Tech Republic

A new report from cloud security company Zscaler sheds light on the growing mobile threats on Android operating systems, as well as IoT and OT devices threats. The findings come as more than 60% of the global Internet traffic is now generated by mobile devices and financially-oriented mobile threats have grown by 111% over the last year. A list of mobile malware threats Zscaler’s ThreatLabz witnessed a 29% rise in banking mobile malware over the previous year, with banking malware representing 20% of the total Android threat landscape. Most active banking malware families to date include: Vultur, which is primarily distributed through the Google Play Store. Hydra, distributed via phishing messages, websites, and malicious Google Play Store applications. Ermac, designed to steal financial data from banking and wallet apps. Anatsa, also known as TeaBot Coper, also known as Octo Nexus, primarily targets cryptocurrency accounts Most of these banking malware record keystrokes, hijack credentials, and intercept SMS messages in order to bypass Multi-Factor Authentication. SEE: How to Create an Effective Cybersecurity Awareness Program (TechRepublic Premium) Spyware threats soar by more than 100% In addition to banking malware, spyware threats have also grown, with researchers indicating that blocked transactions increased by 100% over the previous year. The most prevalent spyware reported are SpyLoan, SpinOk, and SpyNote. SpyLoan has the ability to steal personal data from devices, such as accounts, device information, call logs, installed apps, calendar events, metadata, and more. SpinOk spyware collects sensitive data and files from various locations on the infected device and exfiltrates the data to an attacker-controlled server. SpyNote, also known as CypherRat, provides additional remote access capabilities so that the attacker can control execution of software on the mobile device. According to Zscaler, most mobile malware targeted India (28%), the U.S. (27%), and Canada (15%), followed by South Africa (6%), The Netherlands (5%), Mexico (4%), Nigeria (3%), Brazil (3%), Singapore (3%) and the Philippines (2%). Top 10 countries targeted by mobile malware. Image: Zscaler Impacted sectors include technology (18%), education (18%), manufacturing (14%), retail and wholesale (12%), and services (7%). Most targeted sectors. Image: Zscaler Mobile malware are distributed via various methods. One method consists of using social engineering techniques. As an example, Zscaler reports that attackers deployed the Copybara mobile malware by using voice phishing (vishing) attacks, where the victim received voice instructions to install the malware on their Android phones. QR code scam is also common, where victims are tricked into scanning malicious QR codes leading to malware infections or, in some cases, to phishing pages. Some malware is also available on the Google Play Store. This includes Joker — which silently subscribes users to premium services without their consent to generate charges — followed by adware malware type and facestealer, a Facebook account stealer. Most prevalent malware families in the Google Play Store. Image: Zscaler Overall, despite an overall decrease in Android attacks, financially-oriented mobile threats have grown by 111% over the last year. Must-read security coverage IoT and OT threats Internet of Things and Operational Technology environments keep expanding and are increasingly targeted by attackers, according to the report. The researchers indicate that the number of IoT devices interacting with them has grown by 37% year-over-year. IoT malware attacks have grown by 45% over the past year, with routers being the most targeted type of device, with more than 66% of attacks aimed at these devices. The leading malware families hitting IoT devices are Mirai (36.3%) and Gafgyt (21.2%). Botnets built with these malware on IoT devices can be used to launch large Distributed Denial of Service attacks. IoT devices most targeted by malware attacks. Image: Zscaler Regarding the geographical distribution, more than 81% of IoT malware attacks are aimed at the U.S., followed by Singapore (5.3%), the United Kingdom (2.8%), Germany (2.7%), Canada (2%), and Switzerland (1.6%). Most targeted countries – IoT malware attacks. Image: Zscaler Top sectors impacted by IoT malware attacks are manufacturing (36.9%), transportation (14.2%), food, beverage, and tobacco (11.1%). On the OT side, 50% of the devices in many deployments use legacy, end-of-life operating systems. Protocols prone to different vulnerabilities are also often exposed in OT environments, such as SMB or WMI. As an example, ThreatLabz analyzed the OT content of a large-scale manufacturing organization, comprising more than 17,000 connected OT devices across more than 40 different locations. Each site contained more than 500 OT devices with end-of-life Microsoft Windows operating systems, many of which had known vulnerabilities. 67% of the global traffic to the OT devices was unauthorized or blocked. Risky internal traffic protocols in a manufacturing OT environment. Image: Zscaler What will the future look like? According to Zscaler, IoT and OT devices will remain primary threat vectors, while the manufacturing sector will remain a top target for IoT attacks, including ransomware. Zscaler also suspects artificial intelligence will be increasingly used to deliver high-quality phishing campaigns targeting mobile users. However, AI will also help defenders automate critical functions and better prioritize their efforts. How to protect IoT and OT devices from cyber attacks To protect from threats on IoT and OT devices, it is necessary to: Gain visibility on IoT and OT devices is a priority. Organizations need to discover, classify, and maintain lists of all IoT and OT devices used in their full environment. Keep all systems and software up to date and patched to prevent being compromised by common vulnerabilities. Network logs must be collected and analyzed. Suspicious user account access and system events must be particularly monitored. Multi-factor authentication must be deployed when possible, and default passwords and accounts must be changed or disabled. Zero-Trust device segmentation should be enforced for IoT and OT assets to minimize data exposure. How to protect mobile devices from cyber attacks To protect from threats on mobile devices, it is important to: Install security applications on the devices, to protect them from malware and possible phishing attempts. Any link arriving on the mobile phone, no matter the application, should be cautiously examined. In case of suspicious

Novo Novo is a fintech company; not a bank. Deposit account services provided by Middlesex Federal Savings, F.A., Member FDIC. Physical debit cards issued by Middlesex Federal Savings or Patriot Bank, N.A., Member FDIC; virtual cards issued by Patriot Bank, pursuant to licenses from Mastercard® International Incorporated. is a financial technology company that offers business checking services for small business owners, freelancers, and entrepreneurs. With account features like seamless integration with various business tools and a fee-free structure, Novo has a mission of simplifying the banking process for modern businesses. Novo’s fast facts Our rating: 4.8 out of 5 Starting price: Free for basic business checking services. No monthly maintenance fees or minimum balance requirements. Key features: No monthly fees Unlimited free invoicing Access to integrations like Stripe, Slack, QuickBooks, and more No fees for ACH transfers, mailed checks, or incoming wires Image: Novo Novo Business Checking is gaining traction in the small business community as a reliable option for freelancers and small business owners looking for an easy-to-use and low-cost banking solution. Unlike traditional bank structures, Novo’s simple, online-first approach removes much of the complexity and high costs associated with standard business banking procedures. With a streamlined mobile app that integrates accounting, payments, and expense management tools, Novo is designed for business owners that value automation and efficiency for their business. Let’s continue to explore Novo’s standout features, pricing structure, and how it compares to other business banking services. 1 Rippling Spend Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Automated Accounting, Bill Pay, Cash Back Rewards, and more Novo Reviews: What Users Think of Novo 4.75/5 Novo’s customers often rave about its clean, intuitive interface and the ability to integrate with a wide variety of business tools. Freelancers and small business owners particularly appreciate Novo’s no-fee structure, which eliminates the worry of unexpected banking charges. The ability to manage invoices, track expenses, and link accounts to apps like Shopify, Stripe, and QuickBooks make Novo a top choice for entrepreneurs who want to streamline their finances. Some user reviews mention that the lack of cash deposits and limited customer support options can be downsides, but for businesses that operate mostly online and don’t rely on in-person banking, Novo performs exceptionally well. TrustPilot: 4.7 out of 5 starsForbes: 4.6 out of 5 starsNerdwallet: 4.5 out of 5 stars Many users praise the fast account setup process, noting that it only takes a few minutes to open a Novo account online. One business owner shared that Novo’s invoicing system saved them hours of manual work each week, while another highlighted the fee-free ACH transfers as a huge benefit for managing their cash flow. However, some customers pointed out that Novo does not offer interest-earning accounts, which might be a downside for businesses looking to grow their savings over time. While Novo excels at providing the basics, it might not be ideal for companies seeking more advanced financial services, such as lines of credit or loans. Novo’s Pricing Structure 4.9/5 One of Novo’s greatest advantages is its cost — or lack thereof. Novo offers a completely free business checking account with no monthly fees, no minimum balance requirement, and no hidden charges. This makes it an attractive option for small business owners who want to avoid the often prohibitive costs of traditional banking. Free Plan: No monthly maintenance fees. No minimum balance required. Free ACH transfers. Unlimited invoicing and bill pay. Free incoming wires and mailed checks. Free integration with third-party tools like Xero, Shopify, Stripe, and Slack. There are no upgrade tiers with Novo; all users receive the same free services regardless of the size of their business. While Novo doesn’t charge fees for many basic banking services, it should be noted that businesses cannot deposit cash through Novo’s platform. This might be a limiting factor for those who handle large amounts of physical currency. Novo’s Key Features 4.8/5 Novo’s standout feature is its comprehensive suite of integrations that allow users to connect their accounts to popular business tools, making it a highly efficient platform for managing finances. Here’s a closer look at the key features that set Novo apart: Seamless IntegrationsNovo integrates with over a dozen third-party business apps, including Stripe, Shopify, QuickBooks, and Zapier, allowing users to sync their financial data across various platforms. This integration-friendly approach makes Novo a powerful tool for entrepreneurs who want to automate their finances and streamline operations. Invoicing and PaymentsNovo offers unlimited invoicing at no extra cost. Users can generate professional invoices directly from the app and accept payments through various channels, including ACH transfers and credit card processors like Stripe. This feature is especially useful for freelancers and service-based businesses looking to track payments in one place. No Monthly Fees or Minimum Balance RequirementsOne of the biggest draws of Novo is its truly fee-free structure. There are no monthly maintenance fees, no minimum balance requirements, and no charges for basic services like ACH transfers, bill pay, or incoming wires. For small businesses on a budget, this is a huge win. Free ATM AccessNovo refunds all ATM fees, meaning users can withdraw cash from any ATM without worrying about additional charges. Mobile-First PlatformNovo’s mobile app is highly rated for its user-friendly interface and the ability to manage finances on the go. From categorizing expenses to sending invoices, everything can be done through the app, making it a convenient option for business owners who are always on the move. Would Our Expert Use Novo? 5.00/5 We highly recommend Novo for small businesses, freelancers, and entrepreneurs who want a low-cost, tech-friendly banking solution. Novo’s intuitive interface, no-fee structure, and wide range of integrations make it a perfect fit for business owners who value efficiency and automation. Our favorite feature is the seamless integration with business tools like Shopify and QuickBooks, allowing users to manage everything from accounting to inventory in one place. The unlimited invoicing and fee-free ACH transfers are also

Reading books is one of the best ways to access new ideas and learn new strategies in business. However, finding the time to digest a couple of chapters each day can be a challenge. That’s where Headway can help. This powerful app gives you access to 15-min summaries of over 1,500 non-fiction reads on your phone. Lifetime Premium subscriptions are worth $299.95, but you can get yours today for only $44.99 with coupon code HEADWAY at TechRepublic Academy. The stats in favor of daily reading are pretty stark. In his book “Rich Habits,” during a five-year study of 200 millionaires, author Thomas Corey found that 86% of them spent time reading books every day. Some even added to that with audiobooks. Of course, most of us don’t have the same kind of schedule as Bill Gates and Jack Ma cited in the book, but with Headway, you can still maintain a daily reading habit. About Headway This app helps you replace doom-scrolling with bite-size learning and serves up a personalized stream of interesting reads, with key concepts taken from top minds. Each summary focuses on the most important takeaways and takes just 15 minutes to read — or you can listen to an audio version on the way to work. To help you retain what you read or hear, the app also has a spaced repetition feature. Headway lets you focus on specific topics through carefully curated collections. Alternatively, you can pick out anything that interests you in the app. You can download Headway on iOS, Mac, and Android devices (20 million people already have). It has a rating of 4.5 stars on the App Store and 4.4 on Google Play. Check out Headway Premium: Lifetime Subscription and take advantage of this unique offer. Now at $44.99 when using coupon code HEADWAY at checkout. Prices and availability are subject to change. source

Introduced by the Australian government in September, the Scam Prevention Framework (SPF) is the latest policy aimed at protecting scam victims. The framework places significant responsibility on the technology, banking, and telecommunications sectors to develop effective solutions. Non-compliance could result in hefty penalties, including fines of up to AU$50 million. Additionally, companies that fail to comply may be required to compensate scam victims. The codes will be mandatory and are expected to be introduced in late 2024.. Australians lost $2.74 billion to scams last year — and that figure is likely underestimated, as many victims do not report their losses. This has become a significant issue affecting society as a whole. SEE: How Organizations Can Prevent Their Employees Falling for Cyber Scams How will the Scam Prevention Framework work? Australia won’t be the first to introduce laws to protect victims from scams. In 2023, the U.K. passed legislation making the banking industry liable for losses from scams. These laws, which took effect on Oct. 7, 2024, have not yet been fully tested for their impact. However, they allow scammed individuals to claim up to £415,000 in lost money, with few exceptions. What sets the Australian laws apart is that they also cover tech platforms like Google and Facebook, which frequently host scam ads and allow scammers to operate. Additionally, telecommunications companies are included, as they facilitate the data flow and communication between scammers and their victims. The key components of the SPF The SPF laws have been drafted up with five key objectives in mind: Consumer Protection: Financial institutions and telecom operators play a key role in detecting and blocking scam activity before it reaches consumers. This also includes public awareness campaigns that educate consumers about the risks of scams and how to protect themselves. Detection and Reporting: The framework supports the development of advanced tools and technologies that help in identifying scams in real time. A standardised reporting mechanism is established to ensure that scam incidents are consistently tracked and shared with relevant authorities and industry players. Industry Collaboration: SPF promotes collaboration between financial institutions, telecom companies, and digital platforms to share information about scam trends and emerging threats. By creating a unified front, businesses and government can work together to reduce the success rate of scams and limit financial losses. Government and Law Enforcement: Law enforcement agencies are given enhanced powers and resources to investigate and prosecute scammers, particularly those operating internationally. The government is also actively involved in policy development and coordination with international bodies to address scams that cross national borders. Technological Solutions: Investments in AI, machine learning, and data analytics help to proactively detect scam patterns and stop them before they impact consumers. The SPF encourages innovation and the adoption of cutting-edge tools that can filter scam communications and transactions. More Australia coverage Not everyone is happy with the SPF The Communications Alliance has raised concerns with the SPF, suggesting that there is a “quadruple jeopardy” liability within the draft legislation. Luke Coleman, CEO of the Communications Alliance, highlighted that there were already three other government-controlled avenues available to people that telecommunications are liable to make reparations from scams: the Australian Communications and Media Authority, Australian Competition and Consumer Commission, and External Dispute Resolution Scheme. There is also the potential for civil action, including class action. In a submission to the government in response to the proposed laws, the Communications Alliance made three “key” recommendations for refinement: Move specific details into sector codes: They recommend shifting detailed provisions from the primary legislation to sector-specific codes, which would be registered and enforced by relevant regulators. This would allow for greater flexibility and ease of enforcement, as each sector, including telecommunications, banking, and digital platforms, faces unique challenges. Establish a safe harbour from “quadruple jeopardy”: Telecommunications companies could face liability under four concurrent enforcement mechanisms, leading to legal uncertainty. The submission advocates for creating a “safe harbour” for telcos who comply with their sector-specific codes, protecting them from additional penalties by other regulators, dispute resolution bodies, or civil actions. Accelerate implementation of practical scam-prevention measures: They call for the fast-tracking of initiatives such as the SMS Sender ID registry and reforms to the Numbering Plan. These measures would enhance the ability to prevent scams by improving how sender identities and phone numbers are managed and tracked across the telecommunications industry. Meanwhile, a consortium of consumer advocates, including Choice and Consumer Action Law Centre, claimed in their own submission that the currently proposed laws would fail to adequately protect consumers. It claimed that the dispute resolution process is “unworkable,” and that “it is designed for businesses to take a minimum-standard compliance approach to obligations, rather than incentivising innovation to keep up with scammers who are always steps ahead.” What should IT professionals do to prepare? The SPF isn’t expected to go before parliament until November and, if it is passed, it won’t come into effect until 2025. But IT professionals should take proactive measures to ensure their organizations have a smooth transition into compliance, as the SPF will become a major source of risk, and technology will need to be the answer: 1. Review current security protocolsIT teams should conduct a comprehensive audit of their existing security infrastructure, identifying any gaps in the detection and prevention of scam-related activities. This includes assessing how effectively systems identify phishing attempts, fraudulent transactions, and other forms of cybercrime. 2. Collaborate with cross-industry stakeholdersA core objective of the SPF is to encourage collaboration between technology companies, financial institutions, and telecommunications operators. IT professionals should engage with these stakeholders to ensure that data-sharing protocols are robust and secure, and that the latest scam trends and emerging threats are communicated in real time. This collaborative approach will be essential to staying ahead of increasingly sophisticated scams. 3. Strengthen incident reporting and responseA standardized reporting system is key to ensuring consistent tracking of scams. IT departments should streamline their incident reporting processes to ensure that any scam attempt is documented and shared promptly with

TL;DR: Get lifetime access to the 2024 Affiliate Marketing & Passive Income Masterclass Bundle for just $24.99 (reg. $159). Affiliate marketing has become one of the top strategies for creating passive income streams, allowing entrepreneurs to earn money while they focus on their core business. The 2024 Affiliate Marketing & Passive Income Masterclass Bundle is a terrific solution for anyone looking to dive into the world of affiliate marketing to create sustainable, passive income streams. This bundle, priced at just $24.99 (regularly $159), includes four in-depth courses that provide essential tools for starting or refining affiliate marketing efforts. According to Statista, affiliate marketing spending in the U.S. is expected to reach over $15 billion by 2028. As more businesses turn to digital marketing channels, there’s a growing demand for professionals who understand how to create revenue-generating apps and drive affiliate sales. What’s included This bundle features a comprehensive curriculum that includes multiple courses, each offering practical lessons in affiliate marketing, B2B sales strategies, product management, market size determination, and effective marketing communications. Other features worth mentioning include lifetime access to the materials, allowing you to go back and review them whenever you need. It also focuses on real-world strategies that give you actionable, data-driven techniques that can be applied immediately to start generating passive income. A variety of individuals can benefit from the instruction in this bundle. Freelancers and entrepreneurs might enjoy using it to create an extra income stream by leveraging affiliate marketing techniques. Bloggers and content creators can also use affiliate links and partnerships to monetize their content effortlessly. And if you’re a small business owner, you can explore affiliate marketing as a cost-effective way to scale your business. Affiliate marketing is an easy way to generate income without the need for large initial investments. With this bundle, you can learn the ins and outs of the business and start building your own passive income stream, all from the comfort of your home. Don’t miss the 2024 Affiliate Marketing & Passive Income Masterclass Bundle while it’s on sale for $24.99 (regularly $159). Prices and availability subject to change. source

New research by cybersecurity firm Mandiant provides eyebrow-raising statistics on the exploitation of vulnerabilities by attackers, based on an analysis of 138 different exploited vulnerabilities that were disclosed in 2023. The findings, published on Google Cloud’s blog, reveals that vendors are increasingly being targeted by attackers, who are continually reducing the average time to exploit both zero-day and N-day vulnerabilities. However, not all vulnerabilities are of equal value to attackers, as their significance depends on the attacker’s specific objectives. Time-to-exploit is falling significantly Time-to-exploit is a metric that defines the average time taken to exploit a vulnerability before or after a patch is released. Mandiant’s research indicates: From 2018 to 2019, the TTE sat at 63 days. From 2020 to 2021, it fell to 44 days. From 2021 to 2022, the TTE dropped even further to 32 days. In 2023, the TTE sat at just 5 days. SEE: How to Create an Effective Cybersecurity Awareness Program (TechRepublic Premium) Zero-day vs N-day As TTE continues to shrink, attackers are increasingly taking advantage of both zero-day and N-day vulnerabilities. A zero-day vulnerability is an exploit that hasn’t been patched, often unknown to the vendor or the public. An N-day vulnerability is a known flaw first exploited after patches are available. It is therefore possible for an attacker to exploit a N-day vulnerability as long as it has not been patched on the targeted system. Mandiant exposes a ratio of 30:70 of N-day to zero-days in 2023, while the ratio was 38:62 across 2021-2022. Mandiant researchers Casey Charrier and Robert Weiner report that this change is likely due to the increased zero-day exploit usage and detection rather than a drop in N-day exploit usage. It is also possible that threat actors had more successful attempts to exploit zero-days in 2023. “While we have previously seen and continue to expect a growing use of zero-days over time, 2023 saw an even larger discrepancy grow between zero-day and n-day exploitation as zero-day exploitation outpaced n-day exploitation more heavily than we have previously observed,” the researchers wrote. Zero-day vs N-day exploitation. Image: Mandiant Must-read security coverage N-day vulnerabilities are mostly exploited in the first month after the patch Mandiant reports that they observed 23 N-day vulnerabilities being exploited in the first month following the release of their fixes, yet 5% of them were exploited within one day, 29% within one week, and more than half (56%) within a month. In total, 39 N-day vulnerabilities were exploited during the first six months of the release of their fixes. N-day exploitation. Image: Mandiant More vendors targeted Attackers seem to add more vendors to their target list, which increased from 25 vendors in 2018 to 56 in 2023. This makes it more challenging for defenders, who try to protect a bigger attack surface every year. CVE-2023-28121 exploitation timeline. Image: Mandiant Cases studies outline the severity of exploitations Mandiant exposes the case of the CVE-2023-28121 vulnerability in the WooCommerce Payments plugin for WordPress. Disclosed on March 23, 2023, it did not receive any proof of concept or technical details until more than three months later, when a publication showed how to exploit it to create an administrator user without prior authentication. A day later, a Metasploit module was released. A few days later, another weaponized exploit was released. The first exploitation began one day after the revised weaponized exploit had been released, with a peak of exploitation two days later, reaching 1.3 million attacks on a single day. This case highlights “an increased motivation for a threat actor to exploit this vulnerability due to a functional, large-scale, and reliable exploit being made publicly available,” as stated by Charrier and Weiner. CVE-2023-28121 exploitation timeline. Image: Mandiant The case of CVE-2023-27997 is different. The vulnerability, known as XORtigate, impacts the Secure Sockets Layer (SSL) / Virtual Private Network (VPN) component of Fortinet FortiOS. The vulnerability was disclosed on June 11, 2023, immediately buzzing in the media even before Fortinet released their official security advisory, one day later. On the second day after the disclosure, two blog posts were published containing PoCs, and one non-weaponized exploit was published on GitHub before being deleted. While interest seemed apparent, the first exploitation arrived only four months after the disclosure. CVE-2023-27997 exploitation timeline. Image: Mandiant One of the most likely explanations for the variation in observed timelines is the difference in reliability and ease of exploitation between the two vulnerabilities. The one affecting WooCommerce Payments plugin for WordPress is easy to exploit, as it simply needs a specific HTTP header. The second is a heap-based buffer overflow vulnerability, which is much harder to exploit. This is especially true on systems that have several standard and non-standard protections, making it difficult to trigger a reliable exploitation. A driving consideration, as exposed by Mandiant, also resides in the intended utilization of the exploit. “Directing more energy toward exploit development of the more difficult, yet ‘more valuable’ vulnerability would be logical if it better aligns with their objectives, whereas the easier-to-exploit and ‘less valuable’ vulnerability may present more value to more opportunistic adversaries,” the researchers wrote. Deploying patches is no simple task More than ever, it is mandatory to deploy patches as soon as possible to fix vulnerabilities, depending on the risk associated with the vulnerability. Fred Raynal, chief executive officer of Quarkslab, a French offensive and defensive security company, told TechRepublic that “Patching 2-3 systems is one thing. Patching 10,000 systems is not the same. It takes organization, people, time management. So even if the patch is available, a few days are usually needed to push a patch.” Raynal added that some systems take longer to patch. He took the example of mobile phone vulnerability patching: “When there is a fix in Android source code, then Google has to apply it. Then SoC makers (Qualcomm, Mediatek etc.) have to try it and apply it to their own version. Then Phone makers (eg Samsung, Xiaomi) have to port it to their own version. Then carriers sometimes customize the firmware

Pretty much all of the tech giants offer cloud storage nowadays. However, you can easily find yourself shelling out serious money to store your digital data. As a more affordable alternative, Koofr is earning some serious plaudits. This innovative platform lets you upload and access your files with no size limit, and you can even hook up your other online accounts. In a unique offer from TechRepublic Academy, you can pick up a lifetime 1TB subscription for only $119.97 with coupon code KOOFR40 to be used at checkout. That’s a massive 85% off. Cloud storage is really an essential tool in running any business. Whether it’s simple spreadsheets, promo videos, company logos or even customer data, having a secure online backup of your files is vital. Putting your files in the cloud also means you can work on any device. About Koofr Cloud Storage Koofr provides these benefits and more. This platform allows you to upload and view files on pretty much any device with a browser. This means you can log in on Windows, macOS, Linux and Chrome laptops along with iOS and Android mobile devices. You can even connect via WebDAV. Koofr’s desktop app makes it easy to manage your data, with smart features like duplicate removal and batch file renaming. The service uses absolutely no trackers, and you can easily connect other online accounts to import your files. Another useful feature for businesses is the ability to share files via custom branded links. This means you can easily go above the file size limit on your email, with the ability to share the same link over and over again. Order today for only $119.97 with code KOOFR40 to get your lifetime 1TB subscription, normally worth $810. Prices and availability are subject to change. source

There are probably a dozen ways of sending money that are easier than faxing a check. Even so, it is still possible and legal to send a check with fax — and you might find yourself in a situation where it’s your only choice. If you ever need to fax a check, it’s important to follow a few steps to make sure it’ll work properly and that you’re doing it securely. What to know before you fax a check Most people moved on from faxing, but the technology still works, and it is still around. Some businesses (typically in highly regulated markets) and some government agencies still rely on the ability to work with faxed checks. There are individuals who prefer faxing checks when they need to pay a business with a check by a certain deadline and wouldn’t be able to mail it in time. Since a fax goes through instantly, it can help save you from late fees if you find yourself in that unlikely situation. Additionally, faxing a check is also secure because it leaves a paper trail for you to prove that you sent in the check by a certain date. Before you fax a check, there are a few things you should do first to ensure it goes well. Confirm that the business accepts checks. In most cases, if you’re faxing a check to businesses, it’s because they’ve specifically requested you to do so; if they haven’t, double-check before you send a faxed check that won’t be accepted. Make a photocopy of your check. Most fax machines require full-sized paper to send faxes, so a check is likely to be too small to put through the machine. Make a copy of the check first on printer paper, and hold onto the original. Find a fax machine or an online fax service. You can send faxes with almost any computer or cellphone if you use an online fax service, or you can go to a print shop or UPS store to use an analog fax machine. If you have your own Multi-Function Printer (MFP) at home, you might be able to send a fax using that. Draft a fax cover sheet. Faxes need cover sheets so the recipient knows what they’re getting. Write that you’re sending a check for a certain amount and include the reason you’re sending the check—for instance, “Payment for account 123.” Fill out the check memo. This can also be, “Payment for account 123,” or whatever the reason is that you’re sending the check. This goes in the memo field of the check itself. Keep the company’s contact information close by. You’ll obviously need the fax number, but you’ll also want to follow up with the business via phone or email as soon as you send the fax to make sure it went through. Be aware of the potential security issues with online faxing, and take steps to mitigate them. While most cloud faxing services are highly secure, it’s worth taking the time to make sure the service you choose is reputable and has security safeguards in place. For maximum security, look for services that have been around for a while, as well as those that are designed to comply with industry regulations like HIPAA. While you aren’t likely to be sending any healthcare information along with your check, merely complying with those kinds of regulatory measures is a good indication that it’s secure enough to cover financial matters as well. What is the best way to fax a check? You can either send a fax the old-fashioned way by using an analog fax machine, or you can use an online fax service. Most people prefer to use an online fax service these days because of the convenience and lack of hardware. I know I do. For example, online options allow you to send a fax from your iPhone or Android. That’s usually a lot more convenient than tracking down a fax machine or ordering a fax modem to enable your computer to send faxes. Online fax services are generally very secure — especially if you’re using one that’s been designed for sending financial, legal, or healthcare documents. They’re generally very cheap, too, with a range of prices based on the volume of documents you need to send. Additionally, online fax services allow you to send and receive faxes from anywhere, and without having to pay for a fax machine, paper, or ink toner. The whole process is more similar to sending a scan via email than the traditional process of sending a fax — you just type in a phone number instead of an email address. If you’re working with a business that requires you to send faxes via an analog machine in the first place, then there’s not much you can do about that. Ultimately, you may have to fax using the preferred method of the person or business you’re sending the check to. How to fax a check using an online service Sending using a good online fax service is straightforward. There are a number of easily accessible, low-cost fax services available online, from basic services that send simple faxes to more complex services with advanced security, fax history, email notifications, and more. You do not need a landline to send faxes with an online service. You just need an internet connection, the fax provider will host all the traditional infrastructure required to send and receive faxes. If you are using a Voice over Internet Protocol (VoIP) phone service, your provider may offer online fax features you can use right away without having to sign up for anything new. Bear in mind, fax is a separate service from VoIP — not every provider offers it, and fax may be an add-on service. DOWNLOAD this VoIP Solutions Feature Comparison from TechRepublic Premium While the exact steps for sending a fax using an online service will vary depending on the service you choose, the steps will generally be the same.

TL;DR: Master Oracle database administration and enhance your IT career with five expert-led courses for just $19.99. In today’s competitive job market, mastering in-demand tech skills is crucial for professionals looking to stay ahead. For anyone interested in becoming a database expert, the 2024 Complete Oracle Course Bundle offers everything you need to gain proficiency in Oracle databases at a terrific price. For just $19.99 (reg. $199), you can access five comprehensive courses designed to equip you with the knowledge and skills to thrive in the tech world. Oracle databases are the backbone of many businesses, from small enterprises to global corporations. With its ability to handle large-scale data workloads, provide high security, and offer scalability, Oracle has become a top choice for industries like finance, healthcare, government, and technology. Oracle-certified professionals are highly sought after, and with this course bundle, you can build your expertise in one of the most powerful database systems available. While it will not get you certified, it will help you prepare for any certification you might seek. What’s included This course bundle is perfect for IT professionals, aspiring database administrators, and software developers looking to enhance their skills or transition into database management. Whether you’re new to Oracle or already have experience in database administration, these courses will help you refine your understanding and apply your skills in real-world situations. For example, the Oracle Database Administrator DBA course provides foundational knowledge in managing and maintaining Oracle databases. You’ll learn to perform tasks like database tuning, troubleshooting, and overall management to keep your databases running efficiently. Data security and availability are essential for any business. The Oracle Data Guard Database Administration for Oracle 12C R2 course focuses on Oracle Data Guard, which protects your data by creating, maintaining, and monitoring standby databases to ensure high availability and disaster recovery. By mastering Oracle database administration, you’ll have a competitive edge in landing high-demand roles. Don’t miss this opportunity to boost your career with The 2024 Complete Oracle Course Bundle for just $19.99 (reg. $199) — it’s a one-time investment in your future that could pay off in a big way. Prices and availability subject to change. source

Anthropic has unveiled a major update to its Claude AI models, including the new “Computer Use” feature. Developers can direct the upgraded Claude 3.5 Sonnet to navigate desktop apps, move cursors, click buttons, and type text — essentially imitating a person working at their PC. “Instead of making specific tools to help Claude complete individual tasks, we’re teaching it general computer skills—allowing it to use a wide range of standard tools and software programs designed for people,” the company wrote in a blog post. The Computer Use API can be integrated to translate text prompts into computer commands, with Anthropic giving examples like, “use data from my computer and online to fill out this form” and “move the cursor to open a web browser.” This is the first AI model from the AI leader that is able to browse the web. The update works by analysing screenshots of what the user is seeing then calculating how many pixels it needs to move a cursor vertically or horizontally to click the correct place or perform another task using the software available. It can tackle up to hundreds of successive steps to complete a command, and will self-correct and retry a step should it encounter an obstacle. The Computer Use API, available now in public beta, ultimately aims to allow devs to automate repetitive processes, test software, and conduct open-ended tasks. The software development platform Replit is already exploring using it for navigating user interfaces to evaluate functionality as apps are built for its Replit Agent product. “Enabling AIs to interact directly with computer software in the same way people do will unlock a huge range of applications that simply aren’t possible for the current generation of AI assistants,” Anthropic wrote in a blog post. Claude’s Computer Use is still fairly error-prone Anthropic admits that the feature is not perfect; it still can’t effectively handle scrolling, dragging, or zooming. In an evaluation designed to test its ability to book flights, it was successful only 46% of the time. But this is an improvement over the previous iteration that scored 36%. Because Claude relies on screenshots rather than a continuous video stream, it can miss short-lived actions or notifications. The researchers admit that, during one coding demonstration, it stopped what it was doing and began to browse photos of Yellowstone National Park. It scored 14.9% on OSWorld, a platform for evaluating a model’s ability to perform as humans would, for screenshot-based tasks. This is a far cry from human-level skill, thought to be between 70% and 75%, but it is nearly double that of the next best AI system. Anthropic is also hoping to improve this capability with developer feedback. Computer Use has some accompanying safety features The Anthropic researchers say that a number of deliberate measures were made that focused on minimising the potential risk associated with Computer Use. For privacy and safety, it does not train on user-submitted data, including screenshots it processes, nor could it access the internet during training. One of the main vulnerabilities identified is prompt injection attacks, a type of ‘jailbreaking’ where malicious instructions could cause the AI to behave unexpectedly. Research from the U.K. AI Safety Institute found that jailbreak attacks could “enable coherent and malicious multi-step agent behavior” in models without such Computer Use capabilities, such as GPT-4o. A separate study found that Generative AI jailbreak attacks succeed 20% of the time. To mitigate the risk of prompt injection in Claude Sonnet 3.5, the Trust and Safety teams implemented systems to identify and prevent such attacks, particularly since Claude can interpret screenshots that may contain harmful content. Furthermore, the developers anticipated the potential for users to misuse Claude’s computer skills. As a result, they created “classifiers” and monitoring systems that detect when harmful activities, such as spam, misinformation, or fraudulent behaviours, might be occurring. It is also unable to post on social media or interact with government websites to avoid political threats. Joint pre-deployment testing was conducted by both the U.S. and U.K. Safety Institutes, and Claude 3.5 Sonnet remains at AI Safety Level 2, meaning it doesn’t pose significant risks that require more stringent safety measures than the existing. SEE: OpenAI and Anthropic Sign Deals With U.S. AI Safety Institute, Handing Over Frontier Models For Testing More must-read AI coverage Claude 3.5 Sonnet is better at coding than its predecessor In addition to the computer use beta, Claude 3.5 Sonnet offers significant gains in coding and tool use but at the same cost and speed of its predecessor. The new model improves its performance on SWE-bench Verified, a coding benchmark, from 33.4% to 49%, outpacing even reasoning models like OpenAI o1-preview. An increasing number of companies are using Generative AI to code. However, the technology is not perfect in this area. AI-generated code has been known to cause outages, and security leaders are considering banning the technology’s use in software development. SEE: When AI Misses the Mark: Why Tech Buyers Face Project Failures Users of Claude 3.5 Sonnet have seen the improvements in action, according to Anthropic. GitLab tested it for DevSecOps tasks and found it delivered up to 10% stronger reasoning with no added latency. The AI lab Cognition also reported improvements in its coding, planning, and problem-solving over the previous version. Claude 3.5 Sonnet is available today through Anthropic API, Amazon Bedrock, and Google Cloud’s Vertex AI. A version without Computer Use is being rolled out to Claude apps. Claude 3.5 Haiku is cheaper but just as effective Anthropic also launched Claude 3.5 Haiku, an upgraded version of the least expensive  Claude model. Haiku delivers faster responses as well as improved instruction accuracy and tool use, making it useful for user-facing applications and generating personalised experiences from data. Haiku matches the performance of the larger Claude 3 Opus model for the same cost and similar speed of the previous generation. It also outperforms the original Claude 3.5 Sonnet and GPT-4o on SWE-bench Verified, with a score of 40.6%. Claude 3.5 Haiku