Chicago IT Support & Cyber Security | Forward Technologies
Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.
Researchers have uncovered a batch of malicious packages in the NPM repo that quietly racked up over 6,000 downloads before anyone noticed. These weren’t your typical cryptominers or info-stealers. They were designed to crash systems, wipe files, and corrupt data—sometimes all at once.
NPM is a massive public repository where developers share and download JavaScript packages. It’s used by millions, which makes it a prime target for attacks like this. [Read more…]
The crew behind the 3AM strain of ransomware has been hitting companies using a familiar playbook: flood the target with junk emails, follow up with a fake IT call, and convince someone to hand over remote access. It’s not new, but it still works. Probably more than it should.
This kind of attack was first seen with the Black Basta gang, then picked up by FIN7. Thanks to leaked chat logs and shared templates, it’s now being copied by others. Sophos tracked 55 attacks between November and January that used the same tactics, tied to two different threat actor groups. [Read more…]
Microsoft is quietly pushing out a OneDrive update that’s catching IT departments off guard. A new feature prompts users—by default—to connect their personal OneDrive accounts to corporate machines. No setup needed. The feature just appears and offers a quick, seamless sync between personal and business storage.
Here’s the obvious problem: once files from a corporate machine end up in a personal OneDrive account, they’re basically outside the company’s control. No logging. No tracking. No oversight. That means sensitive information could be moved or shared in ways the organization can’t monitor—and probably wouldn’t approve of. [Read more…]
Microsoft is shifting new account signups away from passwords and toward passkeys. It’s part of a broader industry effort, with companies like Google and Apple also pushing for a future where stolen credentials are no longer a threat. This move sounds like progress, but there’s more going on beneath the surface.
Going forward, anyone creating a new Microsoft account will be guided to set up a passkey. Existing users will also see prompts asking them to make the switch. The goal is simple: reduce the security risks and user frustration tied to traditional passwords. Most people reuse weak logins. That leads to leaks, breaches, and a lot of expensive damage.
Apple just pushed out emergency updates across iOS, macOS, and other platforms to squash two zero-day bugs that were actively being exploited. But before you panic: unless you’re someone Apple might actually send a holiday card to, you’re probably not the target. Their official language? These vulnerabilities were used against “specific targeted individuals.” Translation: celebrities, high-ranking officials, or people who pay someone else to clean their AirPods.
