Fincomp Services Ltd

12/06/2026

Managed security is evolving to catch phishing sites faster using fine-tuned AI models. As hackers get smarter, your defense systems have to keep up. How often does your team participate in security training to spot the latest online scams?

ImmuniWeb unveiled technical updates, new features and functionalities across all products available on the ImmuniWeb AI Platform.

11/06/2026

Microsoft is overhauling how it tests new Windows features to get feedback faster and reduce bugs in the final versions. A more stable operating system means fewer headaches for you. What is the one Windows feature you wish they would fix first?

Hello Windows Insiders, Today is the day we’re beginning to move to the new Experimental and Beta channels as announced earlier this month

10/06/2026

This one's a bit of a head-scratcher. So bear with me.

There's a phishing attack doing the rounds that bypasses MFA. Even the strong stuff.

It's called device code phishing and it's hit over 340 organisations across the US, Canada, and Europe since February. A ready-made kit to run it started selling on Telegram earlier this year, which means you don't need to be particularly clever to pull it off.

Here's how it works.

You get an email. Looks legitimate. Could be a shared SharePoint document, a payroll PDF, a meeting invite. The link takes you to login.microsoftonline.com — the actual Microsoft login page, not a fake one.

The page asks you to type in a short verification code that was in the email.
You do it. Move on with your day.

Turns out you just approved the attacker's device into your Microsoft 365 account. They now have a valid access token. They can read your emails, download your files, and set up forwarding rules. No password needed. Ever again.

The reason MFA doesn't save you here is that you're the one doing the authorising. You just didn't know it.

A few things that actually help:

1) Block device code authentication flow in Entra ID for anyone who doesn't need it. Most office staff don't. Go into Conditional Access and create a policy that blocks it by default.
2) Train your team on one simple rule: Microsoft will never email you a verification code to enter on its login page. If that happens, it's phishing. Full stop. Doesn't matter how legitimate the sender looks.
3) Where you can, switch to phishing-resistant MFA. FIDO2 hardware keys or Windows Hello for Business. Authenticator app prompts are better than nothing but they won't stop this specific attack.

Not sure how to set any of this up? Give me a shout and we'll sort it.

10/06/2026

The latest Windows 11 updates are finally making it easier to manage your account and security settings in one place. Staying secure shouldn't be a chore for business owners. Have you explored the new account dashboard on your work PC yet?

The update, issued on April 14, 2026, delivers the latest security fixes and performance refinements verified in March’s preview and emergency releases.

09/06/2026

Apple is preparing to launch four new Mac models later this year. From the M5 chip to potential design overhauls, the hardware race is heating up. Are you holding out for a new release, or is your current setup still getting the job done?

Apple recently launched three new Macs, but there are another four Macs rumored to debut throughout the remainder of the year.

06/06/2026

AI tools are only as good as the data you give them. Using real data instead of well-phrased guesses is the next hurdle for business efficiency. Are you still treating AI as a separate step, or is it fully connected to your company data yet?

Why Semrush One Matters as AI Becomes the First Place People Look By Ian Benson (pictured) Content Writer 1,021 Views**This post is sponsored by Semrush. When you purchase through links in this article, we may earn an affiliate commission from Semrush.** If your team is already relying on AI tools t...

04/06/2026

A new AI named Claude Mythos has begun autonomously finding zero-day security flaws across major systems. The speed of digital threats is officially moving faster than human patch cycles. Is your business security ready for the era of autonomous attacks?

AI vulnerability discovery is outrunning patch cycles. A cybersecurity coalition explains what Mythos means for defenders and what to do.

03/06/2026

If a website ever tells you to press Windows Key + R, close the tab immediately.
That's the giveaway for a scam called ClickFix.

It's been quietly responsible for a wave of malware infections this year and it's catching people out because it looks completely legitimate.

Here's what happens.

You click a Google result. Lands you on a hacked website. A fake CAPTCHA pops up and tells you to press Windows Key + R, then Ctrl + V, then Enter to prove you're human.

The second you hit Enter?

You've just installed malware on your own machine.

No file was downloaded. No warning from your browser. From Windows' perspective, you just typed a command the same way any IT admin would. So your antivirus has nothing to flag.

What that malware does is called an infostealer. It scrapes every saved password, browser cookie, session token, and stored card detail it can find.

A few things worth doing this week:

1) Tell your team if any website asks you to press Win+R or paste something into a Run box, close it and report it. That's it. That's the rule.
2) If your staff have no reason to run PowerShell scripts (most don't), restrict access using AppLocker or Windows Defender Application Control.
3) Make sure your endpoint protection is doing behavioural monitoring, not just scanning for known threats. Most modern tools including Microsoft Defender for Endpoint have detection rules built specifically for this.

No shame in falling for it. They're designed to look real.
But once you know the keystroke trick, it stops working on you.

03/06/2026

A new phishing campaign is mimicking Google Workspace pages to steal login codes and certificates. Even tech-savvy users can be fooled by these perfect clones. Have you trained your team on how to spot the latest fake login pages?

Attackers are impersonating a Linux Foundation leader and social engineering open source developers via Slack.

02/06/2026

Microsoft just patched 167 security flaws in its latest update. If you haven't restarted your PC today, you are leaving the door wide open for hackers. When was the last time you checked for Windows updates? Don't wait until it is too late.

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.