Daily News Roundup: Microsoft Brand Spoofing Is the Worst

Brand spoofing is a type of phishing where the perpetrator pretends to be a well-known brand. Usually, it’s in the form of disguised emails. A recent study revealed that Microsoft is the most spoofed brand by a wide margin.

It’s incredibly easy to forge a sender email address. With just a little bit of time and patience, you can create an email that says it’s coming from Bill Gates, Jeff Bezos, or anyone else you’d like. That very fact makes it tempting for bad actors to do… well bad things.

Frequent attacks include emails claiming your account is locked, and only clicking on a link in the email and providing your username and password will solve the problem. Or along similar lines, a request to confirm payment by providing your credit card number. Usually, the links lead you not to the site it claims to be, but a malware site that may infect your computer and will certainly record your input. You’re handing your user name, password, credit card, etc. directly to the very people you’d never want to have that information.

Security solutions provider FireEye released a report about brand impersonation, and among the brands, they detected as targets of spoofing, Microsoft is the preferred company by far.
The Microsoft brand name itself accounted for 30% of all brand impersonation FireEye identified. It gets for the worse the company, OneDrive is number two at 7%, Microsoft Outlook is number 6 at 4%, LinkedIn and Microsoft Office hit the list as well at 2%. So altogether, Microsoft properties accounted for 45% of all the phishing attacks FireEye discovered. The next closest company was Apple, at just 7%.

FireEye’s report also stated that phishing attacks are on the rise, with an increase of 17% in the first quarter of this year alone. The methods are changing, and the sophistication is growing. And new malicious URLs are even using HTTPS, emphasizing once again that just because the site uses HTTPS doesn’t mean it’s truly safe.

If you receive an email from any company (or anyone claiming to be from a company), asking for information or some confirmation of details, the safest thing to do is skip any links in the email. Open your browser and go straight to the site. Treat the email as malicious until proven otherwise. By following that advice with every email, even from people you know and trust, you’ll avoid a lot of heartache and frustration down the road. [TechRadar]

In Other News:

  • Oppo shows off an under screen camera: Smartphone company Oppo has a new trick to reach the goal of notchless and bezeless phones: hide the camera under the screen. It’s a step up from holepunch cameras as far looks go, but the company warns it needs to overcome issues like haze and glare for the pictures to look good. [The Verge]
  • Vivo’s new tech fully charges your phone in 13 minutes:
    Vivo apparently thinks it takes too long to charge a phone, and we’re inclined to agree. The company introduced Super FlashCharge 120w that it claims can fully charge a phone in just 13 minutes. As you can glean from the name, it delivers 120 watts of power to achieve those results. The unanswered question is how hot your phone gets in the process. [Digital Trends]
  • Don’t click on that Word Doc link: Speaking of malicious emails, security firm WatchGuard revealed a rise in malicious Word Documents sent via email. The method of attack is one patched long ago; attackers seem to be hoping you haven’t updated your system. Update your computer. The same security company stated that Mac malware is also the rise. Good times to be in, right? [ZDNet]
  • Target Wants a Day of Deals too: Move slightly to the side Prime Day. Target also wants to hold a “Deals Day.” For 48 hours. On the same two days as Prime Day. Now you need to watch sites for the ultimate shoehorn deal. [Engadget]
  • Audio Editor Soundtrap offers unlimited storage space: If you use Spotify’s Soundtrap to create music or podcasts, you’ll like this change. The service just increased its storage offering from five projects to unlimited, even on the free tier. A premium tier continues to additional features. Everybody wins! [VentureBeat]
  • Facebook might let you turn off notification dots: If you get annoyed by all the little red dots on groups, watch, etc. in the Facebook app that won’t go away until you tap everything, have we got good news for you. Facebook is looking into turning them off entirely. All we can say is “please please please please please do this Facebook.” [TechCrunch]
  • Apple bought a self-driving company: Drive.ai was a company that intended to bring self-driving car kits to the masses. The idea was supposed to let you retrofit your existing car. All that is past tense because the company ran out of money, and Apple bought it. Layoffs are occurring for some employees, while others will join Apple’s ranks. Can’t wait for a self-driving iCar. [MacRumors]
  • Firefox won’t erase your preferences anymore: Mozilla just patched a pretty crazy and frustrating bug in Firefox. After recent updates, if the browser shut unexpectedly (from powerless or crashes), your preferences would be wiped. Thankfully bookmarks and favorites were spared in the culling. Grab the update now if you like you preferences to stick around. [TechDows]

Bees are incredibly important to our agricultural industry. When it comes to pollinating, they’re responsible for everything from almonds to apples, to avocados.

But the U.S. grows food in mass quantities across large swaths of land, and it’s far more than wild bees could ever handle naturally. So a new industry rose to meet the demand: Beekeeper truckers.

Read the remaining 4 paragraphs

How iOS 13 Will Unlock NFC’s Potential

An iPhone XR with NFC tags on top of it.
Josh Hendrickson

NFC has long been held back by Apple not supporting it—only Android did. Now that both major smartphone platforms will soon support NFC, the technology can reach its full potential. From keyless locks to digital IDs, the future is here.

Why Is NFC and Why Does It Matter?

Three NFC tags on a paper strip.
Josh Hendrickson

Apple Pay has always used NFC for contactless payments. If you’ve ever paid for something using your iPhone or Apple Watch, you’ve used NFC.

NFC stands for Near Field Communications, and it’s a set of standards that allow devices to communicate through radio waves when they’re in close proximity. Emphasis on the close, as the devices need to be 4 inches apart or less.

With NFC, you can accomplish a variety of tasks, whether it be sharing data, mobile payments, or tag reading and writing.

NFC isn’t a new technology by any means, but comprehensive support is something we’ve never seen. Android phones have longed enjoyed full NFC support, along with Blackberrys and Windows Phone. But adopting NFC doesn’t guarantee the success of a mobile platform.

But for all the mobile devices that do have NFC, one significant outlier existed: iPhones. While the Android phone with NFC hardware (the Nexus S) released in 2010, it took until 2014 to see an iPhone with NFC hardware (the iPhone 6). And in the beginning, it was locked down to solely payment processing.

That’s been changing over time, and with iOS 13, an iPhone going back to the iPhone 7 will have its NFC potential unlocked. App developers can read and write to NFC tags, read chipped passports and ID cards, unlock NFC-enabled doors, and more.

RELATED: What is NFC (Near Field Communication), and What Can I Use It For?

Use Your iPhone to Unlock Doors

One of the promises of NFC is added convenience to your life. With expanded support in iOS 13, you could not only leave your wallet at home but maybe even your house keys, too.

Read the remaining 26 paragraphs

Daily News Roundup: Hackers Broke into Ten Telecom Networks

Security researchers have revealed hackers spent years burrowing into ten different telecoms. Using a common method of an email with a link leading to malware, the hackers then used sophisticated techniques to target specific individuals.

Security researchers at Cybereason revealed details of years-long attempts to break into telecom services (cell phone carriers). Starting in 2017, and possibly before, hackers sent emails to unsuspecting telecom employees with malicious links. The initial payload gave the hackers access to the telecom networks.

Once in, the hackers ultimately compromised the network, gaining administrative privileges, and even creating a VPN on the system that let hackers access large amounts of data and empowered them even to shut down the telecom network entirely. The hackers had so much power that Amit Serper, Principal Security Researcher at Cybereason,  described them as essentially a “de facto shadow IT department of the company.”

Sabotage doesn’t seem to be the goal. Instead, the hackers downloaded data about 20 or so specific individual’s Call Detail Records. The information stolen would have contained call history, location history, what device the person is using, and so on. With this hack, the perpetrators achieved similar results to stealing a person’s phone, without the person knowing about it.

Cybereason didn’t reveal which telecoms the group hacked, though they did specify the locations of the targeted individuals as Europe, Africa, the Middle East, and Asia. [ZDNet]

In Other News:

  • Amazon Prime Day is now two days: Amazon’s year tradition of discounting ninety things you don’t need and one thing you’ve been thinking about is back. This year Prime Day will start on July 15th and end July 16th, a full 48 hours later. We’re already looking forward to next year’s Prime Week. [TechRadar]
  • Apple releases public betas of upcoming software: iOS 13, iPadOS, macOS Catalina, and tvOS 13 are moving along quite nicely, and we found lots to love in the new features the company is promising. The next step is here; Apple released public betas for just about all your iDevices. But, remember it is a beta. You probably shouldn’t download it, wait for the release. [Thurott]
  • Ubuntu wants Steam and changed its mind about 32-bit: Canonical, the company behind Ubuntu, planned to remove 32-bit packages and libraries in its upcoming 19.10 update. With that announcement, Steam said it would drop support for Ubuntu. Unsurprisingly, Canonical is reversing course. [Engadget]
  • KitchenAid’s new $3,200 oven is now available: KitchenAid is now selling a smart oven with Google Assistant and Alexa compatibility. It also includes an LCD, a grill attachment, and other optional accessories. And unlike other Smart Ovens, it’s full-sized as opposed to a toaster oven form factor. [Digital Trends]
  • FedEx Sued the U.S. over Huawei shipments: The Huawei news never seems to stop. FedEx recently received bad press when it refused to ship a package containing a Huawei phone. Now it wants the U.S. to stop requiring it to monitor packages for more Huawei phones, calling the process virtually impossible and a potential privacy violation. [CNN]
  • SpaceX caught a nosecone for the first time: Launching rockets is expensive, and one of the most costly parts is building new rocket hardware after every launch. SpaceX’s goal is to reuse as much as possible, and it just pulled off a new trick in pursuit of that aim. For the first time, the company successfully caught a nosecone. The company estimates each nosecone costs six million dollars, so now it just needs to repair the used one for less. [The Verge]
  • USB Cords weren’t reversible because of money: If you’ve ever felt incredibly accomplished because you successfully plugged in a USB Cord the right direction on the first try, Ajay Bhatt, the leader of the team that designed USB, understands your pain. As he explained to NPR, they could have made USB reversible from the beginning. But that meant doubling the wires and increased costs; the goal was to be as cheap as possible. It could have been worse; they considered a round USB design. [NPR]
  • Google promises palm detection for Pixel’s Ambient Display: Like other Android phones, Pixels have an ambient display that shows minimal information at all times. That prevents you from waking up the phone, showing the lock screen, and wasting energy. Unfortunately, it’s too easy to wake up the lock screen right now, defeating the point. Google says it will solve the problem with palm detection. Pixel lovers rejoice. [9to5Google]

Eighty years ago Physicist Eugene Paul Wigner predicted that hydrogen could turn into an electricity-conducting solid at the right temperature.

The idea is fascinating on many levels. Hydrogen is the most abundant element in the universe, so we have plenty to work with and as a solid metal, it might transmit electricity without heating up. That would be perfect for use in superconductors, which typically get very hot.

Creating metallic hydrogen might also tell us more about giant planets like Jupiter, as we suspect the substance fills the planet’s core.

Read the remaining 6 paragraphs

How to Customize the New Windows Terminal App

Windows Terminal with an background showing an ocean wave

With the new Windows Terminal app, Windows now finally has a tabbed terminal that can run Cmd, PowerShell, and Bash prompts in the same window. It’s deeply customizable, too—you can even set animated GIFs as the background.

Beyond the background, you can change the terminal’s theme, too. Whether it’s the colors of the text or backgrounds or the font style, you can make Windows Terminal your own. Microsoft even included several pre-set themes. All you need is a text editor and some basic familiarity with JSON. If you aren’t familiar with JSON, you can probably still make changes; we’ll walk you through it.

How to Customize the Windows Terminal

Windows terminal json configuration file, showing a custom background option.

The first step to customizing Windows Terminal is to ensure Windows has default app associated with the JSON file type. The best way to do that is from File Explorer.

Launch File Explorer and find a JSON file. If you don’t have one, create one. Right-click on File Explorer and “New” then click on “Text document.”

Rename the file to test.json (deleting the .txt extension in the process), and confirm you want to change the extension. If you don’t see the .txt file extension, tell File Explorer to show file extensions.

File explorer submenu with arrows pointing to New and Text Document

Next, right-click on the new JSON file and choose the “Open With” option. Choose your preferred text editor, whether that be Notepad++ or Notepad.

Read the remaining 23 paragraphs

Daily News Roundup: Microsoft Banned Apps Internally And That’s OK

Recently, a list of apps that Microsoft prohibits for internal employee use leaked, including Slack, Grammarly, and others. It’s tempting to think these are the actions of a company hating competition, but the truth is more complicated.

Over the weekend news starting trickling out across the web. Microsoft has a list of apps and programs that it either bans or discourages its employees from using on the job. The list of prohibited apps includes consumer versions of Slack and Grammarly while the discouraging list includes Amazon Web Services (AWS), Google Docs, the cloud version of Github, and the enterprise version of Slack.

In place of Slack, Microsoft wants its employees to use Teams (which is developed by the company), instead of AWS or Google Docs, employees are pointed towards Azure and Office 365, again products offered by Microsoft.

At first blush, it’s easy to think this is a choice to push employees onto company products as a way to drive business uptake. One might even accuse of the company of doing this solely because its own offerings aren’t comparable to competitor products and employees wouldn’t use Teams and Office 365 otherwise.

But that’s not the case. Prohibiting and discouraging specific tools is standard practice at nearly every large company. And it’s a protective measure that prevents Intellectual Property (IP) from accidentally leaking out.

As spelled out by the leaked list, the Free, Standard, and Plus versions of Slack aren’t secure and can’t promise to protect IP. The last thing a company wants is to find out source code was compromised after an employee posted some of it on a chat app for help.

And that’s precisely the reason Microsoft didn’t block Slack Enterprise. It does have the necessary tools and protect IP. Instead, it’s discouraged in favor of Teams. And that’s a simple business decision. Slack Enterprise comes with a cost per user, one the company doesn’t quote on its website. Teams, on the other hand, doesn’t cost Microsoft anything to use, because the company owns it. It’s only natural the company prefers the cheaper option. If another company developed Teams and it cost more than Slack, then Microsoft would prefer Slack Enterprise and discourage Teams.

Grammarly has similar issues. Grammarly checks for errors by sending your text to its cloud servers. If an employee pasted source code into an email, they may accidentally hand that code to Grammarly. Obviously, that risk would be unacceptable to any company concerned with IP and source code.

Read the remaining 9 paragraphs