Chicago IT Support & Cyber Security | Forward Technologies

Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.

  • Home
  • Services
    • Outsourced IT Support
    • DMARC Email Security
    • Development
      • Web Development & Facelifts
      • CustomView: Plugin for WordPress
    • Data Recovery Service
    • PPC Marketing Services
    • SEO Services
  • Email Security
    • SPF Basics
    • DKIM Basics
    • DMARC Basics
    • Email Security Consulting
  • Data Recovery Service
  • Blog
  • Contact Us

Microsoft Plugs One Secure Boot Flaw While Leaving Another Wide Open

June 11, 2025 by Edward Silha

A cartoon-style illustration of a worried programmer sitting at a desk with a laptop that has a red padlock icon. Behind him, a menacing robot labeled "VULNERABILITIES" holds two scrolls marked "EXPLOIT." A yellow "SECURE BOOT" sign with a padlock and boot icon hangs on the wall, symbolizing compromised device security. The background is a textured purple.Security researchers have identified two major exploits in the Secure Boot system, both capable of sidestepping one of the most important protections on modern PCs. Microsoft has issued a patch for one of them. The other remains untouched, even as it offers attackers a nearly universal method to bypass security during the startup process.

This week’s patch from Microsoft addresses a vulnerability known as CVE-2025-3052. It impacts over 50 manufacturers whose systems rely on Linux modules to support boot processes. The flaw allows someone with physical access to a device to disable Secure Boot entirely. Once that’s done, they can install malware that loads before the operating system starts. The attack is particularly concerning because it’s stealthy and persistent, and in cases where a hacker already has administrative access, it can be triggered remotely. [Read more…]

Filed Under: Blog, Cybersecurity Tagged With: Binarly, bootloader exploit, CVE-2025-3052, CVE-2025-47827, cybersecurity, DBX blocklist, digital signatures, DT Research, Eclypsium, firmware security, GRUB, IGEL, Linux kernel, malware, Microsoft, operating system security, Secure Boot, UEFI

Hackers Pose as IT Support to Breach Salesforce, Steal Corporate Data, and Demand Ransom

June 4, 2025 by Edward Silha

Illustration of hacker posing as IT support to access Salesforce dataHackers posing as IT support are targeting employees at large companies to sneak into their Salesforce systems and steal data. They start with a phone call, pretending to help with a routine issue. The real goal? To get the employee to connect to a fake version of Salesforce’s Data Loader tool. Once that happens, the attackers can quietly grab sensitive company data.

Google’s Threat Intelligence Group has been tracking the group behind this, known as UNC6040. Their method depends on trust—posing as helpful support staff and guiding employees through what feels like a normal setup process. Because the tool is something many employees already use, it doesn’t seem suspicious. [Read more…]

Filed Under: Blog, Cybersecurity Tagged With: CRM security, cybersecurity, data breach, data extortion, Google Threat Intelligence Group, Microsoft 365, Mullvad, Okta, phishing, ransomware, Salesforce, ShinyHunters, UNC6040, voice phishing, Workplace

Destructive NPM Malware Sat Undetected for Two Years

May 27, 2025 by Edward Silha

A terminal window with red warning text and broken JavaScript icons symbolizing malware in code packagesResearchers have uncovered a batch of malicious packages in the NPM repo that quietly racked up over 6,000 downloads before anyone noticed. These weren’t your typical cryptominers or info-stealers. They were designed to crash systems, wipe files, and corrupt data—sometimes all at once.

NPM is a massive public repository where developers share and download JavaScript packages. It’s used by millions, which makes it a prime target for attacks like this. [Read more…]

Filed Under: Blog, Cybersecurity, Programming Tagged With: cybersecurity, destructive payload, JavaScript security, NPM malware, open source threats, React, supply chain attack, Vite, Vue

Fake IT Calls and Email Floods Used in Sophisticated 3AM Ransomware Attack

May 25, 2025 by Edward Silha

Silhouetted hacker at a keyboard with fake IT call and email alert graphics on screenThe crew behind the 3AM strain of ransomware has been hitting companies using a familiar playbook: flood the target with junk emails, follow up with a fake IT call, and convince someone to hand over remote access. It’s not new, but it still works. Probably more than it should.

This kind of attack was first seen with the Black Basta gang, then picked up by FIN7. Thanks to leaked chat logs and shared templates, it’s now being copied by others. Sophos tracked 55 attacks between November and January that used the same tactics, tied to two different threat actor groups. [Read more…]

Filed Under: Blog, Cybersecurity Tagged With: 3AM ransomware, cybersecurity breach, data exfiltration, email bombing, PowerShell attack, QEMU, Quick Assist, social engineering, Sophos, spoofed IT calls

Microsoft OneDrive Update Prompts Security Fears Over Personal Account Syncing on Work Devices

May 9, 2025 by Edward Silha

FT BLOG OneDrive Personal SyncMicrosoft is quietly pushing out a OneDrive update that’s catching IT departments off guard. A new feature prompts users—by default—to connect their personal OneDrive accounts to corporate machines. No setup needed. The feature just appears and offers a quick, seamless sync between personal and business storage.

Here’s the obvious problem: once files from a corporate machine end up in a personal OneDrive account, they’re basically outside the company’s control. No logging. No tracking. No oversight. That means sensitive information could be moved or shared in ways the organization can’t monitor—and probably wouldn’t approve of. [Read more…]

Filed Under: Blog, Cybersecurity Tagged With: cloud storage, corporate devices, data exfiltration, data security, DisablePersonalSync, enterprise IT, IT policy, Microsoft, OneDrive, personal sync

  • « Previous Page
  • 1
  • 2
  • 3
  • Next Page »

Social Media

  • Facebook
  • GitHub
  • LinkedIn
  • Periscope
  • Twitter

Forward Technologies
747 N LaSalle
STE 500B
Chicago, IL 60654
(312) 715-7806

Copyright © 2025 — Forward Technologies • All rights reserved. • Privacy Policy •