Your Monthly Biz Tech Roundup from Seeto
Welcome to the August edition of Take Ctrl. As I sit writing this short introduction, the sun is in the sky, and Britain is basking in the heat of the high twenties and suffering the aftermath of what has been termed a global IT meltdown. Stories of tourists stranded abroad and operations that couldn’t go ahead continue to dominate the news feeds. Getting business tech right matters, but so does good governance. Great tech choices can quickly become poor choices, and it’s our business continuity planning that sets us apart.
We have all the news and views you need from the world of business tech this month.
Need To Know Now
Microsoft 365
More updates to Copilot for Microsoft 365
Copilot for Microsoft 365 got seven new features this month, including the ability to generate images directly in Word and PowerPoint and to convert a Word file or PDF to a presentation. Excel can now infer tables of data, saving users from formatting their data as a table before jumping into Copilot. The tool will help you get things done in Teams, suggesting ways to make your messages more impactful, and there are new features for Loop and SharePoint. As an additional subscription on top of Microsoft 365, Copilot for Microsoft 365’s integration with the Microsoft 365 applications makes it a great choice for organisations already in this ecosystem.
React any way you want to
Slack users have long been able to show their personal flair through custom emojis and reactions; Teams users were traditionally limited to the emojis that Microsoft provided. Brand teams, start your engines, as custom emojis and reactions are rolling out to Teams. Sure, you could download a confused-looking dog or a sparkly TY! (that’s thank you if it wasn’t obvious), but why not go big with custom emojis that let teams express your brand’s personality?
Google Workspace
See hear!
Google has recently released an accessibility feature that has almost universal appeal. When you upload a video to Google Drive, captions can now be automatically generated. English is supported for now, with more languages expected to follow. Given that this tech has been available on YouTube for some time, it’s great that Google is bringing the same technology to Drive.
Information Security
Patched: Apple Software Supply Chain Vulnerability
Many macOS and iOS applications were vulnerable to a security weakness in software called CocoaPods, which manages third-party code libraries in applications. More concerning is that the vulnerability went unnoticed for 10 years. The software had three significant vulnerabilities, which would have allowed bad actors to replace legitimate code libraries with malicious software inside commonly used Mac and iOS apps from legitimate companies like Microsoft, Meta and even Apple. This is a reminder that DevOps teams should never blindly trust the open-source dependencies used in their application code.
33 million mobile phone numbers leaked by Authy
Twilio, the parent company of MFA token storing service Authy, confirmed an unsecured API endpoint was used by attackers to verify the phone numbers of over 33 million Authy multi-factor authentication users. With this information, Authy users risk SIM-swapping attacks, where the user manipulates the telephone company into replacing the SIM card, and smishing attacks, otherwise known as phishing via text message – think parcel scams and the “mum, I’ve lost my phone” messages that have been doing the rounds lately.
Microsoft Entra-s the identity market
Microsoft’s Entra line of products is expanding. The new Entra Suite allows organisations to offer employees passwordless authentication and single sign-on for the company’s apps and network systems. Tools available to subscribers can replace VPNs, an on-premises Secure Web Gateway, and more. Entra Suite is an add-on and requires an existing Entra P1 subscription, which is included with Microsoft 365 Business Premium.
Squarespace domains hijacked
Squarespace bought out the Google Domains business a year ago, including the 10 million domains registered with the service, when Google exited the market. At the beginning of July, at least a dozen customers saw their websites hijacked. It is understood that malicious actors could take over some migrated accounts by entering an email address tied to the domain. The required information is often publicly available through the WHOIS system, making the attack easy.
Businesses that registered their domains through Google Domains should ensure that their new Squarespace account is logged into at least once and perhaps evaluate whether they’re still getting the best price and service.
Anti-malware update grounds flights, cancels operations, interrupts bureaucracy
This news was hard to miss. On 19 July, an update to Crowdstrike’s anti-malware software rendered millions of computers unusable, stuck in a constant loop of reboots and errors. What we know now is that insufficient testing meant a file from the application that interacts with the Windows kernel was released and caused Windows to crash. The solution required hands-on access to every computer, leading to pictures of airport IT teams climbing ladders to keep passengers moving. For that reason, it’s expected that the incident will continue to roll on for some time. Microsoft is re-examining whether they should permit third parties to interact with Windows at such a foundational level.
Read more at BBC News
Read more at The Register
Read more at CrowdStrike
Starting Monday, North Korean hackers
How good are your vetting processes? Is everyone you employ who they say they are? As phishing testing service KnowBe4 found out, not every new starter is who they seem. The background and other pre-hiring checks came back clear; however, the new starter used a valid but stolen US-based identity. Their IT team noticed the new starter loading malicious software onto the Mac they had been sent and were able to act quickly. Could your business respond as quickly? The article offers advice for HR and technology teams on mitigating this risk.
Gone but never forgotten
Did you delete a GitHub repository? It might not be deleted, and Microsoft doesn’t see the problem. Data from deleted GitHub repositories (both public and private) and from deleted copies (forks) of repositories isn’t necessarily deleted, and being able to access deleted repo data, which we hope never includes secrets, represents a security risk. Although the issue affects all Git repo hosting platforms, GitHub’s forks and auto-completion exacerbate the issue. There’s no solution, so development teams and managers must be aware.
Legitimate spam 🤢
Have you had a suspicious-looking but apparently legitimate email recently? Your spidey senses were probably right. Email security company Proofpoint has a vulnerability that allows malicious actors to send spam emails that appear to legitimately have been sent by the brand. The issue occurred because of an insecure default configuration in the Proofpoint mail relay service. Proofpoint customers should carefully review their relay configurations to restrict or block non-organisation members from sending outgoing mail from their domain.
Windows
Did you mean a Note Pad?
Notepad on Windows 11 now has built-in spellcheck and autocorrect. Not everyone is thrilled by these developments, including the Seeto team, whose comments ranged from “the whole point of Notepad is to KISS” to “Install Notepad++”. Given that Microsoft has recently removed Wordpad from Windows 11, it sort of makes sense that they would move some of its functionality to the surviving app, but the joy of Notepad was its simplicity.
Bitlocker keys at the ready, recovery in 3…2…1…
July’s Windows security update might send users to a BitLocker recovery screen if their PCs have BitLocker encryption turned on. The issue affects Windows 10, Windows 11, and every currently supported Windows Server operating system. This is a reminder to keep a copy of your BitLocker recovery key safe. Affected Seeto customers should raise a support request.
Hello 23H2 update
Great news, everyone. Windows 11 version 23H2 is finally available for all Windows users. Initially released almost a year ago, it was an opt-in upgrade. Windows 11 version 24H2, the next big Windows 11 release, will arrive later this year. It’s already pre-installed on Copilot+ PCs. It is expected to bring new features such as HDR background support, Sudo for Windows, improved energy saver, Wi-Fi 7 support, and new AI features.
MacOS
Update your Mac, now
Apple has issued updates for MacOS Sonoma, Ventura and Monterey that include over 100 fixes for security vulnerabilities. Go check for updates now before you do anything else.
Digital Workspace
HubSpot acquisition is off
Google has decided it won’t buy HubSpot after all, and HubSpot shares have fallen on the news.
Are you an Excel wizard?
Excel is a powerhouse, but most users aren’t getting everything they can from the spreadsheet tool. This list of Excel tips will take you from beginner to expert. In the words of RuPaul: “You better work(sheet)”.
Abra-Chrome-dabra
It’s not just magicians who can make things disappear. After a dodgy update, Google made 15 million Windows Chrome users’ passwords disappear. Fortunately, a fix was pushed within a day, and the pesky passwords have reappeared for affected users.
Artificial Intelligence
Nom nom PDFs
Google’s Gemini has been a very naughty AI. A user noticed that every time they opened a PDF without asking, Google Gemini would scan and summarise the document. Sure, it might be helpful, but I’m sure you’d agree that it’s probably not what you want when the document in question is your tax return. Sharing the information with the Inland Revenue is in your best interest (bring on the tax refund), but it probably shouldn’t be in Google’s hands. The user who experienced this was told the feature couldn’t be turned off, so Gemini subscribers might want to think about what personal information they upload to Google Drive.
Recent OS Updates
Last updated 5 August 2024
Windows
Microsoft currently supports Windows 10 and Windows 11.
- Windows 10 version 22H2 (10.0.19045)
- Windows 11 version 22H2 (10.0.22621) and version 23H2 (10.0.22631)
macOS
Apple officially supports the following Mac operating systems:
- macOS Sonoma 14.6
- macOS Ventura 13.6.8
- macOS Monterey 12.7.6
iOS and iPadOS
The supported iPhone and iPad operating systems are:
- iOS 17.6
- iPadOS 17.6
Android
Google supports the following Android operating systems:
- Android 14
- Android 13
- Android 12
Note that your device manufacturer may not support every version that Google produces security fixes for.
Learn how to check and update your Android version here.