Welcome to our latest round-up of news from the technology and hosting world. Here’s what we’ve discovered this week.
Form-based spear-phishing on the rise
According to security company Barracuda, there has been a significant rise in form-based spear-phishing, a type of cyberattack where criminals send emails that impersonate legitimate brands and then ask for a form to be filled in to obtain login credentials.
The latest form-based spear-phishing attacks take advantage of people’s trust of file sharing sites like Google Drive and Microsoft OneDrive. In some attacks, victims are being sent online forms that resemble the login pages to these platforms and their data is harvested when they attempt to login. These attacks can also ask for app access tokens and for permissions to be accepted, enabling the attacker to use the token. Others are sent emails with links that lead to files stored on the genuine site. Those files, however, contain images with links to phishing sites, which then ask for login credentials.
While multi-factor authentication can protect user accounts from attackers, Personal Signing Certificates can ensure that both internal and external recipients can trust your company emails.
PonyFinal – ransomware time-bomb warning
Microsoft has issued a warning about a malicious type of ransomware, called PonyFinal. Manually installed and controlled by hackers, it is purposely left dormant on a company’s system until a time when it is likely to cause maximum impact. Once deployed, its encryption is so secure that it is impossible for files to be recovered.
According to Microsoft, the criminals behind the ransomware have targeted companies as far afield as India and the US and have taken advantage of the global pandemic by launching attacks at key government institutions and other organisations. These include those involved in foreign aid, medical billing, transport, educational software and manufacturing. The ransomware might be silently waiting on many other company systems until the criminal gangs behind it can make the most money from an attack. To help recover quickly from a ransomware attack, remote backups are essential.
iOS 13.5 bugged out
If you’re offered the chance to upgrade to versions 13.5 of Apple’s iOS, hang fire; it’s got bugs that affect both iPhone and iPad. These include high battery drain, iPad Pro rebooting within a minute of logging in, and issues that prevent MP4 files from playing and which prevents users accessing their video libraries.
Users may notice that Apple has released version 13.5.1 of the operating system, however, this does not fix the problems mentioned above. The new version only fixes a vulnerability discovered in iOS 11 and later versions. Currently, Apple has not been able to say when a bug-free update will be released. Until then, stay with your existing version.
AI voice assistant developed by BBC
Until recently, we’ve only had four major voice assistants, Google, Alexa, Siri and Cortana, which are used, primarily, for searching the internet and controlling devices. Now, the BBC is creating its own AI voice assistant to help UK users navigate its growing services and online content.
Just as iPlayer was a ground-breaking platform for users to access BBC TV and radio programmes over the internet, the burgeoning popularity of smart speakers has led the corporation to embrace AI voice technology for its own purposes.
Currently in development with Microsoft and being tested by members of the Windows Insider Program, the beta version allows audiences to use their voices to access live and on-demand TV and radio programmes. Additional features will be added once these basic ones have been perfected following user feedback and further testing.
Kaspersky calls for remote work security training
Security company, Kaspersky, says that many small and medium-sized businesses are making themselves vulnerable to cybercrime because they have not trained employees working from home about remote working security.
An international survey of over 6,000 workers found that while half of them were working from home for the first time, almost three-quarters had been given no security training since the lockdown began, the majority of them using personal devices to carry out their work. As a result, many felt they lacked the experience to stay secure online while working remotely.
According to the company, the huge growth in remote working due to the pandemic has been followed by a significant rise in cyberattacks aimed at the remote desktop apps and collaborative tools used by many SMEs. To reduce risk, all businesses are advised to give security training to work at home employees as soon as possible.
Visit our website for more news, blog posts, knowledge base articles and information on our wide range of hosting services.