Chicago IT Support & Cyber Security | Forward Technologies

Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.

  • Home
  • Services
    • Outsourced IT Support
    • DMARC Email Security
    • Development
      • Web Development & Facelifts
      • CustomView: Plugin for WordPress
    • Data Recovery Service
    • PPC Marketing Services
    • SEO Services
  • Email Security
    • SPF Basics
    • DKIM Basics
    • DMARC Basics
    • Email Security Consulting
  • Data Recovery Service
  • Blog
  • Contact Us

Destructive NPM Malware Sat Undetected for Two Years

May 27, 2025 by Edward Silha

A terminal window with red warning text and broken JavaScript icons symbolizing malware in code packagesResearchers have uncovered a batch of malicious packages in the NPM repo that quietly racked up over 6,000 downloads before anyone noticed. These weren’t your typical cryptominers or info-stealers. They were designed to crash systems, wipe files, and corrupt data—sometimes all at once.

NPM is a massive public repository where developers share and download JavaScript packages. It’s used by millions, which makes it a prime target for attacks like this. [Read more…]

Filed Under: Blog, Cybersecurity, Programming Tagged With: cybersecurity, destructive payload, JavaScript security, NPM malware, open source threats, React, supply chain attack, Vite, Vue

Fake IT Calls and Email Floods Used in Sophisticated 3AM Ransomware Attack

May 25, 2025 by Edward Silha

Silhouetted hacker at a keyboard with fake IT call and email alert graphics on screenThe crew behind the 3AM strain of ransomware has been hitting companies using a familiar playbook: flood the target with junk emails, follow up with a fake IT call, and convince someone to hand over remote access. It’s not new, but it still works. Probably more than it should.

This kind of attack was first seen with the Black Basta gang, then picked up by FIN7. Thanks to leaked chat logs and shared templates, it’s now being copied by others. Sophos tracked 55 attacks between November and January that used the same tactics, tied to two different threat actor groups. [Read more…]

Filed Under: Blog, Cybersecurity Tagged With: 3AM ransomware, cybersecurity breach, data exfiltration, email bombing, PowerShell attack, QEMU, Quick Assist, social engineering, Sophos, spoofed IT calls

Microsoft OneDrive Update Prompts Security Fears Over Personal Account Syncing on Work Devices

May 9, 2025 by Edward Silha

FT BLOG OneDrive Personal SyncMicrosoft is quietly pushing out a OneDrive update that’s catching IT departments off guard. A new feature prompts users—by default—to connect their personal OneDrive accounts to corporate machines. No setup needed. The feature just appears and offers a quick, seamless sync between personal and business storage.

Here’s the obvious problem: once files from a corporate machine end up in a personal OneDrive account, they’re basically outside the company’s control. No logging. No tracking. No oversight. That means sensitive information could be moved or shared in ways the organization can’t monitor—and probably wouldn’t approve of. [Read more…]

Filed Under: Blog, Cybersecurity Tagged With: cloud storage, corporate devices, data exfiltration, data security, DisablePersonalSync, enterprise IT, IT policy, Microsoft, OneDrive, personal sync

Microsoft’s Passkey Push Comes with Strings Attached

May 2, 2025 by Edward Silha

Password or PasskeyMicrosoft is shifting new account signups away from passwords and toward passkeys. It’s part of a broader industry effort, with companies like Google and Apple also pushing for a future where stolen credentials are no longer a threat. This move sounds like progress, but there’s more going on beneath the surface.

Going forward, anyone creating a new Microsoft account will be guided to set up a passkey. Existing users will also see prompts asking them to make the switch. The goal is simple: reduce the security risks and user frustration tied to traditional passwords. Most people reuse weak logins. That leads to leaks, breaches, and a lot of expensive damage.

[Read more…]

Filed Under: Blog, Cybersecurity Tagged With: account security, credential theft, digital security, FIDO Alliance, Microsoft, Microsoft Authenticator, passkeys, passwordless login, phishing protection, tech industry standards

Apple Rushes Out Patches After “VIPs” Get Hacked—Your Emo Playlist Still at Risk

April 22, 2025 by Edward Silha

Apple just pushed out emergency updates across iOS, macOS, and other platforms to squash two zero-day bugs that were actively being exploited. But before you panic: unless you’re someone Apple might actually send a holiday card to, you’re probably not the target. Their official language? These vulnerabilities were used against “specific targeted individuals.” Translation: celebrities, high-ranking officials, or people who pay someone else to clean their AirPods.

[Read more…]

Filed Under: Blog, Cybersecurity Tagged With: Apple zero-day update, Core Audio vulnerability, emergency Apple patch, Google Threat Analysis Group, iOS security flaw, macOS security, VIP hacks

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • Next Page »

Social Media

  • Facebook
  • GitHub
  • LinkedIn
  • Periscope
  • Twitter

Forward Technologies
747 N LaSalle
STE 500B
Chicago, IL 60654
(312) 715-7806

Copyright © 2025 — Forward Technologies • All rights reserved. • Privacy Policy •