Rick Richardson's Views On Technology
  • Home
  • Blog

Office 365 Users Targeted in New Phishing Attack

8/29/2021

0 Comments

 
Picture
Office 365 users are now in cybercriminals' crosshairs in a new phishing campaign, according to a warning the Microsoft Security Intelligence (MSI) team issued via Twitter. Malicious actors are using email addresses that appear to be legitimate, with display names that mimic bona fide services to dodge email filters.
Microsoft cautioned cybercriminals are going above and beyond to use detection-evasion techniques that are convincing and authentic-looking.

"An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to slip through email filters," MSI explained on Twitter.

The deceptive phishing campaign targets Office 365 organizations with employees who often send attachments to co-workers. MSI found phishing emails that seemed as if they were sent from a trusted source. Many of these emails contained faux Microsoft SharePoint attachments with labels such as "Price Books," "Bonuses" and "Staff Reports."

The phishing emails use a tactic called "typosquatting," which involves registering deliberately misspelled domains that, at first glance, look close to a well-known brand. Most quick readers would overlook the subtle typo.

If users fall for the bait and click on the "Open" link, it will lead them to a page that lures them to type in their Microsoft or Google credentials. According to MSI, these sign-on pages look very convincing, making users believe that they're on a trustworthy path to a legitimate website.

MSI kept emphasizing how authentic these phishing emails looked. Employers may not be able to rely on their employees' good judgment to identify suspicious-looking emails. That's why MSI shamelessly plugged its Microsoft Defender for Office 365 program as a solution, adding that this software "detects and blocks" these emails.
​
Phishing attacks are a huge thorn in the side for many popular companies like Netflix and PayPal, but the Redmond-based tech giant should be particularly concerned. According to a CheckPoint Research study, Microsoft topped the list as being the most imitated brand for phishing attacks.
0 Comments

Indiana to Test Highways That Can Charge Moving EVs

8/22/2021

0 Comments

 
Picture
One day, the best way to charge an EV on a cross-country drive could be to get in the vehicle and make the cross-country drive. That future depends on successfully incorporating wireless charging infrastructure into highways, the state of Indiana being the latest to make the attempt. The Indiana Department of Transportation (INDOT) and Purdue University have signed up to the ASPIRE Initiative, the acronym standing for Advancing Sustainability through Power Infrastructure for Road Electrification. Funded by the National Science Foundation, the consortium of government, university, and business is devoted to working up new charging technologies for battery-electric vehicles. Here, INDOT and Purdue are working with German firm Magment, which makes magnetized cement called magment (small "m"). The three-phase project will test whether Magment's product can charge moving vehicles at greater than 200 kilowatts.

Not much is known about the product, but Magment's site says the concrete medium filled with magnetic particles has "record-breaking wireless transmission efficiency—up to 95%." The product has standard road-building installation costs, enables universal charging, is all-weather, has a high thermal conductivity, and is vandalism-proof. The first two phases of the experiment will have Purdue's Joint Transportation Research Program conducting testing, analysis, and optimization research on the special cement in the lab to verify its usability. The testing begins before the end of summer.

If those phases show promise, INDOT will build a quarter mile stretch of magment highway at an undisclosed location for real-world testing on heavy trucks at 200 kilowatts and above. And if that's successful, INDOT will build another section of magment highway, this time on one of the state's public roads.
​
INDOT, Purdue, and ASPIRE aren't the only researchers toiling over hot concrete. Outfits like IPT Prime in Germany, U.S. universities Stanford and Cornell, and other groups in places like California, Sweden and Israel are all trying to get roads to refill batteries, an effort that began at least 20 years ago. Making EV charging as easy as driving one's EV would certainly help battery-electric vehicle adoption. The price tag for replacing and powering huge chunk of a country's road system might be a little steep, though.

0 Comments

Balancing the Benefits with the Risks of Emerging Technology

8/15/2021

0 Comments

 
Picture
Benefits. A well-known example of an emerging technology is artificial intelligence (AI). This technology has many facets, including machine learning, natural language processing and speech recognition. In September/October 2020, the Information Systems Audit and Control Association (ISACA) and Protiviti conducted a global survey of over 7,400 IT audit leaders and professionals to get their perspectives on the top technology risks their organizations will face in 2021. Nearly 50% of the over 4,500 global respondents to the ISACA survey showed they are already using AI technologies (22%) or are in the planning and pilot stages of adopting them (27%).

Companies that have adopted emerging technologies, such as AI, hope to benefit from the competitive advantages that these technologies can provide. For example, cost savings and heightened revenues are made possible through increased efficiency and enhanced customer products and experiences.

Companies can speed up the adoption of emerging technologies by investing broadly across the company and using technologies in a way where the responsibility resides with the process owner. This approach generates better cost savings as process owners can solve a business problem specific to them, resulting in operational efficiencies and an increase in quality analysis.

Internal audit can also embrace AI technologies to enhance risk monitoring and control effectiveness. In a use case-specific example, machine learning can analyze general ledger data and pinpoint incorrect or fraudulent journal entries among thousands of other transactions. Note that larger and more complex business problems—which may have a broader impact across multiple areas of the business or have aspects that present greater risk to the company—would require collaboration and consultation with data scientists, who could be internal personnel or consultants.

Risks. Companies adopting emerging technologies must not only consider the benefits but also the associated risks. To develop an understanding of individuals' perceptions, the ISACA survey asked respondents to indicate their views on the risks of adopting AI technologies. Most respondents rated the risks associated with AI to be low (30%) or medium (33%), whereas only 9% determined AI to be high risk. In practice, companies must consider the maturity and complexity of the business processes using AI to determine true risk to the company.

One risk is that these emerging technologies will not achieve companies' expectations. To combat this risk, a clear vision needs to be established and supported by defined objectives with realistic targets. Due diligence involves thorough research to identify requirements for new projects that have a significant impact on the company. IT governance should play a substantial role as emerging technologies are being integrated into the business, including representation across different IT groups—such as application development, security, and infrastructure—within the IT governance process. This will enable communication across various parts of the business and help identify additional needs while streamlining project implementation. Monitoring and regular status updates should be communicated to senior leadership throughout the project, as well as post-launch to help determine if ROI was achieved or miscalculated.

Risks can also emerge from changing regulations that may limit the success of an emerging technology. For example, privacy laws related to the collection of consumer data could impede a company's ability to use successfully certain emerging technologies by disrupting current products and services in production. New regulations are imminent, especially surrounding algorithmic bias for technologies that affect customers. Continuous monitoring of new regulations and nimble development processes are necessary to ensure models comply with changing and new regulations.

Finally, there is a risk that a misconfiguration of the technology could cause an algorithm error issue, which would affect data quality and create threats to data security. These risks can be mitigated by putting strong change management processes in place. These processes ensure test cases are effectively designed and performed, that version controls appropriately log changes to models and source code repositories, and that peer reviews are conducted for coding and model changes. During the planning and building phase, it is critical to be mindful of the data set to identify potential biases and ethical dilemmas.
​
Adopting emerging technologies can create competitive advantages, but these benefits are naturally accompanied with risk. Process owners can take a proactive approach to identify risks by engaging with internal audit or enterprise risk management. Starting discussions about risks and controls early in the technology's implementation will help identify any unaddressed issues and process improvements and ensure emerging technologies are successfully integrated into the business.

0 Comments

Microsoft Just Put the Full Windows Experience in the Cloud

8/8/2021

0 Comments

 
Picture
What if you could run the full Windows 10 or Windows 11 experience on the iPad you’re carrying around everywhere with you? Microsoft actually has a product that does that: The brand-new Windows 365 lets you create and customize a Cloud PC. You can then access it securely from any device that supports internet browsers. Even an iPad or a Mac.

Windows 365 is a cloud-based Microsoft experience that targets businesses. The product might help companies rethink their strategies for upgrading their fleet of Windows devices. Rather than continuously investing in new hardware, some businesses might want to keep their current PCs and get Windows 365 PCs for their employees.

The Windows 365 Cloud PC comes with customizable hardware. You can choose how many cores, how much RAM, and how much storage a workstation requires. It can all be changed after the fact, in real-time, if a particular Cloud PC needs more resources to get the job done.

That PC is tied to a single user who can then access their remote desktop from anywhere in the world.

How to get the Windows 365 Cloud PC. After configuration, the Cloud PC is always there, ready to let you pick up where you left off. You can access it via a browser or an app. To get back to the iPad example, you can choose between Safari and a dedicated iOS app.

You’d access your Windows 365 PC similarly from any other device that can run browser apps.

The Cloud PC is encrypted, and the data is encrypted as it’s streamed to you. That’s the key thing about Microsoft’s Cloud PC. You need an active internet connection to use it. Microsoft explains that if you can stream video on your current device, then Windows 365 works. And the Cloud PC’s connection is more formidable than most home setups.

But once set up, the Cloud PC will offer you an instant-on experience. You’ll get all your documents just as you left them the last time you “opened” your work PC. And you’ll be able to roll back the Cloud PC to previous states if you’ve deleted anything by mistake.

Windows 365 launched on August 2nd, but it’s only available to businesses. You can expect a per-user monthly subscription cost, in line with what’s available from other 365 experiences.

It’s unclear when commercial users will ever get access to the product. There might be regular Windows users who might want a similar Cloud PC experience without getting one from their employer.

What does a Cloud PC cost? Things aren’t as easy as with Microsoft 365.

You’ll be able to customize the Cloud PC’s hardware depending on your organization’s needs. Or have your company’s IT department configure your virtual Cloud PC based on the performance you require for getting work done.

Cloud PCs start at a single-core CPU, 2GB of RAM, and 64GB of storage, but they can go up to an eight-core CPU, 32GB of RAM, and 512GB of storage.

The idea of running Windows in the cloud isn’t new, and Microsoft already offers an alternative to interested customers. But Windows 365 is going to make the entire thing a lot simpler. IT departments can customize a Cloud PC within minutes, and users can log into their remote workstation as soon after that initial setup.
​
You can check out Windows 365 in great detail at this link. There are three configurations priced at $31, $41, and $66 per month per user. A more detailed Microsoft Mechanics video gives you an actual look at what the Windows 365 experience will look and feel like, including on the iPad.
0 Comments

Microsoft Acquires Cybersecurity Firm RiskIQ

8/1/2021

0 Comments

 
Picture
Microsoft is officially acquiring RiskIQ, a security software vendor. RiskIQ provides management tools and threat intelligence gathering against a wide range of cyberattacks across Microsoft’s own cloud services, AWS, on-premises servers, and supply chain attacks. While Microsoft hasn’t valued the deal, Bloomberg reported that the company is said to be paying more than $500 million for RiskIQ.

The cloud-based RiskIQ software detects security issues across networks and devices, and the company lists Box, the US Postal Service, BMW, Facebook, and American Express as customers. RiskIQ was originally founded in 2009 and has gradually become an important player in analyzing security threats.

Microsoft hasn’t laid out a detailed plan for how it will integrate RiskIQ into its own security offerings, but it’s bound to use RiskIQ’s software across Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel eventually.

“RiskIQ has built a strong customer base and community of security professionals who we will continue to support, nurture, and grow,” says Eric Doerr, vice president of cloud security at Microsoft. “RiskIQ’s technology and team will be a powerful addition to our security portfolio to best serve our mutual customers.”
​
Microsoft has been gradually growing and improving its security tools amid an intense battle with ransomware. The software maker even acquired ReFirm Labs last month to help protect servers and Internet of Things devices from security attacks. The acquisitions come after months of troublesome ransomware attacks. The Russia-linked REvil ransomware group has been wreaking havoc with ransomware and supply chain attacks in recent weeks, and the security industry is still reeling from a sophisticated SolarWinds hack that breached everything from Microsoft to US government agencies.

0 Comments

    Author

    Rick Richardson, CPA, CITP, CGMA

    Rick is the editor of the weekly newsletter, Technology This Week. You can subscribe to it by visiting the website.

    Rick is also the Managing Partner of Richardson Media & Technologies, LLC. Prior to forming his current company, he had a 28-year career in technology with Ernst & Young, the last twelve years of which he served as National Director of Technology.

    Mr. Richardson has been named to the "Technology 100"- the annual honors list of the 100 key achievers in technology in America. He has also been honored by the American Institute of CPAs with two Lifetime Achievement awards and a Special Career Recognition Award for his contributions to the profession in the field of technology.

    In 2012, Rick was inducted into the Accounting Hall of Fame by CPA Practice Advisor Magazine. He has also been named to the 100 most influential individuals in the accounting profession in America by Accounting Today magazine.

    In 2017, Rick was inducted as a Marquis Who’s Who Lifetime Achiever, a registry of professionals who have excelled in their fields for many years and achieved greatness in their industry.

    He is a sought after speaker around the world, providing his annual forecast of future technology trends to thousands of business executives, professionals, community leaders, educators and students.

    Picture
    Picture
    Picture
    Picture
    Picture

    Archives

    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015

    Categories

    All
    Artificial Intelligence
    Audit
    Back Up
    Back-Up
    Blockchain
    Climate
    Cloud
    Collaboration
    Communication
    Coronavirus
    COVID 19
    COVID-19
    Digital Assistant
    Display
    Drone
    Edge Computing
    Education
    Enterprise
    Hardware
    Home Automation
    Internet Of Things
    Law
    Medicine
    Metaverse
    Mobile
    Mobile Payments
    Open Source
    Personalization
    Power
    Privacy
    Quantum Computing
    Remote Work
    Retail
    Robotics
    Security
    Software
    Taxes
    Transportation
    Wearables
    Wi Fi
    Wi-Fi

    RSS Feed

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.