Cyber Security Today, April 28, 2023 – Data on over 340 million people exposed so far this year

Data on over 340 million people exposed so far this year.

Welcome to Cyber Security Today. It’s Friday, April 28th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The year is only four months old and so far almost 340 million people have been affected by publicly-reported data breaches or leaks. Of that number, 235 million were the usernames and email addresses of Twitter users leaked in January. The second largest leak was the theft of data on 37 million subscribers of American wireless carrier T-Mobile. These numbers are according to a public data breach tracker created by the U.K. news site The Independent.

Hackers continue finding ways of getting cash by breaking into cryptocurrency wallets. According to the TechCrunch news site, the latest victims have email accounts with American provider AT&T. Somehow the attackers were able to use the option allowing users to create digital mail keys for email accounts so they don’t have to log in with a password. With the keys the hackers logged into victims’ accounts and reset their passwords for certain services, including, if they have one, their crypto accounts. One victim said he lost US$135,000 in cryptocurrency. AT&T told TechCrunch it has now updated its security controls to stop this unapproved access. The hacker used an API for access, AT&T said.

A hacking group that researchers call FIN7 is going after servers running Veeam Backup and Replication. That’s according to experts at WithSecure. They aren’t sure, but assume the group is looking for servers that haven’t been patched with a recently issued update. IT departments need to ensure unwanted PowerShell scripts aren’t lurking on their systems and that all applications are running the latest versions of software.

VMware has issued security updates for VMware Workstation and Fusion. These close four critical vulnerabilities involving connecting to Bluetooth devices. A malicious actor with local administrative privileges on a virtual machine can exploit this issue.

Administrators running Apache Superset, an open-source data visualization and exploration tool, are being warned to install the latest update. The problem is many are running with the default configuration that exposes a default digital key. That’s not important if the tool isn’t open to the internet. But researchers at Horizon3 AI say some 2,000 servers are both open to the internet and running with the default configuration. The risk is a skilled attacker can log in as an administrator by forging a session cookie, then access the rest of the IT infrastructure. The problem is solved by installing the update and changing the default password.

Finally, users of Google’s Authenticator app for two-factor authentication has recently added the option of account synchronization, which backs up the 2FA data to the cloud. That way your access can be restored to a new phone. However, researchers at Sophos say synchronization isn’t safe yet. That’s because it doesn’t have a passphrase capability, nor is synchronization offered with end-to-end encryption. We’ll keep you informed when it’s safe.

That’s it for now. But later today the Week in Review edition will be available. Guest David Shipley of Beauceron Security and I will discuss the new super-penetration test major Canadian banks and insurance firms will have to undergo and whether other industries should adopt it.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Sponsored By:

Cyber Security Today Podcast