Your Monthly Biz Tech Roundup from Seeto

Welcome to the February edition of Take Ctrl, bringing you up to speed with the latest news and views from the world of business technology in 2024. February is set to be a busy month for the foodies among us, with Chinese New Year, Pancake Day and Valentine’s Day set to tickle our palettes. 

We’re putting the spotlight on “Need to Know Now” this month, taking a long look at the information security risks that are already plaguing 2024 and dipping into the latest improvements to Google Workspace and Microsoft 365.

Need To Know Now

Information Security

Update Secure Shell (SSH) servers and clients

A flaw in the Secure Shell protocol published in December could allow an attacker in a privileged position to render Secure Shell sessions insecure. The writeup is technical, but the advice is clear, update your SSH server and client applications now. Versions known to be secure are listed on the National Vulnerability Database link below.

Read more about the vulnerability at The Hacker News
See known vulnerable software at the NIST National Vulnerability Database

Ban payments, no ransom?

A New Zealand antivirus provider has called for a complete ban on ransom payments. They estimate that, in the US, ransomware killed over 70 people between 2016 and 2021 and believe that paying ransoms only encourages threat actors. That should be contrasted with research from ransomware negotiation firm Coveware, which found that the percentage of ransomware victims paying ransom demands dropped to a record low of 29% in Q4 2023.

Read more about banning ransomware payments at The Register
Read more about Coveware’s research at Bleeping Computer

Taking down account takeover

If you don’t already know Rachel Tobac, she is the friendly face of account takeover (Seriously). Following the SEC Twitter/X account hack, her recent LinkedIn article gives straightforward tips to protect your personal, business, and high-profile social media accounts against account takeover.

Read the tips on LinkedIn

Obsessed with Blink-182

NordPass has examined publicly available compromised passwords to compile a list of the most popular passwords for 2023, and pop culture is topping the list. You might wear your fandom on your sleeve, but you shouldn’t put it in your password, as it’s likely easy to guess.

Read more at IT Brew

Don’t poke the bear

The German courts have given us clear reasons why policies dealing with identifying security weaknesses always say report, but don’t poke around. An IT consultant in Germany has been fined for exposing a software as a service provider’s poor security.

Read more at The Register

Pirated software starts malware party

As we say in Yorkshire, “you don’t get owt for nowt”, but in the case of pirated MacOS software, the security team at mobile device management software provider JAMF has found users were downloading a lot more than they bargained for. This is your regular reminder to only install software from reputable sources.

Read more at MacWorld

Microsoft: a lesson in non-production security

For our readers who offer in-house or externally developed software-as-a-service solutions to their customers, securing their customer-facing infrastructure and software is a given, but what is sometimes overlooked is how secure internal facing development and test systems are. But “it’s not a problem”, you say, “there’s no customer data in those systems!”. Are you sure? When alleged Russian hackers accessed corporate email accounts via a poorly secured development environment, Microsoft found this out the hard way. Microsoft has published guidance based on their learnings.

Read more at PC Gamer
Read about how to protect your infrastructure at Dark Reading

Add changing your Trello password to your To Do column

Trello users, its time to change your Trello and/or Atlassian account password, as bad actors have managed to scrape the data, including names, of 15 million users from the popular service. Apparently, the service itself was not broken into, but email addresses from previous breaches were fired at Trello’s API to see who had an account. Users who reuse passwords across different services are at risk of a data breach and should change their passwords sharpish.

Read more at Help Net Security

Upgraded to iOS 17.3? Turn on stolen device protection

You run your life on your phone, so if you have an iPhone, there’s a new security feature to opt into that will help protect your phone when it’s away from familiar locations and if it is ever stolen. Apple protects your phone by requiring touch ID or face ID when performing high-risk actions in unfamiliar places; for the highest-risk actions, you’ll need to authenticate, wait a while and authenticate again. Although it sounds a little inconvenient, it won’t happen in the places you most often go and helps to trip up a thief.

Read more at Lifehacker
Read more at Apple Support

Last year’s Okta breach has a long reach

Cloudflare has reported that their internal JIRA and Confluence server was accessed by an alleged nation-state attacker. No data was accessed, but this highlights the risk of supply chain attacks.

Read more at Bleeping Computer

Google Workspace

Meet, share, succeed

Google has made it easy to share files in Google Workspace with individuals and groups, but now it’s possible to share files with meeting attendees straight from Google Drive. Simply open the sharing dialog for any file and search by meeting title.

Read more at the Google Workspace Updates blog

London, Paris, Milan, Google Meet

Rupaul tells us, “Hit ’em with your catwalk, everywhere you go,” and now you can combine multiple video effects as well as improve lighting so your Google Meet meetings will look better than ever. Work it!

Read more at the Google Workspace Updates blog

I’m free!

For those not using the Google Calendar appointment scheduling experience, why not? It makes taking appointment bookings easy and cuts out meeting ping-pong (you know what I mean). If your meetings being across multiple calendars has held you back, you can now choose which calendars affect your appointment availability.

Read more at the Google Workspace Updates blog

Microsoft 365

Want your own Copilot?

Copilot was launched for enterprise customers with a big price tag and a high minimum purchase back in November 2023, after a long preview period. Now the rest of us get a chance to turbocharge our workdays and personal projects, as Copilot Pro is launched for Microsoft 365 Personal or Family subscribers and the 300-seatminimum for Microsoft 365 Business and Enterprise subscribers is dropped. Copilot for businesses is an additional $30 per user per month.

Read more at The Verge

Power and (webcam) control

Microsoft Teams hasn’t always made it easy to choose which webcam and which audio devices it uses in a call. Most of us with headphones, speakers and a webcam or two know where to choose how we’re seen and heard in the settings. It’ll soon change as Microsoft moves these settings to a downward arrow next to the camera or mic button on the meeting toolbar to make it easier to fix your audio and video settings.

Read more at The Verge

Digital Workspace

Chrome, review my lunch

Nobody can escape the creep of generative AI. Now AI-powered features are coming to Google Chrome. You’ll be able to automagically group your tabs by theme, generate a personalised visual theme for your Chrome browser with just a couple of clicks and even draft text in text fields on the web. These features are switched off for corporate accounts but expect to see them land soon.

Read more at The Google Blog

Recent OS Updates

Last updated 5 August 2024

Windows

Microsoft currently supports Windows 10 and Windows 11.

  • Windows 10 version 22H2 (10.0.19045)
  • Windows 11 version 22H2 (10.0.22621) and version 23H2 (10.0.22631)

macOS

Apple officially supports the following Mac operating systems:

  • macOS Sonoma 14.6
  • macOS Ventura 13.6.8
  • macOS Monterey 12.7.6

iOS and iPadOS

The supported iPhone and iPad operating systems are:

  • iOS 17.6
  • iPadOS 17.6

Android

Google supports the following Android operating systems:

  • Android 14
  • Android 13
  • Android 12

Note that your device manufacturer may not support every version that Google produces security fixes for.

Learn how to check and update your Android version here.