The attackers are better at cloud

The attackers are better at understanding and using the cloud than we are. Seriously.

Consider this a business post, one to discuss with your technology provider. CISA urges anyone using Intune to control and support workstations to do a better job protecting them.

Recently, attackers gained access though Intune – Microsoft’s cloud control offering – and then performed a remote wipe on workstations, phones, and other devices belonging to the medical firm Stryker.  The remote wipe also impacted personal devices such as iPhones that were joined to the firm’s infrastructure.

The Cybersecurity and Infrastructure Security Agency for the US (CISA) recommend that we use something called conditional access. This is a feature that allows you to set policies that monitor logins. You need either a P1 or a P2 license in order to do this conditional access policy protection.  The P1 license allows you to set geo-blocking policies.  But it’s not until you get to the P2 licenses that you can do more of the risk-based protection.  For example, if Joe logs in from say, California, and within five minutes he’s logging in from a location so far away that he would need time travel for it to make sense, you can set up a policy that looks at activities and monitors what is “normal.”

If you are even a small business, ask your MSP whether it is using Intune and what it is doing to protect you from such an attack.

A little weak on being right

By Will Fastie

Great care must be taken when conversing with AI bots.

In what can only be a galactic coincidence, I corresponded with two people this past Monday, both of whom had chatted with bots. One was an 87-year-old Plus member with a long background in technology and the other was a local friend. Their chats had something in common, but the outcomes were different. In both cases, I gave them the same advice.

These two exchanges put me in mind of one of my favorite lines from one of my favorite war movies, Otto Preminger’s In Harm’s Way.

Read the full Plus Alert (23.11.1, 2026-03-19).

Unintended consequences

With any new security features you might have to first make sure that everything you are expecting to work, still works.

PK posted about Apple’s new “a” release that includes “Background Security Improvements “.  It’s an acknowledgement (in my opinion) that Apple is becoming a bigger target.

As noted,

Background Security Improvements deliver lightweight security releases for components such as the Safari browser, WebKit framework stack, and other system libraries that benefit from smaller, ongoing security patches between software updates.

In rare instances of compatibility issues, Background Security Improvements may be temporarily removed and then enhanced in a subsequent software update.

Background Security Improvements are supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.1. We publish information about Background Security Improvements by date, along with components patched and CVE details, if applicable.

Already I’ve seen a reported side effect impacting blood sugar monitoring.

You might want to consider these sort of like Microsoft’s preview updates. “If you choose to turn off this setting, your device will not receive these improvements until they’re included in a subsequent software update.”

Bottom line, we may want to keep a closer eye on these and any unintended consequences.

March 17. 2026 Apple Updates

Apple released Background Security Improvements on March 17, 2026, for macOS, iOS, and iPadOS. Apple provides Information on the Security content of the updates for CVE-2026-20643: Thomas Espach that affects Webkit and Safari.
Background Security Improvements deliver additional security protections between software updates.

How to check if you have received these Background Security Improvements:
On iPhone and iPad: Go to Settings\Privacy & Security\Background Security Improvements and make sure that “Automatically Install” is turned on. You may also have to click “install” and enter your passcode. It requires a restart, so close any open apps.
On Mac: System Settings\Privacy & Security\Background Security Improvements and make sure that “Automatically Install” is turned on. You may also have to click “install” and enter your computer password. It requires a restart, so close any open apps.

AKB2000014 has been updated 3/17/2026 for the March 17, 2026 following Background Security Improvement updates: (see top Post for links to info on these updates.)

macOS 26.3.1.(a)
macOS 26.3.2.(a)
iOS 26.3.1 (a)
iPadOS 26.3.1 (a)

Trying to diagnose an annoyance

On several nights for the last few weeks my Internet dropped out. Early on, it was just enough to make the remote connection to the office momentarily freeze. Now the freezes are enough to disrupt me from working at home. I called Xfinity; the line and modem were replaced but the service still drops. There are some hints in the app that they are doing maintenance in the area. There are also potential issues showing up in the firewall to make me think it’s definitely them, not me.

It is literally to the point that I am looking to install a secondary Internet connection from another vendor, as I do at the office to provide redundancy. You might think cellular would be an option, but I’m finding that more and more sites don’t work with it. And T-Mobile flat out won’t work at all where I live.

Investigating this is very frustrating. Most of the time, the connection works just fine with everything — computers, phones, iPads, TVs, and cameras. By the time you argue with the support bot, the problem has gone away. And when I’m still trying to work at 9:30 at night (not always, but enough to be really annoying), it will drop. Looking at the firewall logs requires that I enable admin access in the Xfinity app; they assume you don’t need this information.

When technology works, it’s great these days. When it doesn’t, there is little to no helpful logging. It’s entirely hidden by the vendors. Even when I do enable information, I really can’t do much because Xfinity gives me no way to block all traffic on the IPv6 side. One has to get another router, put Xfinity in bridge mode, and more.  Bottom line: these are things that average home users are never going to do.

I’m not ready to go back to the days of cathode-ray tubes and antennas to watch TV shows. There are just some nights when the Internet isn’t a pleasant experience for Dad — when the sound cuts out or the TV program pauses.

Not wanting to raze a Ruckus

BEN’S WORKSHOP

By Ben Myers

Recently I dealt with a new and unfamiliar mismatch between older Wi-Fi 5 (802.11ac) access points and newer Wi-Fi 6 (802.11ax) Apple MacBooks and iPhones.

A new client called, referred by someone else here in town. His house was wired with seven Ruckus brand Wi-Fi devices. Wi-Fi reception in one room was sporadic at best and completely unacceptable to the owner.

Network surveys provided charts of information essential both to determine the cause of the Wi-Fi problem and to verify that it was fully resolved.

Read the full story in our Plus Newsletter (23.11.0, 2026-03-16).
This story also appears in our public Newsletter.

How I finally found the right Windows laptop

HARDWARE

By Lance Whitney

I’m not a big fan of today’s Windows laptops, so trying to buy the right one was challenging. Here’s why — and which one I finally picked.

Finding the right Windows laptop has become an increasingly difficult chore for me. Why, you ask? Well, I focus on two specific features above almost all else — keyboard quality and battery life. In the past, I always stuck with Lenovo ThinkPad laptops for their superior tactile-feel keyboards and their dual-battery setup.

But today’s laptops are nothing like those ThinkPads of the past.

Read the full story in our Plus Newsletter (23.11.0, 2026-03-16).

Run-Command — because the Windows Run box … zzzzzz

FREEWARE SPOTLIGHT

By Deanna McElveen

Some parts of Windows haven’t changed much over the years. One is the Run dialog, that boring little box that pops up when you press Win+R to run a command or program. Just thinking about it makes me want a nap.

Luckily, German developer Nenad Hrg created a free utility called Run-Command that wakes up the old Windows Run box and gives it some nifty features it should have had eons ago.

Read the full story in our Plus Newsletter (23.11.0, 2026-03-16).

Good news for businesses!

PATCH WATCH

By Susan Bradley

Businesses will be happy to learn that the March updates include no new zero-day bugs.

A zero day is a security issue that is under active attack as of Patch Tuesday. This means that unpatched systems are potentially vulnerable. However, you know from my past patch-risk analyses that zero days don’t change my methodology. I still wait, test, review for results, and only then update.

Stated a bit more clearly, make sure you have a good backup rather than updating now. We are at MS-DEFCON 2, after all.

Read the full story in our Plus Newsletter (23.11.0, 2026-03-16).

Is 8 gigs good enough?

One of the concerns I’ve seen reported about the new Apple Neo is that it only ships with 8 gigs of ram. While you can go from a 256 Gig SSD to a 512 one, there is no larger RAM model for the new kid on the block. As you can see from the screen they want to make your transition to this new model very easy with paths from your apps on an iPhone to you coming in from your Windows PC.

The laptop is of good weight – not too light but not too heavy – and so far, my only initial response to the unboxing was that its power cord is a bit unusual.  It’s a USB-C woven cable with a USB-C power-adapter plug in.  Once upon a time, I had a laptop that had a USB-A connector into a power-adapter plug in.  I was able to plug it into a battery and still keep it running for a very, very long time.  This reminded me a bit of that device (remember the Surface RT devices years ago that failed in the market?)

Now I’m too swamped to truly give it a run for its money, so you won’t be seeing truly anything in depth about it until after April, but if the new Apple Neo does nothing else but showcase to vendors that nicely built, cheaper laptops are still a viable item to sell in all of this AI overhype, it will have done its job well.

And like EVERYTHING shipped these days, of course it too needed an update. So far though, it’s just the one update. New Windows PCs still have a less than stellar experience upon first boot.

Duplicate SIDs?

For those of you that cater to small and medium businesses and look for deals on refurbished computers to help with the penny pinching, just wanted to give you a heads up regarding a less than stellar purchasing experience with Dell Refurbished.  An AskWoody reader relayed to me that he had purchased several refurbished computers from the Dell store.

As he noted

“After the September Windows Updates killed my network shares, I discovered that three of the machines had matching SIDs.  You helped me with the Microsoft fix for the group policy. Thank you for that!

I just bought three more computers from DellRefurbished.com, and unfortunately, they are still sending out units with duplicate SIDs.

As you would expect, I opened a case in January with Dell Refurbished, and their response was an offer of a discount on replacement machines since they were out of warranty.

So, they are still sending out machines that are lacking in their Windows cloning process. Disappointing!

Knowing what I knew about the earlier debacle, the first thing I did after activating Windows was to check the SIDs on the new machines. Finding the duplicates, I then ran Sysprep to fix the issue. Since it was before any other set up, there were no side effects in running Sysprep.”

March 11, 2026 Apple Updates

More Apple updates were released on March 11, 2026, this time to fix security vulnerabilities for older iOS and iPadOS devices that cannot update to the latest iOS and iPadOS versions.

iOS/iPadOS 16.7.15 addresses WebKit bug fixes associated with the Coruna exploit that may lead to memory corruption (CVE-2023-43010: Apple).
iOS/iPadOS 15.8.7, available for even older devices, addresses a Kernel and three WebKit vulnerabilities also associated with the Coruna exploit (CVE-2023-41974: Félix Poulin-Bélanger, CVE-2024-23222, CVE-2023-43000: Apple, and CVE-2023-43010: Apple).

For those of you who have accumulated a lot of personal data and pictures on these older devices, be sure to back up your data and check that you have the free space available to accommodate the updates.

AKB2000014 has been updated 3/12/2026 for the March 11, 2026 following updates: (see top Post for links to info on the update contents.)

iOS 16.7.15
iOS 15.8.7
iPadOS 16.7.15
iPadOS 15.8.7