Skip to main content
Please wait...

How to make sense of Microsoft’s upcoming mail security changes

2 months ago

With Microsoft about to shut off some versions of Outlook from access to Microsoft 365 and Outlook 365 services — that happens Nov. 1 — it’s important to remember this isn’t the only change coming for Outlook. A second change scheduled for next year may have a bigger impact on how you connect your email client — and may affect other email apps, too.

Because it could affect many users and businesses, Microsoft is giving everyone fair warning — a year in advance. On Oct. 1, 2022, Microsoft will be disabling basic authentication for its online mail services. This isn’t the first time the company has warned us about this. It had planned to disable authentication earlier this year before realizing it couldn’t do so without impacting businesses and users still struggling amid the pandemic. Hence, the delay.

To read this article in full, please click here

Susan Bradley

How to make sense of Microsoft’s upcoming mail security changes

2 months ago

With Microsoft about to shut off some versions of Outlook from access to Microsoft 365 and Outlook 365 services — that happens Nov. 1 — it’s important to remember this isn’t the only change coming for Outlook. A second change scheduled for next year may have a bigger impact on how you connect your email client — and may affect other email apps, too.

Because it could affect many users and businesses, Microsoft is giving everyone fair warning — a year in advance. On Oct. 1, 2022, Microsoft will be disabling basic authentication for its online mail services. This isn’t the first time the company has warned us about this. It had planned to disable authentication earlier this year before realizing it couldn’t do so without impacting businesses and users still struggling amid the pandemic. Hence, the delay.

To read this article in full, please click here

Susan Bradley

Apple deepens its engagement in enterprise security

2 months ago

The switch to mobile and remote work exposed grim security realities for many companies during the pandemic, and this seems to be driving change at the very top of the tech tree. For example, Apple has joined the Cyber Readiness Institute (CRI) as a co-chair.

Apple takes a seat

The Institute focuses on helping SMBs (small and mid-sized businesses) improve security practices by developing free resources to help them. This builds on the work platform providers already do to secure their platforms by educating and preparing enterprise customers with enhanced security awareness.

To read this article in full, please click here

Jonny Evans

Apple deepens its engagement in enterprise security

2 months ago

The switch to mobile and remote work exposed grim security realities for many companies during the pandemic, and this seems to be driving change at the very top of the tech tree. For example, Apple has joined the Cyber Readiness Institute (CRI) as a co-chair.

Apple takes a seat

The Institute focuses on helping SMBs (small and mid-sized businesses) improve security practices by developing free resources to help them. This builds on the work platform providers already do to secure their platforms by educating and preparing enterprise customers with enhanced security awareness.

To read this article in full, please click here

Jonny Evans

Chrome, Edge kick off faster release cadence; enterprises can skip versions

2 months 1 week ago

Google's Chrome and Microsoft's Edge began their every-four-weeks release cadence with the launch last week of version 94 of each browser.

Google released Chrome 94 on Sept. 21, while Microsoft issued Edge 94 three days later, on Sept. 24.

From those dates, Chrome and Edge will upgrade every four weeks. Chrome 95 and Edge 95, for example, will debut Oct. 19 and Oct. 21, respectively. There will be exceptions to that pace for holidays, however. For instance, Chrome 96, the final version of 2021, will release Nov. 16, and be followed by Chrome 97 on Jan. 4, 2022, a seven-week interval.

Google announced the then-upcoming change to a more frequent release schedule in early March; Microsoft quickly followed with news of its own several days later.

To read this article in full, please click here

Gregg Keizer

Chrome, Edge kick off faster release cadence; enterprises can skip versions

2 months 1 week ago

Google's Chrome and Microsoft's Edge began their every-four-weeks release cadence with the launch last week of version 94 of each browser.

Google released Chrome 94 on Sept. 21, while Microsoft issued Edge 94 three days later, on Sept. 24.

From those dates, Chrome and Edge will upgrade every four weeks. Chrome 95 and Edge 95, for example, will debut Oct. 19 and Oct. 21, respectively. There will be exceptions to that pace for holidays, however. For instance, Chrome 96, the final version of 2021, will release Nov. 16, and be followed by Chrome 97 on Jan. 4, 2022, a seven-week interval.

Google announced the then-upcoming change to a more frequent release schedule in early March; Microsoft quickly followed with news of its own several days later.

To read this article in full, please click here

Gregg Keizer

Apple, 1Password, and Cloudflare all move to protect email

2 months 1 week ago

Apple’s new Hide My Email feature, designed to protect users against phishing attacks and unwanted marketing spam, has swiftly become but one of a variety of options now available.

The river becomes a flood

For a very long time, the daily ritual of checking email accounts has been one in which many of us must first delete the majority of messages received because our addresses have been sold all over the place. Spam filters help, but in my experience plenty gets through — and you can’t easily tell who shared your address(es) in the first place.

Everyone is at it. Capturing and selling email addresses and data about people is a big business. Not only that, but most privacy and security breaches begin with phishing emails carrying suspect links and fraudulent requests for personal information.

To read this article in full, please click here

Jonny Evans

Apple, 1Password, and Cloudflare all move to protect email

2 months 1 week ago

Apple’s new Hide My Email feature, designed to protect users against phishing attacks and unwanted marketing spam, has swiftly become but one of a variety of options now available.

The river becomes a flood

For a very long time, the daily ritual of checking email accounts has been one in which many of us must first delete the majority of messages received because our addresses have been sold all over the place. Spam filters help, but in my experience plenty gets through — and you can’t easily tell who shared your address(es) in the first place.

Everyone is at it. Capturing and selling email addresses and data about people is a big business. Not only that, but most privacy and security breaches begin with phishing emails carrying suspect links and fraudulent requests for personal information.

To read this article in full, please click here

Jonny Evans

On app tracking, both Android and iOS have to do better

2 months 1 week ago

Mobile app use continues to climb in enterprises worldwide, and it won’t be long before almost all employee/contractor communications take place over mobile devices. That’s why it’s such a threat to security and compliance that mobile apps have extensive access to everything on a device — and few limitations on what those apps can share.

Apple argues that it’s already doing something about this in iOS with its app tracking transparency push. But a report in The Washington Post last week undermines the company’s promises. Why? Because Apple has been trusting app vendors to actually do what they agree to do. (No one could have foreseen that blowing up.)

To read this article in full, please click here

Evan Schuman

On app tracking, both Android and iOS have to do better

2 months 1 week ago

Mobile app use continues to climb in enterprises worldwide, and it won’t be long before almost all employee/contractor communications take place over mobile devices. That’s why it’s such a threat to security and compliance that mobile apps have extensive access to everything on a device — and few limitations on what those apps can share.

Apple argues that it’s already doing something about this in iOS with its app tracking transparency push. But a report in The Washington Post last week undermines the company’s promises. Why? Because Apple has been trusting app vendors to actually do what they agree to do. (No one could have foreseen that blowing up.)

To read this article in full, please click here

Evan Schuman

Survey says! What my informal survey shows about Windows

2 months 1 week ago

Several weeks ago, I asked readers to answer 11 questions about Windows. More than 1,000 people submitted responses, and while the results aren’t statistically valid, they do shed light on attitudes to Microsoft’s operating system

What do users run?

Not surprisingly, most respondents (74.75%) run some variation of Windows 10, with another 9.7% still on Windows 7. Linux was third, with 5.94%; “other” — a mixture of Windows 11, Windows XP, Chromebook, and even one Windows 98 user — had 4.55%. (I’m just hoping Windows 98 wasn’t used to answer the online survey questions.) The Mac was next, with 1.98%, followed by a smattering of phone platforms.

To read this article in full, please click here

Susan Bradley

Survey says! What my informal survey shows about Windows

2 months 1 week ago

Several weeks ago, I asked readers to answer 11 questions about Windows. More than 1,000 people submitted responses, and while the results aren’t statistically valid, they do shed light on attitudes to Microsoft’s operating system

What do users run?

Not surprisingly, most respondents (74.75%) run some variation of Windows 10, with another 9.7% still on Windows 7. Linux was third, with 5.94%; “other” — a mixture of Windows 11, Windows XP, Chromebook, and even one Windows 98 user — had 4.55%. (I’m just hoping Windows 98 wasn’t used to answer the online survey questions.) The Mac was next, with 1.98%, followed by a smattering of phone platforms.

To read this article in full, please click here

Susan Bradley

Apple needs to act against fake app-privacy promises

2 months 1 week ago

Apple will need to become more aggressive in how it polices the privacy promises developers make when selling apps in the App Store. What can enterprise users do to protect themselves and their users in the meantime?

What’s the problem?

Some developers continue to abuse the spirit of Apple’s App Store Privacy rules. This extends to posting misleading information on App Privacy Labels, along with outright violation of promises not to track devices. Some developers continue to ignore do-not-track requests to exfiltrate device-tracking information.

To read this article in full, please click here

Jonny Evans

Apple needs to act against fake app-privacy promises

2 months 1 week ago

Apple will need to become more aggressive in how it polices the privacy promises developers make when selling apps in the App Store. What can enterprise users do to protect themselves and their users in the meantime?

What’s the problem?

Some developers continue to abuse the spirit of Apple’s App Store Privacy rules. This extends to posting misleading information on App Privacy Labels, along with outright violation of promises not to track devices. Some developers continue to ignore do-not-track requests to exfiltrate device-tracking information.

To read this article in full, please click here

Jonny Evans

A penchant for patching: After 20 years, the system’s still a mess

2 months 2 weeks ago

As a Microsoft Patch Lady, I’ve been patching computers and servers for more than 20 years. We started with a process that wasn’t well planned. We had no set day or time for when patches were released, and no way to centrally manage and deploy updates. Over the years Microsoft has moved to a more dependable deployment plan and the ability to manage updates through platforms ranging from Windows Update to Windows Software Update Services to Cloud services.

So things should be better now, right? We’ve had 20 years to get this right.

And yet, here’s what I’ve seen regarding patching in just the last week.

We are now on three months and counting of continuing issues with printing caused by patches. (This month included yet another fix for another print spooler vulnerability.) I’ve seen businesses dealing with new side effects directly impacting printing and, interestingly enough, these are businesses that didn’t have problems with earlier updates. This month, Windows 10 peer-to-peer networks appear to be the most affected. (FYI: The trigger for all of these printer issues seems to be older Type 3 printer drivers. Moving to type 4 drivers might help if that’s an option for you.)

To read this article in full, please click here

Susan Bradley

Legacy apps are at risk with the September Patch Tuesday update

2 months 2 weeks ago

This week's Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our "Patch Now" schedule.

These updates are driven by the zero-day patch (CVE-2021-40444) to the core Microsoft browser library MSHTML. In addition to leading to significant remote code execution worries, this update may also lead to unexpected behaviours in legacy applications that depend on or include this browser component. Be sure to assess your portfolio for key apps that have these dependencies and perform a full functionality test before deployment. (We have identified some key mitigation strategies for handling ActiveX controls and for protecting your system during your testing and deployment phases.)

To read this article in full, please click here

Greg Lambert

It’s been a big week for patches

2 months 3 weeks ago

This week brought updates that I consider critical for the “Big Three” — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.

While I strongly recommend that you patch Chrome and your iPhone as soon as possible, I always recommend that you hold back on updating Windows. That remains true — at least until we see whether there are any trending side effects from the Patch Tuesday updates.

Let’s break down the patching to do right away.

First, prioritize patching Apple devices. Among this week’s patches is one for Pegasus spyware, which can open up access to the camera and microphone as well as text messages, phone calls, and emails.  iPhones, in particular, have been targeted. Apple typically pushes these updates overnight if your phone is plugged in and charging (and connected to the Internet). If you want to make sure your iPhone has received the update, click on Settings, then General, then tap Software Update. Typically, after my iPhone updates, some apps may need passwords again. I personally try to save critical ones in the iCloud keychain. Look for patches for iOS 14.8 and iPad OS 14.8, and Security Update 2021-005 for macOS Catalina and Big Sur 11.6.

To read this article in full, please click here

Susan Bradley

Windows 11: Just say no

2 months 3 weeks ago

It will be one thing, say, later this year or in 2022, to buy a new PC with Windows 11. We can be reasonably certain that Windows 11 will run on your new Dell, HP, or Lenovo PC. Maybe some of your drivers and programs won't run, but Windows 11 itself? No problem.

But, if you want to update your existing computers, especially those that have a few years on them — that’s another story. It's difficult to know whether any given computer will run Windows 11, which arrives Oct. 5. Yes, there's Microsoft's PC Health Check app and other programs to determine whether you can run Windows 11. But Microsoft pulled it the first time around and I'm none too sure how reliable it is this time around.

To read this article in full, please click here

Steven J. Vaughan-Nichols

Apple hits the alarm with multi-OS emergency update to patch zero-click flaw

2 months 3 weeks ago

Apple on Monday issued emergency security updates for iOS, macOS and its other operating systems to plug a hole that Canadian researchers claimed had been planted on a Saudi political activist's device by NSO Group, an Israeli seller of spyware and surveillance software to governments and their security agencies.

Updates to patch the under-active-exploit vulnerability were released for iOS 14; macOS 11 and 10, aka Big Sur and Catalina, respectively; iPad OS 14; and watchOS 7.

According to Apple, the vulnerability can be exploited by "processing a maliciously crafted PDF," which "may lead to arbitrary code execution." The phrase "arbitrary code execution" is Apple's way of saying that the bug was of the most serious nature; Apple does not rank threat level of vulnerabilities, unlike operating system rivals such as Microsoft and Google.

To read this article in full, please click here

Gregg Keizer
Checked
6 minutes 36 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.