A new malware campaign includes targeted attachments, a games publisher’s customers get a surprise from its support centre and a reminder that kids’ Internet connected devices have to be patched.

Welcome to Cyber Security Today. It’s Monday December 10th. I’m Howard Solomon

Cyber Security Today on Amazon AlexaCyber Security Today on Google PodcastsSubscribe to Cyber Security Today on Apple Podcasts

It may be the holiday season, but that doesn’t mean Internet scammers take any time off. According to security vendor Proofpoint a gang has launched email malware campaigns aimed at employees of large retail chains, restaurant chains, grocery chains as well as other organizations in the food and beverage industries. One particular campaign is personalized, with the email including attachments that make the message look like it has come from a colleague in the company because the letters have the firm’s logo. Clicking on the attachment, of course, leads to an infection. For security, you should make sure if you have a productivity suite like Microsoft Office to disable the ability for a document to automatically run macros. This malicious document encourages you to turn off macros so you can read the letter. But doing that allows the malware to be downloaded. As I’ve said before, read every email you get slowly. Don’t take for granted the source of messages. And don’t automatically click on every attachment you get.

Here’s another example of how companies that seemingly try to do things right in security get into trouble: A U.S. games publisher called Bethedsa last week was suddenly inundated with complaints from users of its customer support website. The site is where customers fill in forms for help with a product. Well, suddenly users were getting forms back with other customers’ personal information, such as their names, email addresses and type of credit card. That’s an oopsy moment. Bethedsa blamed it on an ‘error’ with the site. Was it a coding mistake or someone at the company made a configuration error. We don’t know.

Finally, a reminder to parents that not only do you have to make sure your computing devices are patched, the ones used by your kids have to be looked after as well. This comes to mind after a security company called SureCloud last week said it discovered serious vulnerabilities in an Android tablet for children made by Vtech. The tablet, called either Storio Max or InnoTab Max, could allow hackers to remotely take over the device and spy on users through the webcam or microphone. Vtech was notified earlier this year and properly issued a notice several months ago about installing a patch. That message popped up on device screens. However, according to a news report that notice didn’t detail the patch was to fix a security vulnerability. So, when buying something for a child that is internet-connected, make sure it can be updated. And remember, like products for adults, updates will likely only be available for a few years until a new model is made.

That’s it for today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.



Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now