today, you will be ahead of your peers.

1. Every company is hacked

When the world hears about the latest big breach, people probably think that the company involved must be bad at computer security. The next time a big hack occurs that results in millions of customer records stolen or millions of dollars in losses, what you should think is “Every company is hacked. This is just the one the media is talking about today.”

Every company is completely and utterly owned by a nefarious hacker or easily could be. That’s just a fact. I’m not including top secret military installations that don’t have Internet and require that their hard drives be placed in a locked safe at the end of every day. I’m talking about the average corporate company or small business.

I’ve never consulted at a company (and I’ve consulted at hundreds) where I didn’t find at least one hacker hidden somewhere when asked to do so. In most cases, especially over the last decade, I found multiple groups that had been in for years. My personal record was eight different hacking groups, with some in as long as ten years.

December security bulletin posted ahead of likely Android 8.1 release tomorrow

Google released this month’s Android security bulletin today, but noted that the December images for Pixel and Nexus would be coming a day later. Meanwhile, following last week’s final developer preview, it’s more than likely that tomorrow’s release will also coincide with the launch of Android 8.1.


d5ac4_CI_NSwitch_Console_02 December security bulletin posted ahead of likely Android 8.1 release tomorrow

Nintendo Switch

There are 19 issues resolved in the December security patch dated 2017-12-01 and 28 in the 2017-12-05 one. Vulnerabilities range from high to critical, with the most severe relating to the media framework and possibly permitting a remote attacker to execute arbitrary code through a “crafted file.”

However, Google notes that there are no reports of customers being affected by these security issues.

The dedicated bulletin for Google’s phones and tablets lists 48 additional fixes, though no functional updates are mentioned. One notable fix is for the KRACK Wi-Fi vulnerability that was absent from Google’s security patch in November. Verizon release notes for the Pixel and Pixel 2 specify that it addresses that particular issue.

The carrier also revealed the build number of the upcoming update: OPM1.171019.011. Given the new build number format introduced with Oreo, “M1” likely refers to the first maintenance release that is Android 8.1:

Android 8.1 is an incremental maintenance release of Android Oreo. It includes new features, and APIs (API level 27), along with the latest optimizations, bug fixes, and security updates.


Check out 9to5Google on YouTube for more news:

Sedalia City Council to vote on computer security items at meeting

‘+

‘+__tnt.truncateStr(oAsset.title,85,’…’)+’

‘+

‘+

Google’s December security update brings KRACK fix and other security fixes

f5c1d_Pixel-2-XL-second-opinion-2-840x473 Google's December security update brings KRACK fix and other security fixes

Google posted its December security bulletin for Android earlier today, and if you were hoping for an update full of fixes and tweaks, you might want to look elsewhere.

The most notable aspect regarding the December security patch is its inclusion of the KRACK fix. It is a welcome sight, seeing how it was notably absent from the November security patch and how almost half of all Android devices were vulnerable to the security flaw.

The December update also brings a slew of patches for Qualcomm, Nvidia, and MediaTek products, but there is no Functional Updates section to be seen. As such, we are not sure if Google included fixes to several Pixel 2 and Pixel 2 XL issues that have recently come up, such as random reboots, audio playback coming off as tinny and full of static when recording video, and the Pixel 2’s buzzing noise that has been with us from the beginning.

Google is cracking down on apps collecting info they don’t need

Finally, Google says there will be two patch levels for this month: 12-1 and 12-5, the latter of which will be the level for all Nexus and Pixel builds.

Speaking of which, the firmware images for supported Nexus and Pixel devices will not be available until tomorrow, and OTA updates are usually after the images are posted, so we’ll be sure to update this post with the new builds once they arrive. Also, odds are that Android 8.1 is separate from the December security update, but again, we’ll learn more tomorrow.

Invest your way into health-care security

<!– –>


26f7d_104864043-knee.530x298 Invest your way into health-care security

Health care has become one of the biggest — and most costly — unknowns during retirement. Financial advisors say ignore what you don’t know and prepare for the worst.

The health-care debate in the United States has turned into a jumble of ideas. Some want to go back to a system similar to the one we had prior to the Affordable Care Act, others want to fix the issues in the current system, while still others want single-payer. While compromise feels unlikely at this point, it leaves a huge question for savers: What will health care look like when I retire? For that, there’s no clear answer.

And it’s a problem. As Washington debates, the cost of health care continues its precipitous climb. According to an estimate developed by the brokerage firm Fidelity, a couple retiring at age 65 can expect to spend $275,000 during retirement on medical expenses. It’s a 6 percent increase from 2016 estimates, and that doesn’t include covering certain health-related expenses, such as the cost of a nursing home.

There seems to be no end to this health-care rise, and it only fuels more speculation of how the system could change when you’re ready to actually tap the funds. All these unknowns make it difficult to plan, apart from saving as much as possible.

“Health coverage is going to look different in 20 or 30 years,” said Eric Dostal, a certified financial planner and advisor at Sontag Advisory. But Dostal added that, for planning purposes, it doesn’t matter what Washington is discussing as potential options for changing health care. Instead, he suggests you “plan for what you know today.”

Take advantage of an HSA

When clients ask advisor Phillip Christenson about health-care planning, he admits he has no idea how health care will look when they’re ready to tap funds. Therefore, he runs a few different scenarios, analyzing how much they will need if health-care costs inflate by 10 percent or 15 percent or more. “There’s no real answer, since we don’t know what’s going to happen in the future,” said Christenson, who co-founded Phillip James Financial.

If the clients need more savings, he will see if they qualify for a health savings account.

“The HSA is not only a huge benefit for medical costs, but it’s also like a secret IRA,” Christenson added.

According to the American Health Insurance Plans, the rate of HSA use has risen to 20.2 million last year, up from 3.2 million in 2006. It has become a popular tactic to earmark some retirement savings specifically for health care, since you can carry over the balance if you don’t use the funds for health-related costs.

More from Investor Toolkit:
Variable annuities, warts and all, might be right for you
Retirees leave $100B in Social Security benefits on table
How much those advisor fees are costing you

Contributions to the HSA are tax-free, and there’s a $6,750 limit for families. The earnings also grow tax-free and, if you use the funds for qualifying medical expenses, then the entire distribution circumvents the IRS.

“If it’s available to you, take advantage as much as possible, and try not to use it for health-care costs while working,” said Dostal at Sontag Advisory.

But not everyone qualifies. You have to enroll in a high-deductible — $2,600 for a family — health-care plan. Dostal is such a big supporter of the tool that, while his wife and kids are insured through her employer-provided health plan, he himself is enrolled in a separate, high-deductible plan so he can save through an HSA.

Check your work options

While the number of employers that offer health coverage to their retirees has dropped — to fewer than 25 percent today, down from 66 percent in 1988, according to the Kaiser Family Foundation — it’s worth a look to see if your company offers such coverage prior to retiring.

Often these plans last for at least a couple of years after retirement and they can protect new-retirees’ savings from a surprise health-care cost.

“It’s a good thing to get on,” said Christenson of Phillip James Financial. “You’ll know your costs, and it can also be subsidized by the employer.”

Watch out for long-term care

As insurance companies have cut back the length of coverage and increased the cost of long-term care insurance, advisors have found cheaper, more reliable tools to cover nursing care, such as saving more in a regular IRA.

“People that need [long-term care insurance] can’t afford it, and those that can afford it, don’t need it,” said Sontag Advisory’s Dostal.

Your Wealth: Weekly advice on managing your money

Sign up to get Your Wealth

i_am_old_ie = true;

But the average person will stay in an assisted living facility for over two years, with an average monthly cost of a private room in such a facility more than $8,000, which varies widely by state.

If there’s fear that a family member could spend a number of years in nursing care, then long-term care insurance becomes more attractive. Dostal determines the need for long-term care depending on the individual client’s history. He’ll ask them a series of family health questions, such as whether Alzheimer’s is prevalent in the family, to see if they, in fact, expect to have a long-term stay in a nursing home. He’ll also weigh whether the client wants to leave a significant inheritance. It’s easier to save for nursing care if you’re not worried about passing along a legacy to your children or grandchildren.

Whatever a client chooses, it’s an educated guess more than a guarantee. And that won’t change until health care’s complexity is solved.

— By Ryan Derousseau, special to CNBC.com

Investor Toolkit




  • No one knows what future health care will look like, but retirees can plan for tomorrow based on things they know today.




  • Some analysts are bullish about real-estate big-box retailers with high customer-satisfaction and engagement ratings.




  • Planning for retirement should include a hard look at health-care expenses, says one advisor.




  • You maxed out your 401(k) and are wondering how else to save on taxes. Here are six deductions to think about taking.

Financial Advisors




  • Access to private plays for accredited investors is up, and some advisors use this to differentiate their practice.




  • No one knows what future health care will look like, but retirees can plan for tomorrow based on things they know today.




  • No sector was hit harder than financials during the recession. Now the rotation back into banks has begun. Here’s why.

Latest Special Reports




  • Get inspired by My Success Story which profiles how people achieve their financial goals.




  • A globe-trotting look at the world of investing, from developed Europe and Asia trends to the least-traveled frontier markets.




  • High-end travel companies are pulling out all the stops to cash in on top clients.

Investing




  • “When it actually gets passed, you might want to be selling on that news,” strategist Jim Paulsen says.




  • Companies like Chipotle may benefit from the Republican Party’s plans to cut the corporate tax rate to 20 percent.




  • Buying Home Depot, General Electric, Nike and Goldman Sachs in December could make investors a lot of money, history shows.



Invest your way into health-care security

<!– –>


01f58_104864043-knee.530x298 Invest your way into health-care security

Health care has become one of the biggest — and most costly — unknowns during retirement. Financial advisors say ignore what you don’t know and prepare for the worst.

The health-care debate in the United States has turned into a jumble of ideas. Some want to go back to a system similar to the one we had prior to the Affordable Care Act, others want to fix the issues in the current system, while still others want single-payer. While compromise feels unlikely at this point, it leaves a huge question for savers: What will health care look like when I retire? For that, there’s no clear answer.

And it’s a problem. As Washington debates, the cost of health care continues its precipitous climb. According to an estimate developed by the brokerage firm Fidelity, a couple retiring at age 65 can expect to spend $275,000 during retirement on medical expenses. It’s a 6 percent increase from 2016 estimates, and that doesn’t include covering certain health-related expenses, such as the cost of a nursing home.

There seems to be no end to this health-care rise, and it only fuels more speculation of how the system could change when you’re ready to actually tap the funds. All these unknowns make it difficult to plan, apart from saving as much as possible.

“Health coverage is going to look different in 20 or 30 years,” said Eric Dostal, a certified financial planner and advisor at Sontag Advisory. But Dostal added that, for planning purposes, it doesn’t matter what Washington is discussing as potential options for changing health care. Instead, he suggests you “plan for what you know today.”

Take advantage of an HSA

When clients ask advisor Phillip Christenson about health-care planning, he admits he has no idea how health care will look when they’re ready to tap funds. Therefore, he runs a few different scenarios, analyzing how much they will need if health-care costs inflate by 10 percent or 15 percent or more. “There’s no real answer, since we don’t know what’s going to happen in the future,” said Christenson, who co-founded Phillip James Financial.

If the clients need more savings, he will see if they qualify for a health savings account.

“The HSA is not only a huge benefit for medical costs, but it’s also like a secret IRA,” Christenson added.

According to the American Health Insurance Plans, the rate of HSA use has risen to 20.2 million last year, up from 3.2 million in 2006. It has become a popular tactic to earmark some retirement savings specifically for health care, since you can carry over the balance if you don’t use the funds for health-related costs.

More from Investor Toolkit:
Variable annuities, warts and all, might be right for you
Retirees leave $100B in Social Security benefits on table
How much those advisor fees are costing you

Contributions to the HSA are tax-free, and there’s a $6,750 limit for families. The earnings also grow tax-free and, if you use the funds for qualifying medical expenses, then the entire distribution circumvents the IRS.

“If it’s available to you, take advantage as much as possible, and try not to use it for health-care costs while working,” said Dostal at Sontag Advisory.

But not everyone qualifies. You have to enroll in a high-deductible — $2,600 for a family — health-care plan. Dostal is such a big supporter of the tool that, while his wife and kids are insured through her employer-provided health plan, he himself is enrolled in a separate, high-deductible plan so he can save through an HSA.

Check your work options

While the number of employers that offer health coverage to their retirees has dropped — to fewer than 25 percent today, down from 66 percent in 1988, according to the Kaiser Family Foundation — it’s worth a look to see if your company offers such coverage prior to retiring.

Often these plans last for at least a couple of years after retirement and they can protect new-retirees’ savings from a surprise health-care cost.

“It’s a good thing to get on,” said Christenson of Phillip James Financial. “You’ll know your costs, and it can also be subsidized by the employer.”

Watch out for long-term care

As insurance companies have cut back the length of coverage and increased the cost of long-term care insurance, advisors have found cheaper, more reliable tools to cover nursing care, such as saving more in a regular IRA.

“People that need [long-term care insurance] can’t afford it, and those that can afford it, don’t need it,” said Sontag Advisory’s Dostal.

Your Wealth: Weekly advice on managing your money

Sign up to get Your Wealth

i_am_old_ie = true;

But the average person will stay in an assisted living facility for over two years, with an average monthly cost of a private room in such a facility more than $8,000, which varies widely by state.

If there’s fear that a family member could spend a number of years in nursing care, then long-term care insurance becomes more attractive. Dostal determines the need for long-term care depending on the individual client’s history. He’ll ask them a series of family health questions, such as whether Alzheimer’s is prevalent in the family, to see if they, in fact, expect to have a long-term stay in a nursing home. He’ll also weigh whether the client wants to leave a significant inheritance. It’s easier to save for nursing care if you’re not worried about passing along a legacy to your children or grandchildren.

Whatever a client chooses, it’s an educated guess more than a guarantee. And that won’t change until health care’s complexity is solved.

— By Ryan Derousseau, special to CNBC.com

Investor Toolkit




  • No one knows what future health care will look like, but retirees can plan for tomorrow based on things they know today.




  • Some analysts are bullish about real-estate big-box retailers with high customer-satisfaction and engagement ratings.




  • Planning for retirement should include a hard look at health-care expenses, says one advisor.




  • You maxed out your 401(k) and are wondering how else to save on taxes. Here are six deductions to think about taking.

Financial Advisors




  • Access to private plays for accredited investors is up, and some advisors use this to differentiate their practice.




  • No one knows what future health care will look like, but retirees can plan for tomorrow based on things they know today.




  • No sector was hit harder than financials during the recession. Now the rotation back into banks has begun. Here’s why.

Latest Special Reports




  • Get inspired by My Success Story which profiles how people achieve their financial goals.




  • A globe-trotting look at the world of investing, from developed Europe and Asia trends to the least-traveled frontier markets.




  • High-end travel companies are pulling out all the stops to cash in on top clients.

Investing




  • “When it actually gets passed, you might want to be selling on that news,” strategist Jim Paulsen says.




  • Companies such as Chipotle may benefit from the Republican Party’s plans to cut the corporate tax rate to 20 percent.




  • Buying Home Depot, General Electric, Nike and Goldman Sachs in December could make investors a lot of money, history shows.



Windows 10 Bug Exposing Users To Security Threats If They Delay Windows Updates

When Windows 10 arrived, doing away with Windows Updates seemed like an impossible task. But later, with FCU, Microsoft added the functionality to delay Windows 10 updates by up to 365 days.

This feature is helpful in the case of Windows 10 machines in corporate environments which have to be verified for software compatibility before installing an update.

For users running the Fall Creators Update, a bug is known to block the cumulative security updates (aka Quality updates) if they try to delay the feature updates using the Group Policy Editor, according to a thread on Microsoft TechNet forum.

Windows Updates can be delayed by visiting: Local Computer Policy Computer Configuration Administrative Templates Windows Components Windows Update Windows Update for Business “Select when Preview Builds and Feature Updates are received”.

According to some users, the issue can also be triggered via Windows 10 Settings Update Security Windows Update Advanced Options. Under “Choose how updates are installed” un-tick “Give me updates for other Microsoft products when I update Windows”.

1296c_Windows-10-Update-defer-updates Windows 10 Bug Exposing Users To Security Threats If They Delay Windows Updates

This problem isn’t related to another policy that allows the cumulative security updates to be delayed. Things get back to normal if the value is set to zero, i.e., no delay in installation of updates, or if you tick the option in Windows Updates. Once you do that, Windows 10 will start downloading the cumulative updates.

The problem seems to be concerning as depriving machines of security updates, released every month, would expose them to new bugs discovered for Windows.

Also Read: Windows 10 Now Runs On 600 Million Monthly Active Devices