Google is axing one of Gmail’s oldest features—the ability to view an inbox in basic HTML.

Google’s Help Center now states that basic HTML view will be unavailable beginning in January 2024, after which Gmail “automatically changes to standard view.” Attempts to access the basic HTML view now also initiates a prompt with a page that asks if users “really want” to use it, mentioning it is designed for “slower connections and legacy browsers.”

The basic HTML mode is a simplified view of the Gmail service that lacks features like chat, spell check, keyboard shortcuts, rich text formatting, custom “from” addresses, and some contact management features. By The Register’s measure, basic HTML takes 1,200 milliseconds to load, whereas the standard view takes 700 milliseconds, although the standard view continued to load new page elements for almost another minute.

While there is always an associated cost with maintaining legacy features, Google’s deprecation of basic HTML has stirred some criticism.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Comes great vulnerability. Power infrastructure is becoming a weak spot cyberattackers absolutely love to exploit—and it’s only getting worse. The solution is a holistic approach that encompasses both software and hardware.

Enter Eaton. They offer top-notch security solutions that fortify your tech. Their UPS network cards (equipped with UL and IEC certifications) provide stronger encryption and a configurable password policy to prevent UPSs from becoming a backdoor vulnerability.

Want more? Say no more. Eaton’s metered and managed rackmount PDUs turn off unused outlets to prevent unauthorized access, so you can sleep safe n’ sound knowing your networks are protected.

Say hello to some serious defense.

It’s not a secret identity if it’s exposed—and that’s just what’s happening to organizations across the globe.

A Sept. 6 report from Silverfort—titled “The State of Identity Security: Insights into Critical Protection Gaps”—found the identity attack surface has weaknesses, and organizations are failing to take proper action to address threats before it’s too late.

The identity attack surface is opening avenues of exploitation for threat actors, and they’re taking advantage of it: The study found that 83.2% of respondents reported that compromised credentials had been used to access their systems, and nearly one-half of the attacks happened in the last 12 months.

Security maturity levels play a role in assessing how prepared an organization is for attacks, and Silverfort’s analysis indicates that 41% are in the “opportunistic” second level, where security is more reactive; 26% were in the third tier, “identified and defined,” showing that their systems have medium confidence to stop attacks. Only 6% of respondents were on the fourth level, “disciplined and implemented”; conversely, 27% of respondents were on the first and lowest level, “chaotic,” showing there’s a lot of work yet to be done.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

The pace of migrations to cloud infrastructure is drawing attention to previously unnoticed flaws in power management tools used in virtually every data center.

In research presented at DEF CON 31 in Las Vegas in August, Trellix researchers Sam Quinn and Jesse Chick demonstrated flaws in two separate power management appliances.

Those include four major vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform, a tool for IT administrators to supervise resource and energy consumption of infrastructural components of a data center (often remotely). Quinn and Chick also discovered five critical vulnerabilities in Dataprobe’s iBoot power distribution unit (PDU) for server racks.

Flaws in the DCIM included use of hardcoded credentials, ways to bypass authentication, and remote code execution via OS command injection. The most severe vulnerability in the PDU carried a CVSS 9.8 rating, and would allow an attacker to bypass authentication and connect the PDU to a rogue database, gaining administrator privileges.

Keep reading here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Today’s top IT reads.

Stat: $3.5 million. That’s how much a private New York college will invest in cybersecurity to avoid a $1 million fine over a data breach that exposed the sensitive info of students, staff, and alums. (EdScoop)

Quote: “Our survey paints a picture of an industry rife with non-compliance and contractor exploitation. This is unacceptable, and urgent reform is needed.”—Dave Chaplin, CEO of ContractorCalculator, on the prevalence of IT contractors forced to work under umbrella organizations (Computer Weekly)

Read: Beware of the “Apple” HDMI adapter that exploits your location and ships your data to China. (404 Media)

Paying a premium…for your premium? You’re not alone. Cyber liability insurance costs have skyrocketed over the last 3 years. Learn what’s driving the rise in cost (and how you can reduce it) in Kolide’s article. Read it here.*

^{*A message from our sponsor.}

Can an AI-generated song be eligible for a Grammy? Tech Brew answers this question in a timeline of computer-generated music. See what musicians, coders, and the Grammys have to say.

Check it out.