Malicious 2FA attacks, account takeovers on the rise and how to dictate text on your iPhone lead this week’s tech news.
In a week of security breaches and product releases, these are the top stories you may have missed on TechRepublic for Sept. 22 – 29, 2022.
Account takeover attacks on the rise, impacting almost 25% of people in the US
The fraud management company SEON found that 22% of adults in the US were affected by account takeovers. Over half of these attacks took over social media accounts, and nearly a third were bank accounts, reports Lance Whitney.
TL;DR: 60% of victims used the same password for multiple accounts, a practice that can be mitigated with password management software.
How to dictate text on your iPhone
iOS 16 brings updated dictation features that allow users to provide more nuance and detail in their dictated messages than in previous versions of the mobile OS. Included in the new features are phrases that quickly all-cap, start a new paragraph or line, and add simple emojis.
SEE: BYOD Approval Form (TechRepublic Premium)
TL;DR: Lance Whitney provides a quick overview of the new dictation capabilities, as well as detailed instructions on how to enable and use the new features.
Malicious OAuth app enables attackers to send spam through corporate cloud tenants
Experienced attackers used credential stuffing, takeover of the Exchange Online PowerShell module, and app-authentication permissions via OAuth and removal of transport rules to cloak high volumes of spam emails, said Microsoft in a recent report.
TL;DR: Cedric Pernet reports that by setting up app-authentication permissions, threat actors could continue to access accounts via OAuth even if the account owner changed password permissions. These types of attacks show the increased need for organizations and individuals to adhere to strict security guidelines.
Why 2FA is failing and what should be done about it
Jack Wallen breaks down why two-factor authentication is failing consumers and making business data less safe: The short term compromises that companies are making to appease consumers who still use “password123” for all their apps are hobbling long-term security gains.
TL;DR: By adhering to strict 2FA guidelines for all apps and all users, we steepen the security learning curve and get fewer successful hacks in the long term.
How to find and install the new Windows 11 22H2 update
TL;DR: The Windows Installation Assistant requires only a couple of clicks to install and confirm your update, while downloading the Disk Image ISO file takes a few more steps.