Office 365 users are now in cybercriminals' crosshairs in a new phishing campaign, according to a warning the Microsoft Security Intelligence (MSI) team issued via Twitter. Malicious actors are using email addresses that appear to be legitimate, with display names that mimic bona fide services to dodge email filters.
Microsoft cautioned cybercriminals are going above and beyond to use detection-evasion techniques that are convincing and authentic-looking.

"An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to slip through email filters," MSI explained on Twitter.

The deceptive phishing campaign targets Office 365 organizations with employees who often send attachments to co-workers. MSI found phishing emails that seemed as if they were sent from a trusted source. Many of these emails contained faux Microsoft SharePoint attachments with labels such as "Price Books," "Bonuses" and "Staff Reports."

The phishing emails use a tactic called "typosquatting," which involves registering deliberately misspelled domains that, at first glance, look close to a well-known brand. Most quick readers would overlook the subtle typo.

If users fall for the bait and click on the "Open" link, it will lead them to a page that lures them to type in their Microsoft or Google credentials. According to MSI, these sign-on pages look very convincing, making users believe that they're on a trustworthy path to a legitimate website.

MSI kept emphasizing how authentic these phishing emails looked. Employers may not be able to rely on their employees' good judgment to identify suspicious-looking emails. That's why MSI shamelessly plugged its Microsoft Defender for Office 365 program as a solution, adding that this software "detects and blocks" these emails.
​
Phishing attacks are a huge thorn in the side for many popular companies like Netflix and PayPal, but the Redmond-based tech giant should be particularly concerned. According to a CheckPoint Research study, Microsoft topped the list as being the most imitated brand for phishing attacks.

One day, the best way to charge an EV on a cross-country drive could be to get in the vehicle and make the cross-country drive. That future depends on successfully incorporating wireless charging infrastructure into highways, the state of Indiana being the latest to make the attempt. The Indiana Department of Transportation (INDOT) and Purdue University have signed up to the ASPIRE Initiative, the acronym standing for Advancing Sustainability through Power Infrastructure for Road Electrification. Funded by the National Science Foundation, the consortium of government, university, and business is devoted to working up new charging technologies for battery-electric vehicles. Here, INDOT and Purdue are working with German firm Magment, which makes magnetized cement called magment (small "m"). The three-phase project will test whether Magment's product can charge moving vehicles at greater than 200 kilowatts.

Not much is known about the product, but Magment's site says the concrete medium filled with magnetic particles has "record-breaking wireless transmission efficiency—up to 95%." The product has standard road-building installation costs, enables universal charging, is all-weather, has a high thermal conductivity, and is vandalism-proof. The first two phases of the experiment will have Purdue's Joint Transportation Research Program conducting testing, analysis, and optimization research on the special cement in the lab to verify its usability. The testing begins before the end of summer.

If those phases show promise, INDOT will build a quarter mile stretch of magment highway at an undisclosed location for real-world testing on heavy trucks at 200 kilowatts and above. And if that's successful, INDOT will build another section of magment highway, this time on one of the state's public roads.
​
INDOT, Purdue, and ASPIRE aren't the only researchers toiling over hot concrete. Outfits like IPT Prime in Germany, U.S. universities Stanford and Cornell, and other groups in places like California, Sweden and Israel are all trying to get roads to refill batteries, an effort that began at least 20 years ago. Making EV charging as easy as driving one's EV would certainly help battery-electric vehicle adoption. The price tag for replacing and powering huge chunk of a country's road system might be a little steep, though.

Benefits. A well-known example of an emerging technology is artificial intelligence (AI). This technology has many facets, including machine learning, natural language processing and speech recognition. In September/October 2020, the Information Systems Audit and Control Association (ISACA) and Protiviti conducted a global survey of over 7,400 IT audit leaders and professionals to get their perspectives on the top technology risks their organizations will face in 2021. Nearly 50% of the over 4,500 global respondents to the ISACA survey showed they are already using AI technologies (22%) or are in the planning and pilot stages of adopting them (27%).

Companies that have adopted emerging technologies, such as AI, hope to benefit from the competitive advantages that these technologies can provide. For example, cost savings and heightened revenues are made possible through increased efficiency and enhanced customer products and experiences.

Companies can speed up the adoption of emerging technologies by investing broadly across the company and using technologies in a way where the responsibility resides with the process owner. This approach generates better cost savings as process owners can solve a business problem specific to them, resulting in operational efficiencies and an increase in quality analysis.

Internal audit can also embrace AI technologies to enhance risk monitoring and control effectiveness. In a use case-specific example, machine learning can analyze general ledger data and pinpoint incorrect or fraudulent journal entries among thousands of other transactions. Note that larger and more complex business problems—which may have a broader impact across multiple areas of the business or have aspects that present greater risk to the company—would require collaboration and consultation with data scientists, who could be internal personnel or consultants.

Risks. Companies adopting emerging technologies must not only consider the benefits but also the associated risks. To develop an understanding of individuals' perceptions, the ISACA survey asked respondents to indicate their views on the risks of adopting AI technologies. Most respondents rated the risks associated with AI to be low (30%) or medium (33%), whereas only 9% determined AI to be high risk. In practice, companies must consider the maturity and complexity of the business processes using AI to determine true risk to the company.

One risk is that these emerging technologies will not achieve companies' expectations. To combat this risk, a clear vision needs to be established and supported by defined objectives with realistic targets. Due diligence involves thorough research to identify requirements for new projects that have a significant impact on the company. IT governance should play a substantial role as emerging technologies are being integrated into the business, including representation across different IT groups—such as application development, security, and infrastructure—within the IT governance process. This will enable communication across various parts of the business and help identify additional needs while streamlining project implementation. Monitoring and regular status updates should be communicated to senior leadership throughout the project, as well as post-launch to help determine if ROI was achieved or miscalculated.

Risks can also emerge from changing regulations that may limit the success of an emerging technology. For example, privacy laws related to the collection of consumer data could impede a company's ability to use successfully certain emerging technologies by disrupting current products and services in production. New regulations are imminent, especially surrounding algorithmic bias for technologies that affect customers. Continuous monitoring of new regulations and nimble development processes are necessary to ensure models comply with changing and new regulations.

Finally, there is a risk that a misconfiguration of the technology could cause an algorithm error issue, which would affect data quality and create threats to data security. These risks can be mitigated by putting strong change management processes in place. These processes ensure test cases are effectively designed and performed, that version controls appropriately log changes to models and source code repositories, and that peer reviews are conducted for coding and model changes. During the planning and building phase, it is critical to be mindful of the data set to identify potential biases and ethical dilemmas.
​
Adopting emerging technologies can create competitive advantages, but these benefits are naturally accompanied with risk. Process owners can take a proactive approach to identify risks by engaging with internal audit or enterprise risk management. Starting discussions about risks and controls early in the technology's implementation will help identify any unaddressed issues and process improvements and ensure emerging technologies are successfully integrated into the business.

What if you could run the full Windows 10 or Windows 11 experience on the iPad you’re carrying around everywhere with you? Microsoft actually has a product that does that: The brand-new Windows 365 lets you create and customize a Cloud PC. You can then access it securely from any device that supports internet browsers. Even an iPad or a Mac.

Windows 365 is a cloud-based Microsoft experience that targets businesses. The product might help companies rethink their strategies for upgrading their fleet of Windows devices. Rather than continuously investing in new hardware, some businesses might want to keep their current PCs and get Windows 365 PCs for their employees.

The Windows 365 Cloud PC comes with customizable hardware. You can choose how many cores, how much RAM, and how much storage a workstation requires. It can all be changed after the fact, in real-time, if a particular Cloud PC needs more resources to get the job done.

That PC is tied to a single user who can then access their remote desktop from anywhere in the world.

How to get the Windows 365 Cloud PC. After configuration, the Cloud PC is always there, ready to let you pick up where you left off. You can access it via a browser or an app. To get back to the iPad example, you can choose between Safari and a dedicated iOS app.

You’d access your Windows 365 PC similarly from any other device that can run browser apps.

The Cloud PC is encrypted, and the data is encrypted as it’s streamed to you. That’s the key thing about Microsoft’s Cloud PC. You need an active internet connection to use it. Microsoft explains that if you can stream video on your current device, then Windows 365 works. And the Cloud PC’s connection is more formidable than most home setups.

But once set up, the Cloud PC will offer you an instant-on experience. You’ll get all your documents just as you left them the last time you “opened” your work PC. And you’ll be able to roll back the Cloud PC to previous states if you’ve deleted anything by mistake.

Windows 365 launched on August 2nd, but it’s only available to businesses. You can expect a per-user monthly subscription cost, in line with what’s available from other 365 experiences.

It’s unclear when commercial users will ever get access to the product. There might be regular Windows users who might want a similar Cloud PC experience without getting one from their employer.

What does a Cloud PC cost? Things aren’t as easy as with Microsoft 365.

You’ll be able to customize the Cloud PC’s hardware depending on your organization’s needs. Or have your company’s IT department configure your virtual Cloud PC based on the performance you require for getting work done.

Cloud PCs start at a single-core CPU, 2GB of RAM, and 64GB of storage, but they can go up to an eight-core CPU, 32GB of RAM, and 512GB of storage.

The idea of running Windows in the cloud isn’t new, and Microsoft already offers an alternative to interested customers. But Windows 365 is going to make the entire thing a lot simpler. IT departments can customize a Cloud PC within minutes, and users can log into their remote workstation as soon after that initial setup.
​
You can check out Windows 365 in great detail at this link. There are three configurations priced at $31, $41, and $66 per month per user. A more detailed Microsoft Mechanics video gives you an actual look at what the Windows 365 experience will look and feel like, including on the iPad.

Microsoft is officially acquiring RiskIQ, a security software vendor. RiskIQ provides management tools and threat intelligence gathering against a wide range of cyberattacks across Microsoft’s own cloud services, AWS, on-premises servers, and supply chain attacks. While Microsoft hasn’t valued the deal, Bloomberg reported that the company is said to be paying more than $500 million for RiskIQ.

The cloud-based RiskIQ software detects security issues across networks and devices, and the company lists Box, the US Postal Service, BMW, Facebook, and American Express as customers. RiskIQ was originally founded in 2009 and has gradually become an important player in analyzing security threats.

Microsoft hasn’t laid out a detailed plan for how it will integrate RiskIQ into its own security offerings, but it’s bound to use RiskIQ’s software across Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel eventually.

“RiskIQ has built a strong customer base and community of security professionals who we will continue to support, nurture, and grow,” says Eric Doerr, vice president of cloud security at Microsoft. “RiskIQ’s technology and team will be a powerful addition to our security portfolio to best serve our mutual customers.”
​
Microsoft has been gradually growing and improving its security tools amid an intense battle with ransomware. The software maker even acquired ReFirm Labs last month to help protect servers and Internet of Things devices from security attacks. The acquisitions come after months of troublesome ransomware attacks. The Russia-linked REvil ransomware group has been wreaking havoc with ransomware and supply chain attacks in recent weeks, and the security industry is still reeling from a sophisticated SolarWinds hack that breached everything from Microsoft to US government agencies.