When ransomware actors strike, they often disrupt a company’s email services, phones, internal chat, or other ways of sending messages both urgent and random. The last thing you want is a cyberattack leading to a whole company-wide, “You’re on mute” situation.

An FBI official told a cybersecurity-summit audience in April that IT teams and executives must be prepared with messaging options outside of the usual telecom frequency, aka “out of band.”

“We’ve had CEOs who have had their personal cell phones compromised and…robo-texted and robo-called, so they can’t use their cell phone to engage with their organization about how to recover properly. So, what is your actual plan for out-of-band communications?” said Bryan Vorndran, assistant director of the FBI’s cyber division, at CrowdStrike’s Government Summit.

What we have here is…A report from the cybersecurity provider StormWall revealed that denial-of-service attacks increased by 74% in 2022, with telecommunications making up 26% of the DDoS incidents.

A February compromise recently walloped the internal servers and IT telephony at Dish Network. Vulnerable VoIP services have, in fact, been the way in for at least one recent ransomware group.

While the robo-texting of a CEO’s phone may be unusual, a more common disruption involves encrypting the systems frequently accessed from that phone.

Enterprise services like Office 365 can be tied to Active Directory. An attacker with access to AD admin credentials, common in ransomware scenarios, may get a good look inside Office 365 email or internal-chat platforms.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

We expect web experts to build and deploy magic. That’s a lot of pressure, and they deserve the right tools to make that magic happen.

IONOS is a web professional’s toolbox and a treasure chest all in one. They have a comprehensive range of hosting products, servers, and cloud solutions. Like their WordPress hosting, it’s got integrated caching, daily backups, and customizable updates.

Then there’s the Deploy Now membership, which gives you fast, streamlined hosting for git-based sites and apps. And did we mention their free Partner Program, which lets web pros tap into lead generation, single sign-on access, and product trials?

Last but not least, there’s the green factor. IONOS has proprietary data centers in North America and Europe that run on 100% renewable electricity. Web projects renewable energy.

Tap into the trove of IONOS tools. Get started for free.

Are you sitting down?

Kohler’s new PureWarmth heated, LED-equipped toilet seat has a design flaw that allows backend users to manipulate it.

At this April’s RSA Conference, Independent Security Evaluators principal security analyst Joshua Meyer showed how anyone can access the PureWarmth system using the Bluetooth functionality of your personal device—no Kohler app needed.

Meyer used the analytical Bluetooth app nRF Connect to access the toilet seat settings. He showed IT Brew how he was able to change the LED guide light’s color as an example of what could be done.

“The color and the brightness are two visible things we can mess with,” Meyer said, while changing the LED color from a calming blue to a vibrant orange. “The color just ends up being a wide array of hex values.”

While the exploit doesn’t have any major security impact—there’s no private information stored in the seat, and no data to access—it does indicate that many IoT products aren’t as secure as they could be.

“Some of the backend stuff is sort of a low level way of interacting with this; you’re not using an app that has a fancy button,” Meyer told IT Brew. “This is actually directly sending commands.”

As IT Brew reported in February, the French company Withings is marketing a urinalysis product that sits in your toilet bowl and sends data and medical information to the cloud. Withings assured us at CES ’23 in January that the product was secure.

“Many global companies are attacked on a daily basis,” Julius Dewavrin, a product manager at Withings, said at the time. “The team is prepared for the better or worse attack.”—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Microsoft is testing ways to shove yet more ads for its own services into Windows—this time in the Settings app.

Multiple outlets reported that one of the latest Insider Preview test builds of Windows 11 comes with a “Home” tab in the Settings menu, hawking a free Microsoft 365 trial and urging users to sign in with a Microsoft account. A separate prompt under the Accounts tab reiterates requests to log in with Microsoft. News of the new promotional tests was first publicized by Albacore, a Twitter user who explores Windows test builds.

The software giant has long tested ways to inject ads and information about paid or tiered products like Office 365 and OneDrive cloud storage into the OS, ranging from promotional messages in File Explorer and “notifications” in the Start Menu to reminders that users can back up with OneDrive in the sign-out menu. (Recent editions of Windows 11 Home are also set up by default to sync with OneDrive, creating possible file system issues.)

While not all of these efforts have ended up being rolled out to consumers—Microsoft quickly walked back the File Explorer ads as an experiment that never should have been visible in test builds—it’s clear the company is interested in seeing how far it can push the envelope.

Other changes may be more of a headache, such as Microsoft’s recent decision to force people to use its Edge browser while opening links from Outlook and Teams. The Verge reported that while Microsoft 365 Enterprise IT admins will be able to undo that change, Microsoft 365 for business admins will have to roll it back individually on a per-machine basis.

Microsoft didn’t respond to IT Brew’s request for comment on this story.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Today’s top IT reads.

Stat: 45%. That’s the proportion of software workers considering leaving their jobs due to a toxic work environment, a new survey found. (ITPro Today)

Quote: “In the last 15 or 20 years, we’ve just gradually come to accept that privacy is dead, that every single thing we do online and increasingly offline just generates data for big tech companies to feed on.”—Gideon Lichfield, Wired editor-in-chief, on the decline of online privacy (Wired)

Read: Microsoft is targeting .zip files by looking inside the files for malware—a move that’s generating privacy concerns. (Ars Technica)

Kiss bugs goodbye: Get complete QA coverage for your web apps in just 4 months. With QA Wolf, you have access to unlimited parallel test runs + round-the-clock test maintenance to stop bugs from reaching production.*

^{*This is sponsored advertising content.}