February 2023

Download

Extended support ended January 10th for Server 2008 R2.

Support for Server 2012 R2 will end in October 2023. Make sure you start planning now. It will come sooner than you think.

Extended support has ended for Windows 8.

Chrome Browser version 110 (tentatively scheduled for release on February 7th, 2023) is the first version of Chrome that requires Windows 10 or later.

Windows Server 2012 / R2: Edge gets support until October 10, 2023.

Google is also phasing out support for the Chromium browser on those platforms. Consequently, Microsoft has also discontinued support for the Chromium-based version of the Edge browser.

Windows 10 Home and Pro retail license sales ended on Jan. 31. They can still be purchased through a reseller while they have stock.

Microsoft has started the forced rollout of Windows 11 22H2 to systems approaching their end-of-support (EOS) date on October 10, 2023.

Users with Torian Group managed services will not be affected.

Microsoft has announced that the free offer of Microsoft Teams (classic) will be terminated effective April 12, 2023. Companies should switch to the paid Microsoft Teams Essentials subscription.

There is still an option from Microsoft to sign up for a more limited free version of Microsoft Teams.

Microsoft 365 Basic subscription (without Office and Windows) with 100 GB OneDrive storage is $1.99/Month. This includes an ad-free and “secure” e-mail inbox with Outlook.com.

Microsoft changed e-mail storage accounting for Outlook.com. Starting on February 1, 2023, the space used by e-mail attachments is now counted against the OneDrive quota for that customer. This applies only to Outlook.com mailboxes, including the older domains now part of Outlook.com (e.g., Hotmail.com, Live.com, and MSN.com).

Volume² is a helpful program to provide audio volume control by application in Windows.

Download it from OlderGeeks.com. This site provides safe, ad-free downloads of all sorts of free software.

Microsoft Designer is in open beta, free for now. Graphic Design software is designed to be easy to use.

Anyone can ask to join the trial at  https://designer.microsoft.com/.

Google’s AI Makes Its Own AI Children

They’ve managed to create an AI that designs its own AI – and its creations have gone from analyzing words to disseminating complex imagery in months.

ChatBot free access. Microsoft is planning to incorporate ChatBot into its products.

You can try it now with Word using GhostWriter, available for $10 from the Windows store.

ChatBot is an AI text generator.

AI text detector GPTZero (also free) does a good job identifying AI-generated text.

Apple iOS 16.3  and macOS Ventura 13.2 includes support for hardware security keys.

Apple releases MacBook Pro and MacBook Mini.

Smithsonian Open Access (free) offers images and 3D models of art and historical objects.

ECONOMY

AMD admits to restraining chip supply to keep higher CPU and GPU prices.

Sony and Nvidia are employing similar tactics.

Tech companies added 17,600 workers in December, the 25th straight month of net employment growth –

despite announcements of layoffs.

Despite the global turmoil, this upsurge in online activity during the pandemic led to a boon for tech companies. They pulled in record levels of revenue, which created record profits and fueled a hiring frenzy. Many tech companies are correcting back to pre-pandemic levels.

“If you look for reasons for why companies do layoffs, the reason is that everybody else is doing it,” Pfeffer is quoted in the report.  “Layoffs are the result of imitative behavior and are not particularly evidence-based.

Microsoft will reduce its worldwide workforce by 5% (10,000 jobs) due to economic uncertainty. Before that, it had hired 77,000 people dating back to just before the pandemic, in mid-2019.

Intel Cuts Pay to Cut Costs.

Apple suffers 1st revenue drop since 2019 on lower demand and problems in China.

Dell to slash over 6,000 jobs amid “uncertain market future”.

PayPal, HubSpot, and Workday announce mass layoffs.

The Decline of the Nice-to-Have Economy (WSJ Subscription required)

SECURITY

Comcast Xfinity accounts were hacked in widespread 2FA bypass attacks.

It does not seem that Xfinity e-mail is secure at this time.

I hope the examples below will motivate you not to reuse passwords and to set up 2-Factor Authentication. Passwords alone are often easy to crack with modern tools.

Norton LifeLock password manager had 925,000 accounts attacked with credential-stuffing tools. More details.

More than 80% of people reuse passwords for multiple accounts, allowing hackers with access to lists of leaked credentials to repeatedly test out username and password combinations.

There is now software available to hackers that costs as little as $500 and allows them to test out e-mail and password combo lists. “Today’s automated credential cracking and credential stuffing tools are designed to check hundreds of thousands of credential combinations against multiple websites,”

Mobile applications, which often have weaker security protocols than traditional web applications, frequently permit a higher rate of login attempts, known as checks per minute (CPMs), facilitating faster account compromise.

One of many hacking tools for password checking/cracking

Because people commonly use the same password at every site, cybercriminals can take over accounts without cracking passwords or phishing any other information.

Easily cracked passwords and lack of multifactor authentication Put Critical DOI Systems at Risk.

A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes.

To make their point, the watchdog spent less than $15,000 on building a password-cracking rig — a setup of a high-performance computer or several chained together — with the computing power designed to take on complex mathematical tasks, like recovering hashed passwords. Within the first 90 minutes, the watchdog was able to recover nearly 14,000 employee passwords, or about 16% of all department accounts, including passwords like ‘Polar_bear65’ and ‘Nationalparks2014!’.

Zacks Investment Research data breach affects 820,000 clients

Only customers of the Zacks Elite product that joined between November 1999 and February 2005 were affected. Full names, addresses, phone numbers, e-mail addresses, and user passwords were exposed.

PayPal Warns 35,000 Users of Credential Stuffing Attacks.

Attackers likely obtained the login credentials via phishing or dark web user lists, as it found no evidence that the company’s systems were breached. Such attacks are possible due to the reuse of credentials across multiple services and failing to enable 2FA.

The attackers were able to access and potentially steal personal information, including names, addresses, phone numbers, birth dates, individual tax identification numbers, and Social Security numbers.

The FBI warns that threat actors are using residential proxies to hide their actual IP address behind ones commonly associated with home users.

Typically, these proxies are made available to cybercriminals by hacking legitimate residential devices such as modems or other IoTs or through malware that converts a home user’s computer into a proxy without their knowledge.

LastPass Faces Class-Action Lawsuit Over Password Vault Breach.

Bitwarden and 1Password password vaults targeted in Google ads phishing attack.

Several password managers are being targeted in Google ads phishing campaigns to steal users’ password vault credentials.

When users start using unique passwords at every site, it has become essential to use password managers to keep track of all the passwords.

These passwords are stored in the cloud in “password vaults” that keep the data in an encrypted format, usually encrypted using users’ master passwords. These master passwords are an attractive target for hackers.

Default KeePass Setup Allows Password Theft.

KeePass is another password manager. Always change default security settings for sensitive software.

T-Mobile customers are at heightened risk of phishing attacks due to a data breach.

This is the second time. In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers, and driver’s license/ID information of more than 40 million customers who applied for credit with the company.

Google Fi Was Hacked.

Google announced that user accounts for its cell network service, Google Fi, had been compromised. The breach appears to have resulted from the hack on Google’s service provider, T-Mobile.

Identity Thieves Bypassed Experian Security to View Credit Reports.

TruthFinder, Instant Checkmate confirm data breach affecting 20M customers.

These sites provide information about people for a fee. Hacked customer information includes e-mail addresses, hashed passwords, first and last names, and phone numbers.

Another security flaw found in car software, including Mercedes-Benz and Ferrari.

Nissan North America data breach caused by vendor-exposed database.

Catalog of commonly used hacking techniques.

FortiOS 7.2.4 for Fortinet routers has been released.

HUMOR

TORIAN GROUP

As mentioned last month, we will raise our hourly rate to $150/Hour (7% increase) starting on April 1, 2023, to keep up with costs. Travel time will be $80/Hour.

Tim Torian

Newsletter Sign-Up

The Torian Group Times Newsletter is a service to our clients, and anyone who finds it useful. Topics include security updates; known problems with recent patches; new and upcoming software and hardware that might affect your business; and information about technology in the Visalia area.  It is free to anyone who wishes to subscribe by providing their name and email address. We will not do anything with this information other than sending the newsletter – no unsolicited marketing of any kind.

Subscribe to our Newsletters