September 2022

Download

Windows 11 2022 (22H2) is expected on Sept. 20th. This is the first major update to Windows 11.

New features include:

File Explorer has tabs similar to a web browser and more integration with OneDrive;

More flexible start menu;

The ability to drag and drop to the taskbar (as in Windows 10).

Windows 10 20H2 (November 2020 release) is no longer supported. Versions 21H1 and 21H2 are the currently supported versions. It is a free upgrade.  You can check your version by typing WINVER in the search bar.

Windows 10 22H2 will be released later this year. No significant new features are expected.

While Windows 10 will continue to receive updates, the interesting new features will go to Windows 11.

Microsoft is pushing everyone toward MS Office subscriptions.

Office 2016 & 2019 won’t be supported for connecting to Microsoft 365 services, including Exchange Online email, starting Oct 2023.

Microsoft will disable Exchange Online basic authentication for email starting October 1st.

As mentioned last month, some older printer/copiers may stop sending scans via email if configured to use older email authentication standards.

Hackers can steal clear text credentials from apps using basic authentication via several tactics, including social engineering and info-stealing malware.

QuickBooks 2023 released on Sept 6thPrices have gone up on all versions.

Desktop editions are now available only as a subscription, which must be renewed annually. They are pushing customers toward QuickBooks online, which also went up in price.

USB Standards

Most new laptops come with only USB-C adapters. The USB-C adapters have rounded edges and plug in with either side on top. These are also used on newer phones.

To use an older USB device, you will need a USB-C to USB2/3 adapter or docking station.

Not all USB-C cables and ports are the same, and not all older USB ports are the same.

This article has an excellent summary of the various standards and what can be interconnected.

USB4 Gen3 is the latest standard, which uses a USB-C connector. USB4 3.2 will be out next year.

iOS 12.5.6 released – primarily a security update.

iPhone 14 release event is Sept. 7

Microsoft Outlook has been shutting down after launch and/or requesting a password for some users.

This was due to problems with the Microsoft email servers and some updates.

Amazon acquires iRobot Roomba for $1.7B.

ECONOMY

Tech Layoffs In 2022: The U.S. Companies That Have Cut Jobs.

Intel blamed a 10 percent drop in PC sales for its sudden and rapid decline in revenue, noting that the poor economy had compounded the previous supply chain issues.

Microsoft is the latest tech giant to report decelerating advertising revenue.

New semiconductor law aims to create ‘Silicon Valleys’ across the U.S.

$10 billion in funding will go to support 20 research hubs.

China’s Chengdu to lock down millions over COVID outbreak (again).

Toyota to hike the price of steel supplies for parts makers by up to 30%.

The risk of a California megaflood

Climate change is likely increasing the risk of extreme precipitation events in California and of subsequent severe flood events…transforming the interior Sacramento and San Joaquin valleys into a temporary but vast inland sea nearly 300 miles in length.

The summer’s biggest climate disasters, seen from space.

SECURITY

More than 20 vendors are using a vulnerable Realtek chip in their network routers, such as  Tenda, Nexxt, Intelbras, D-Link, and others.

The chips supplied by Realtek are used by almost all well-known manufacturers and can be found in VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls.

Realtek addressed the issue in March, noting that it affects rtl819x-eCos-v0.x series and rtl819x-eCos-v1.x series. An attacker only needs the external IP address of the vulnerable device. This is actively being exploited. Exploitation is silent and requires no interaction from the user. Each vendor will need to release a firmware update for their device – they are not available yet.

CVE-2022-27255 detail

Realtek advisory

SANS article

Vulnerability in Cisco RV series routers.

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code.

The RV340 and  RV345 firmware updates resolve this problem.

We recommend replacing routers prior to the RV340/345 – there is no patch available.

Vulnerabilities in Foxit PDF Reader and PDF Editor – update here.

Google fined $60 million over Android location data collection.

MailChimp breach exposed DigitalOcean web hosting customer email addresses.

Twilio breach let hackers gain access to Authy 2FA accounts.

DoorDash discloses new data breach tied to Twilio hackers.

Plex data breach.

LastPass data breach.

No user passwords were compromised.

PayPal Phishing Scam uses invoices sent via PayPal.

If you follow these rules, you will not have to be as worried about data breaches:

  1. Always use a long passphrase.
  2. Never reuse a password.
  3. Always turn on 2-factor authentication (2FA), if possible.

HUMOR

TORIAN GROUP

We were able to reduce the cost of network device monitoring. Starting in October, routers/firewalls will now be $6.00/Month and managed switches will be at no additional charge.

Tim Torian

Newsletter Sign-Up

The Torian Group Times Newsletter is a service to our clients, and anyone who finds it useful. Topics include security updates; known problems with recent patches; new and upcoming software and hardware that might affect your business; and information about technology in the Visalia area.  It is free to anyone who wishes to subscribe by providing their name and email address. We will not do anything with this information other than sending the newsletter – no unsolicited marketing of any kind.

Subscribe to our Newsletters