Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
The conversation kickstarter was the security researcher known as TheAnalyst, who took to Twitter to call out Microsoft for dragging its feet when it came to removing ransomware facilitating malware hosted on OneDrive.
“Does @Microsoft have any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this, now for over three days,” asked TheAnalyst.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
- Take a look at these best alternatives to Microsoft Office
- Check our list of the best firewall apps and services
- Shield yourself with these best identity theft protection services
Former Microsoft security analyst Kevin Beaumont joined in the conversation noting that OneDrive has been used for hosting malware for years.
“Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years,” noted Beaumont.
It’s the same everywhere
Beaumont continued, explaining that getting things taken down from OneDrive is a nightmarish process. He went as far as to cite Microsoft’s rather slow reaction times to refer to it as the “world’s best malware hoster for about a decade.”
However, reporting on the development, HotHardware notes that using cloud storage services to host malware is a problem that plagues other vendors as well. In fact, according to a research by the Bern University of Applied Sciences, Google Cloud and Cloudflare are currently among the top online malware hosting networks.
Beaumont agrees that the problem isn’t exclusive to Microsoft, calling on all “tech companies have got to do better.”
Not so simple
According to security experts that TechRadar Pro spoke to, the issue isn’t as simple to fix as it sounds.
Morey Haber, chief security officer, with cybersecurity vendor BeyondTrust, argues that thanks to the prevailing privacy-paramount atmosphere, it wouldn’t take much effort for anyone to get away with uploading malware to their private online storage.
“The question is, does the online provider have the authority or responsibility to assess the files, in a private instance, for malware or potential illegal activity? And, if they do, how much authority do they have to assess anything for any type of legal issues? Simply, where does the cloud service provider start and stop being a representative for law enforcement,” asks Haber.
He continues that of course if the malware in the cloud is publicly accessible, or accessible to large quantities of people, or being served to individuals as a part of an attack or other illegal activity, it is established procedure for the cloud provider to take them down immediately.
However, in his opinion assessing a private instance shouldn’t be subject to the same legal paradigm. This would perhaps explain the inaction of the cloud providers against the malware hosted in the threat actor’s private silos.
- Protect your devices with these best antivirus software
Suffering a ransomware attack can be a stressful experience and there is an innate fear within not just security professionals, but business owners as well that their own organization could be next. Though ransomware is a widely discussed issue, there is always a sense of shock whenever a successful attack occurs.
Bindu Sundaresan is Director at AT&T Cybersecurity.
In the initial moment after the attack, the organization is alone as it tries to grasp the severity of the situation. But once the attackers are in the system with access to the sensitive assets, it is at the mercy of intruders, and this is when a call for help is made. Typically, in a ransomware attack scenario, that call is made to a Managed Security Service Provider (MSSP) to aid in the remediation and recovery process.
Unfortunately, it’s a scenario I’ve seen many times in my career on the frontline helping victims come to terms with the situation. While the ransomware victims may change, there are commonalities in each case where security or policy practices can be improved upon to reduce the risk of becoming a ransomware victim. These practices including the following:
1. Dust off the incident response plan
Chaotic. Frantic. Confused. Upset. These are a few of the words I would describe some of the victims I’ve spoken with when a ransomware attack has occurred. It’s an understandable reaction, especially if it is the first time they’ve experienced an attack that has brought the business to a standstill.
With that said, there should always be an incident response plan in place. Furthermore, it must be stress-tested so that the whole organization understands its role in such a situation. Key individuals should know what needs to be communicated internally and externally to partners and law enforcement, for example.
Just like fire-alarm drills, incident response plans should be viewed in the same vein. Know the processes and the technology that would need to be used to help reduce the potential damage of the threat and regularly test them so that nothing comes as a surprise. Merely having discussions in a meeting room about responding to a cybersecurity incident with no pressure or sense of urgency will only lull the organization into (quite literally) a false sense of security.
Ultimately, there needs to be a chain of command with a sole individual making the final decisions during a ransomware incident. If an external MSSP is assisting, do not expect them to make decisions for the you– ideally, this will be one person from the organization and preferably someone with experience in dealing with security incidents.
2. Go beyond 30 days of logging
A common question I get asked in the early stages of an attack is whether the hackers are still on the network and, if so, where are they hiding? To determine this, IT teams will normally look to logs to understand the tools, techniques and procedures (TTPs) used by attackers. The mistake many make when scanning these logs is relying on the default settings, which do not capture enough data e.g., the last 30 days on an Active Directory (AD) controller.
In many instances, this is too short of a time frame to discover the root of a compromise which is essential to understand how to avoid a similar incident. Remember, hackers can be on the network for much longer than 30 days. This is why it is important to go beyond what is required for basic compliance and extend logging to several months on important servers as a minimum.
3. Locate the assets
Next on the list: patching. And this means patching physical devices, cloud repositories, storage, applications, and all servers. To do patching properly, organizations must know every asset that is connected to their networks. You would be surprised by the number of organizations that don’t have an accurate asset inventory, meaning they have with no idea what’s connected to the network. Many times, when asking personnel about what’s connected, I am often met with silence.
Remember, you can’t secure what you can’t see. Asset inventory should be conducted in real-time to give an accurate reading for it to be useful for attack recovery analysis. This capability has been readily available for a number of years and should be incorporated within the organization’s configuration management database (CMDB).
4. Test the backups
Having backups of critical assets is essential, particularly in the event of a ransomware attack. However, a common problem is that businesses do not always test the backup process, particularly in simulated attack scenarios where resources may be limited. Testing this regularly can highlight potential weaknesses.
Many have adopted the 3-2-1 back up format whereby assets are saved across three different locations either offline or online. However, bear in mind that if the company is hit by a cyberattack that causes connectivity outages, then retrieving these backups becomes problematic.
5. Don’t be afraid to ask for help
It is well documented that small and medium enterprises don’t have an abundance of resources to effectively defend themselves. This may lead many to opt for a DIY approach to security, but this can be counterproductive as some crucial security elements could be missed.
Cybersecurity is a team sport so there is no need to go at it alone. Utilizing the scale and expertise of an MSSP can help reduce the response time significantly. If organizations are struggling to meet their security needs, then seek the expertise of MSSPs and the many benefits they bring.
By taking steps now to address some of the most common issues associated with a ransomware attack scenario, organizations can not only reduce their risk, but also improve their response in case a ransomware attack happens.
- We feature the best business VPN.
The Apple MacBook Pro 14-inch (2021) was officially announced at Apple’s Unleashed event on October 18, showcasing enhanced processing and graphical capabilities thanks to the latest M1 Pro and M1 Max chips, a 14.2-inch, 120Hz mini LED display and the return of beloved ports that were removed back in 2016.
Last year we saw the MacBook Pro 13-inch (2020) hit the market using the same M1 silicon that also features in the budget-friendly MacBook Air and 24-inch iMac devices. While the original M1 SoC (system-on-a-chip) certainly made some waves, a MacBook Pro device using the same hardware felt a tad lackluster.
While we anticipated that Apple would release a more powerful chip (anticipatedly dubbed as the ‘M1X’), we instead got two powerful new processors: the M1 Pro and the M1 Max, allowing you to configure your MacBook Pro to your exact requirements.
We’ve been eager to get our mitts on some fresh Apple silicon since WWDC 2021 back in June, with the MacBook Pro 14-inch and MacBook Pro 16-inch (2021) both appearing in various leaks and rumors for several months. Now that it’s here, the wait is finally over, and it looks as though this new MacBook Pro could be one of the best laptops on the market for some time, let alone one of the best MacBooks when stacked against its older, Intel-powered history.
The new MacBook Pro 14-inch features a flat-edged design, MagSafe charging, a mini-LED display, and a built-in SD card reader and HDMI port, all features that make it a perfect companion for creative professionals such as graphic designers and photographers.
If you’re worried about running your favorite applications, don’t be – the M1 Max powered MacBook Pro 14-inch is 3.7 times faster in CPU performance than an (undisclosed generation) Intel i7 and 13 times faster in graphical performance.
We won’t know for sure how the MacBook Pro 14-inch (2021) will cope in a hands-on setting, but some early benchmarks for the M1 Max SoC suggest it’ll be more than capable of running just about anything you can throw at it.
Regardless, this is the most excited we’ve been for an Apple product launch all year. While we wait for a full review, here’s everything we know so far.
MacBook Pro 14-inch (2021): Cut to the chase
- What is it? An all-new MacBook Pro 14-inch
- When is it out? Preorders live now, available from Tuesday, October 26
- What will it cost? Starting from $1,999 / £1,899 / AU$2,999
MacBook Pro 14-inch (2021) release date and price
The MacBook Pro 14-inch (2021) is available for pre-order now and they will arrive with you around Tuesday, October 26, the same date that you can pick one up from physical Apple Store locations and Apple Authorized Resellers like Amazon.
We know that the 8-Core CPU, 14-Core GPU M1 Pro model with 16GB unified memory and 512GB SSD storage will retail for $1,999 / £1,899 / AU$2,999, ($1899 for education), and the more powerful 10-Core CPU, 16-Core GPU M1 Pro with 16GB Unified Memory and 1TB SSD storage will set you back a hefty $2,499 / £2,399 / AU$3,749.
There’s no set pricing for the M1 Max model of the MacBook Pro 14-inch, but you can configure the laptop over on the Apple website, allowing you to customize your memory (16GB, 32GB and 64GB) and available storage (up to 8TB SSD).
At a maximum configuration of the 10-core CPU and 32-core GPU M1 Max processor, 64GB of RAM and 8TB of SSD storage, this 14-inch beast will set you back a princely $5,899 / £5,799 / AU$8,849.
MacBook Pro 14-inch (2021) design
While many other ranges in the Apple family have been receiving colorful updates this year, the MacBook Pro 14-inch (2021) is keeping things classy (or perhaps outdated?), with two chassis color options, Silver and Space Gray. It’s a tad disappointing to see two variations of gray rather than including something like a stylish Anthracite, or even the same funky shades we say featured on the 24-inch M1 iMac.
We do have some good news regarding ports though, with the MacBook Pro 14-inch (2021) featuring three Thunderbolt 4 ports, one HDMI port, an SDXC card slot, and a MagSafe 3 port, along with a Magic Keyboard with Touch ID, Force Touch trackpad, and a USB-C power adapter.
With all those ports at your disposal, you can connect up to three Pro Display XDRs and a 4K TV with M1 Max, or two Pro Display XDRs if you opt for the M1 Pro.
The rumors regarding the widely-despised Touch Bar being killed off were also accurate, with the space being replaced with new, physical keyboard shortcuts for Spotlight, Siri, Dictation and Do Not Disturb.
Now that we’re in 2021, we also finally have a 1080p webcam on a MacBook, which is a serious upgrade from the pixelated 720p hardware that Apple has begrudgingly held onto for the last few years. Not only that, this webcam uses a lens with a wider aperture that lets in more light which should help to prevent any background noise (that weird, ‘static-like fuzz).
Together with a larger image sensor that has more efficient pixels, the camera delivers two times better low‑light performance, so you won’t need any fancy lighting to look your best.
MacBook Pro 14-inch (2021) display
We heard rumors that the display featured on the MacBook Pro 14-inch (2021) would be a Liquid Retina XDR display featuring mini-LED technology, and it would appear that those long-lived assumptions are correct. The mini-LED display can deliver up to 1,000 nits of sustained, full-screen brightness, 1,600 nits of peak brightness, and a 1,000,000:1 contrast ratio.
The MacBook Pro 14-inch (2021) also has a fantastic P3 wide color gamut coverage and supports one billion colors for the smoother gradients, ProMotion, and an adaptive 120Hz refresh rate, the fastest one ever to feature on a MacBook device.
The screen goes beyond just looking gorgeous for any movies and TV shows you might be watching on the go. Its features are incredibly important for creatives and those working in industries such as video editing, which when combined with the inclusion of the built-in SD card reader and HDMI port shows Apple’s focus on making this the next best laptop on the market for creative professionals and students alike.
While it does feature that dreaded camera notch we were worried about, the MacBook Pro 14-inch (2021) has a 14.2-inch screen and a total of 5.9 million pixels – more pixels than the previous Intel-powered 16-inch MacBook Pro.
MacBook Pro 14-inch (2021) specifications
Given the introduction of the M1 Pro and M1 Max SoC’s, the 14-inch MacBook Pro looks like it’s packing some serious power. As mentioned, there’s plenty of configurations available so you can keep things relatively budget-friendly (for a Pro device anyway), or splash some cash to max out the available component options.
Regardless of what processor you choose, both the M1 Pro and M1 Max are big leaps over the existing M1 chip, and the M1 chip was no slouch to begin with. With this latest generation of MacBook Pro laptops, Apple has gone back to its roots, providing an absolute powerhouse for creative professionals.
If you opt for the M1 Pro then that has a dual-chip architecture that supports up to 32GB of unified memory, which Apple claims is ‘high bandwidth, low latency. The memory bandwidth is 200GB/s, which is almost three times the bandwidth of the M1.
The CPU has eight high-performance cores and two high-efficiency cores, and the M1 Pro will switch between these to optimize performance to whatever tasks you’re running. For graphics, the M1 Pro comes with a 16-core GPU with 2,048 execution units, and a performance of 5.2 teraflops, which Apple promises is two times faster graphics performance compared to the M1.
If you have money burning a hole in your pocket, or some really demanding applications to run then you can opt for the M1 Max instead. This flagship chip supports up to twice the amount of memory as the M1 Pro, and is also made up of 57 billion transistors, almost twice that of the M1 Pro’s already an impressive number.
It’s important to note that the M1 Max comes with the same 10-core processor as the M1 Pro, but you’re certainly getting some other benefits. For graphical performance, the M1 Max comes with 32 cores, double that of the M1 Pro.
The GPU also comes with 4,096 execution units, twice as many as the M1 Pro, as well as twice the maximum concurrent threads (98,304 vs 49,512).
According to Apple, that 10-core CPU in M1 Pro and M1 Max running in the 14-inch MacBook Pro enables:
- Up to 3.7x faster project builds using Xcode.
- Up to 3x more Amp Designer plug-ins in Logic Pro.
- Up to 2.8x faster computational fluid dynamics performance in NASA TetrUSS.
Featuring the 16-core GPU in M1 Pro and the 32-core GPU in M1 Max, the 14-inch MacBook Pro transforms graphics-intensive workflows with:
- Up to 9.2x faster 4K render in Final Cut Pro with M1 Pro, and up to 13.4x faster with M1 Max.
- Up to 5.6x faster combined vector and raster GPU performance in Affinity Photo with M1 Pro, and up to 8.5x faster with M1 Max.
- Up to 3.6x faster effect render in Blackmagic Design DaVinci Resolve Studio with M1 Pro, and up to 5x faster with M1 Max.
Both M1 Pro and M1 Max are supercharged with a 16-core Neural Engine, allowing users to enjoy faster ML tasks, including:
- Up to 8.7x faster object tracking performance in Final Cut Pro with M1 Pro, and up to 11.5x faster with M1 Max.
- Up to 7.2x faster scene edit detection in 1080p ProRes 422 video in Adobe Premiere Pro.
- Up to 2.6x faster performance when selecting subjects in images in Adobe Photoshop.
MacBook Pro 14-inch (2021) battery life
If battery life is a big concern of yours, then Apple has some great news for you, with both the 14-inch and 16-inch MacBook Pro updates massively outperforming the earlier M1 MacBook Pro 13-inch (2020) and the MacBook Air (2020) devices.
According to Apple, the MacBook Pro 14-inch (2021) model can deliver up to 17 hours of video playback, which doesn’t quite hold a light to the 16-inch model which can achieve a remarkable 21 hours of video playback. Still, that’s an extra seven hours to play with which is no small feat for a laptop this powerful.
Better yet, this new generation of MacBook Pro can deliver the same level of performance whether it is plugged in or using the battery, so you won’t be losing any performance when you’re away from a power outlet.
Interestingly, there’s a difference between the two different sizes (outside of dimensions of course) that Apple didn’t really mention. While both models can be charged over Thunderbolt or MagSafe, only the 14-inch MacBook Pro can fast charge over the USB-C/Thunderbolt 4 ports as well as MagSafe, with the larger 16-inch MacBook Pro limited to fast charging over the MagSafe port.
Zoho has expanded its Zoho One business software suite to include more than 50 apps, adding a wide range of capabilities around analytics, security management, and employee experience.
The vendor launched Zoho One in 2017 with the goal of providing access to a wider range of the applications across its extensive portfolio. The app suite costs $37 per employee per month when subscriptions are purchased annually for a customer’s entire workforce; otherwise annual subscriptions are $90 per user per month.
On Tuesday, Zoho added a range of apps and services to the suite. Many of these are pre-existing Zoho apps that are available in Zoho One for the first time.
This includes five apps covering employee experience, productivity, and data analytics: Zoho Learn, a learning management tool; TeamInbox, a shared email inbox; Zoho Lens, an augmented reality app that enables remote assistance; DataPrep, a self-service data preparation and management tool; and Zoho Commerce, which contains components for building a retail website, accept payments, and more.
There are three new services within Zoho One: Org Dictionary, a central dictionary that aids consistent spellings of terms and employee names; Work Graph, which maps interactions between employees, resources, and systems; and a mobile application management (MAM) service for managing access on a range of devices.
There are also several platform enhancements, including embedded, conversational analytics; natural-language-powered enterprise search; a unified view of apps, services, and dashboards for employees; and a customizable dashboard with pre-built widgets to provide visibility across the organization.
Zoho said there are now 40,000 Zoho One customers, citing growth of 60% year-on-year during the pandemic, and up from 20,000 in 2019.
For some businesses, Zoho’s comprehensive approach to its software suite — which includes sales, marketing, HR, and finance apps, as well as productivity tools — can offer an advantage over integrating multiple point solutions, according to Holger Mueller, VP and principal analyst at Constellation Research.
“Allowing enterprises to get rid of integration of best-of-breed products has always been a powerful point,” Mueller said. “As with all integrated suites, if the integration fits/works, it is great. If the functionality is not good enough, then there is integration work to do… but in general, Zoho has been above the ‘good enough’ limit consistently.”
The expansion to Zoho One on Tuesday is the first major update to the suite since late 2019, when Zoho added a phone bridge system, a workflow management app, single sign-on, and a blockchain time-stamping feature for Zoho Sign.
Hao Kuo Chi, who lives in California, was found to have conspired with others to unlawfully access the cloud storage accounts of more than three hundreds Apple customers across the US. This campaign extended at least as far back as September 2014.
As noted in a document from the US Department of Justice, once inside, Chi “specifically sought out nude photographs and videos of young women”. These assets were then traded with “conspirators”, some of whom later leaked the content into the public domain.
- Here’s our list of the best external hard drives right now
- We’ve built a list of the best secure drives on the market
- Check out our list of the best portable SSDs available
Although Chi has not yet been sentenced, the joint penalties for conspiracy and computer fraud carry a maximum of 20 years in federal prison. As part of the plea agreement, he has agreed to testify against others involved in the scheme, which may or may not result in a more lenient sentence.
Under the online pseudonym “icloudripper4you”, Chi boasted frequently of his ability to break into iCloud accounts and exfiltrate the images and videos stored therein.
To gain access to iCloud accounts, Chi masqueraded as a member of the Apple customer support team using a series of fake email accounts. Although the court documentation does not specify, victims were presumably encouraged to hand over their login credentials under false pretences.
The documentation also makes reference to instances in which conspirators themselves provided Chi with the Apple IDs and passwords of victims.
Although Chi sold the stolen content to others online, he also maintained a 1TB cloud storage subscription to house a large bank of nude images and footage for his personal collection. In total, this collection is said to have comprised hundreds of thousands of items.
While Chi’s scheme ultimately affected only a tiny fraction of Apple iCloud customers, of which there are thought to be roughly one billion, the duration and sexually-motivated nature of the crime will be cause for concern for many.
TechRadar Pro asked Apple for comment on the steps users can take to shield their iCloud accounts from campaigns of this kind, but did not receive an immediate response.
- Here’s our choice of the best identity theft protection services
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.