Cyber Security Today, Feb. 10, 2023 – Cyber threats against executives are increasing, the latest on email scams and more

Cyber threats against executives are increasing, the latest on email scams and more.

Welcome to Cyber Security Today. It’s Friday, February 10th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Threat actors are increasingly targeting executives and board members. According to researchers at BlackCloak, there’s been a recent surge in doxing and swatting of these people. Doxxing is the threat to release personal information on victims. Swatting is getting police to respond to a fake threat at a victim’s office or home. Infosec leaders should have their executives remove any mention of where their residences are on corporate websites or in social media. As an extra precaution homes should be registered in an anonymous trust or corporation to keep strangers from finding out where they live.

Hackers are increasingly using HTML email attachments to deliver malware. This is called HTML smuggling, according to researchers at Trustwave. It works because the malware is in a blob of data within JavaScript code that gets decoded when opened in a web browser. Email scanners may miss these packages. Ever since Microsoft last year started blocking macros in Office documents sent over the internet by default hackers have shifted to HTML smuggling. Tricks include crafting documents that look like they came from Google Drive, Dropbox or are Adobe Acrobat PDFs. Employees need to be warned — again — to be wary of attachments.

Here’s another warning about phishing emails from crooks: Researchers at Proofpoint are seeing attachments or URLs that lead to the installation of a tool that takes screenshots of victims’ computers. A common message to targets is a request to check the attached business presentation. Clicking on the document or the URL downloads the malware. With a screenshot of the victim’s machine the attacker hopes to see passwords and get information on the victim. Then the attacker will download more malware. Targets have been seen in the U.S. and Germany. Again, employee education is a good way to fight this attack.

Finally, the Super Bowl is this Sunday. It’s available on cable and over the air, but some people want to use illegal internet streaming websites for supposed high-definition viewing. Don’t. Researchers at OpenText note that these services have to make money somehow. Usually they do it by getting victims to download software to help them see the game. That software has malware for stealing passwords. —

Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs and I will discuss the new ransomware strain going after unpatched installments of VWware’s ESXi hypervisor, holes found in Toyota’s supplier website and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast