Technology Information: News, Announcements, Alerts, and Resources
changes to email authentication for google and yahoo - Tue, dec. 19 & Mon, jan. 8
This past October (2023), Google and Yahoo announced the enforcement of improved email authentication standards for bulk email senders (organizations who sent more than 5,000 messages to Gmail or Yahoo addresses in one day). This change has a broad reach and will impact many organizations sending any form of email to a group.
Google’s official announcement: https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Common services used for bulk email sending:
Mailchimp announcement: https://mailchimp.com/developer/release-notes/new-sending-domain-authentication-requirements/
Contact Contact announcement: https://knowledgebase.constantcontact.com/email-digital-marketing/articles/KnowledgeBase/51399-Google-and-Yahoo-email-authentication-requirement-changes?lang=en_US
It should be noted that Google and Yahoo are not alone in this move. These requirements are becoming the standard for services as they work to address the rapid increase of spam emails. Brave North Technology has presented a solution to address this as part of our Cloud & Endpoint Modern Security Standards Suite.
Security Alert: Critical Outlook vulnerability - Thu, Mar 16
A critical Windows Outlook vulnerability has has been identified, tracked as "CVE-2023-23397." It affects all versions of Outlook on Windows. It's a critical privilege elevation/authentication bypass and is quite serious, having been given a 9.8 (out of 10) severity rating. (Mac and mobile versions of Outlook are not affected.)
The good news is that this vulnerability has been patched by Microsoft via the March 14 Windows Update (KB5023696, KB5023706, KB5023698). Brave North's remote management system (NinjaOne) automatically began the process of pushing these patches out to all Windows PCs.
What you can/should do
Encourage users to, as always, simply cooperate with the reboot prompts on their computers to finish applying patches. The look like this:
What if the PC is/was off when the security patch was pushed out? No worries. NinjaOne will automatically start applying patches as soon as the computer comes online.
What about Outlook on Macs? Mac Outlook and other non-Windows versions of Outlook are not affected.
What about devices that are not managed by BNT and don't have NinjaOne installed on them? This is a significant risk. Our primary recommendation is that any device that matters to your organization at all and is part of your “fleet” should be managed by BNT and therefore be protected automatically under NinjaOne. In the meantime, for any currently unmanaged PC, you can go to Windows Update and run the latest updates.
Brian Roemen, CTO
posted: 3/16/2023
Announcement: Upcoming “Live Learning” Webinar on Managing Passwords - Wed, Dec 7
We’ll cover best practices, secure practices, and ways to make your use and management of your passwords smoother and less of a tangled mess that makes you want to pull your hair out.
Unable to make the live event? No problem. The webinar will be recorded and is posted immediately (within 5 minutes) after the event finishes. Here’s how to get to it:
Go to the event/registration page (via the link above).
Click the green “save my spot” button (as if you were going to attend live).
Click the “play” button to play the recording!
Need the direct URL for the Event Page? https://www.crowdcast.io/c/bnt-store-and-manage-passwords-12-7-2022
Brian Roemen, CTO
posted: 9/11/2022
Security Alert: Major Apple Device Vulnerability Found - Update Your Devices Now
A serious security vulnerability was discovered affecting several Apple products (iPhones, iPads, and Macs) that could allow attackers to take complete control of these devices. This serious vulnerability means that a hacker could get full admin access to the device and allow a hacker to impersonate the owner and run any malicious software.
Whether you have a personal or organization-owned device, we advise that you update your device so that it has Apple’s recently released security patch.
How do you get the update?
On mobile devices: Settings > General > Software Update
On Macs: System Preferences > Software Update
How do you know if you already have the update? When attempting to perform an update, take note of the current software version of your device. As of this writing, the fully patched versions are…
for iPhones, iPad, and Safari: 15.6.1
for Macs: MacOS Monterey 12.5.1
See more details from Apple’s two security reports that they recently released.
Brian Roemen, CTO
posted: 8/19/2022
Announcement: Upcoming “Live Learning” Webinar on SharePoint & OneDrive - Tips & Tricks on Wed, 9/7/2022
Many organizations use Microsoft 365's SharePoint and OneDrive applications. Whether you are a person that feels comfortable or frustrated with these tools, there are ways to improve your use of them. Join us as we discuss...
How exactly do SharePoint and OneDrive relate to each other?
How can I use these tools in a way that seamlessly integrates with my Windows or Mac computer's file browser?
How do I prevent and/or resolve syncing problems?
What's the best way to share files/folders with others?
What are some other tips & tricks to make my use of SharePoint and OneDrive smoother?
Wednesday, Sep 7, 2022, 11:00 AM - 12:00 PM
See more details and/or register for the event here.
Brian Roemen, CTO
posted: 8/16/2022
News: Price Increase on Microsoft/Office 365 Products for Nonprofits - 6/17/2022
We saw it happen for commercial customers first, but, just as expected, after years of unchanging pricing for its subscriptions, Microsoft has decided to raise the prices of some of its nonprofit subscription products, effective 9/1/2022 and likely to seen on invoices from Microsoft beginning anytime between Sep 1, 2022 - Sep 1, 2023. Here are products experiencing price changes.
Microsoft 365 Business Premium - from $5 to $5.50
Office 365 E1 - from $2 to $2.50
Office 365 E3 - from $4.50 to $5.75
Office 365 E5 - from $14 to $15.20
Microsoft 365 Business Premium licenses were already almost a no-brainer deal in terms of cost effectiveness and “bang for your buck.” This price change makes that even more true, because the most common current license that nonprofits use is the Office E3 licenses, which are increasing by $1.25/user — a greater amount than the Business Premium licenses are increasing (only $0.50/user).
Further Reading:
Microsoft 365 Nonprofit Price Increases Are Coming (Dan Callahan, 3/31/2022)
- Brian Roemen, CTO
Security alert: chromium-based browsers vulnerability - 4/29/2022
As some of you may have heard, a set of major vulnerabilities has been discovered for Chromium-based browsers (most notably Google Chrome and Microsoft Edge). We have several protections in place on your systems, and, at this time, no compromises have been detected on any system under our management.
However, out of an abundance of caution, we'll be pushing an out-of-cycle security patch early this afternoon, so please restart (close and reopen) your Chrome or Edge browser at or after 2pm today. If a user is out of the office today or otherwise not at their computer, they may simply restart Chrome or Edge whenever they return. No other action is necessary at this time, and we will let you know if that changes.
Mac users: Your Chrome browsers cannot be updated automatically, so please update Google Chrome manually using this process.
Systems impacted: Windows & Mac computers. (Mobile systems such as iPad, iPhone, and Android are not impacted.)
We are continuing to monitor this issue for any further action needed.
You can read Google's blog post on this if you're interested in the details.
- Brian Roemen, CTO
Announcement: Upcoming “Live Learning” Training Session on Email Safety & Security - 3/28/2022
As phishing, ransomware, and other email-based attacks continue to grow, so also does you and your organization's need to be vigilant and have a keen eye when it comes to your email inboxes. Join us as we discuss essential tactics on spotting and fighting back against phishing and other malicious email.
Use this training to meet your cybersecurity awareness requirements! Best practice (as well as many insurance and regulatory compliance requirements) demands that your organization’s staff receive a cybersecurity awareness training at least once per year.
Wednesday, June 1, 2022, 11:00 AM - 12:00 PM
See more details about this event on the Live Learning page.
- Brian Roemen, CTO
News: Price Increase on Microsoft/Office 365 Products - 3/15/2022
After years of unchanging pricing for its subscriptions, Microsoft finally raised the prices of some of its commercial products, effective 3/15/2022 and likely to seen on invoices from Microsoft at least by the end of April. Here are products experiencing price changes.
Microsoft 365 Business Basic - from $5 to $6
Microsoft 365 Business Premium - from $20 to $22
Microsoft 365 E3 - from $32 to $36
Office 365 E1 - from $8 to $10
Office 365 E3 - from $20 to $23
Office 365 E5 - from $35 to $38
At this time, the price hike only impacts commercial (for-profit) customers — no impact (yet) for nonprofit, education, or individual/home licenses. However, nonprofit, education, or individual/home licenses may not be far behind. Microsoft is using this update to crack down on nonprofits’ tendency to “hoard” E1 licenses, so we can already see that nonprofits are not fully immune to these changes. Since Microsoft has a history of announcing these price changes less than a year before they take effect, and this announcement could come at any time, nonprofits would be wise to build in a little extra cushion when creating their next budget.
Further Reading:
Be Aware of These Microsoft 365 and Office 365 Non-Profit Updates (Dan Callahan, 8/26/2021)
- Brian Roemen, CTO
Security Alert: Russian Cybersecurity Threats - 3/23/2022 (updated)
(Updated as of 3/23/2022, originally written 2/28/2022)
Brave North Technology is aware of and closely following the cybersecurity concerns stemming from the Russian invasion of Ukraine and those that oppose this aggression. On March 21, the Biden-Harris Administration released another statement regarding this threat. We all ought to take the current situation seriously, just as with all domestic and foreign threats at all times. Despite incidents such as this that generate heightened attention to cyber threats, the reality is that threats of this sort are pretty constant throughout all seasons. But because this is the case, the silver lining here is that the same familiar recommendations apply in the face of this “new” threat: e.g., use MFA (multi-factor authentication), use strong passwords, keep all of your systems and software up to date. It’s the same familiar list of things that Brave North Technology is regularly discussing with our Managed Service client organizations. We will continue our vigilance regarding this matter and will notify our clients of any particular action that’s required.
Here are some additional resources:
CISA’s “Shields Up” Website - contains general guidance for organizations and regular news updates on the issue
Minnesota companies beware: threats of Russian cyber attacks on rise with Ukraine (Star Tribune, 3/24/2022)
Preparing for Security Incidents Related to Russia’s Attack on Ukraine (Arctic Wolf, 2/24/2022)
Rogue Nation Cyber Consequences (“Security Now” podcast featuring Steve Gibson, 3/8/2022) - for those that are interested in very thorough, technically in-depth information on the goings on of current Russia-related cyber activity
- Brian Roemen, CTO