Company loses $15 million, Chowbus food service hacked and a database of a women’s retailer is exposed.
Welcome to Cyber Security Today. It’s Friday October 9th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Organizations are being urged to tighten their email protection and increase employee security awareness training after the discovery of a business executive scam believed to have netted cybercriminals $15 million from one hack alone. According to the ZDNet news service the scam was detailed by a security firm called Mitiga. It believes the gang has been doing the same thing for some time. Briefly, here’s how it works: The email account of an executive is hacked and read, giving the gang details on a business deal being discussed. The deal would involve a bank transfer of money from one company to another. At the right time the hacker creates an email message that looks like it came from one of the executives asking the payments be sent to a different bank. Then the gang takes the money from that account. Mitiga thinks there have been 150 victims, mostly in the U.S.
This is not the first time I’ve reported on what are called business email compromise scams. One of the first defences is to make sure everyone in the organization uses a complex email password that can’t be guessed or isn’t being used for another account. Second is to protect logins with two-factor authentication. Employees should also configure their corporate email accounts to make sure their messages aren’t secretly being forwarded to another party.
Users of the mobile app called Chowbus for ordering Asian food from local restaurants should know the company has been hacked. According to the Bleeping Computer news service someone is emailing around a stolen database of over 800,00 customers including their names, physical addresses, phone numbers and email addresses. Chowbus is telling customers that their credit card numbers were not accessed.
People who buy clothes online from the women’s fashion store called Moda Operandi should carefully watch email accounts for spam and phishing lures. This is because cybersecurity researcher Bob Diachenko has found an open database with customer information for orders made in the spring of 2019. Details include customers names, shipping addresses, phone numbers and email addresses. The database has been taken offline. It sounds like another example of employees not being careful when creating databases and spreadsheets to keep them off the internet. Usually there’s an option like ‘Do you want to make this public?’
Finally, companies using Cisco Systems’ Webex Teams for Windows, the Cisco Identity Services Engine or the Video Surveillance 8000 Series of cameras are being urged to install the latest security patches. There are serious vulnerabilities that must be plugged
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon