Cyber Security Today, June 5, 2023 – Data stolen from Swiss authorities, a new skimmer attack on Web sites, and more

Data stolen from Swiss authorities, a new skimmer attack on Web sites, and more.

Welcome to Cyber Security Today. It’s Monday, June 5th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Hackers have published data stolen from Switzerland’s Federal Office of Police and the Swiss Customs and Border Security agency. That’s according to the Swissinfo news site. It comes after a cyber attack on a marketing company. The company reportedly said it had access only to simulated anonymous data for test purposes. But the news report says some of the stolen data was correspondence between the Customs agency and its clients.

Another Web site data skimmer attack has been found, again reinforcing how vital it is that web administrators prevent their sites from being compromised. Researchers at Akamai have discovered compromised websites running Magento, WooComerce, WordPress and Shopify in the United States, the U.K., Brazil, Spain, Australia, Estonia and Peru. The thing is defenders may not easily find their sites have been infected. Why? Because their e-commerce sites have only been compromised by a small JavaScript snippet. That snippet — which looks like a Google Tag Manager or Facebook Pixel — fetches the full attack code from another legitimate website that was also compromised. That way the full attack code is hidden from discovery. The goal is to steal credit and debit card data. The best defence is to make sure your website and web applications have the latest security updates, are protected with a web application firewall and are regularly scanned for unapproved code additions.

The newly-discovered BlackSuit ransomware fits well with the Royal strain of ransomware. In fact, according to researchers at Trend Micro, their Windows and Linux code is about 98 per cent identical. The researchers think BlackSuit is either a new variant created by the Royal ransomware authors, a modification made by a Royal ransomware gang affiliate or an unapproved copy. Regardless, the best ways to blunt ransomware attacks are to patch your organization’s devices as soon as possible, limit administration privileges, and enable multifactor login authentication for all users.

A vulnerability has been found in three models of network-attached storage devices made by Zyxel Networks. According to researchers at Sternum, the NAS326, 540 and 542 devices have a problem in a clock synchronization process that could be abused by an attacker. This may not be a unique vulnerability, the researchers say. A similar hole was spotted in another device’s networking hub. Zyxel has issued a patch for its devices.

Microsoft says a draft decision by Ireland’s Data Protection Commission proposes fining the company the equivalent of US$425 million. The penalty would be for allegedly violating the EU General Data Protection Regulation in targeted ads on LinkedIn. The report comes from the Irish-based news site Silicon Republic, which discovered the Microsoft statement in a regulatory filing.

In cybersecurity the biggest four-letter word is ‘free.’ That’s how crooks sucker people into downloading malicious business applications, games and utilities. One of the latest scams is an email offering a free $1,000 Delta Airlines gift card. There’s no text in the email, just a big photo of a Delta airliner with the message the victim is invited to click on. According to researchers at Avanan, the real URL or web address is hidden in the photo. Sharp-eyed people would realize the URL doesn’t go to a Delta Airlines web page. Hovering a mouse over the ad will show the address. What will happen is the victim will be asked for their username and password to their Microsoft or Google account. An ad for a Kohl cordless vacuum cleaner has the same trick. Think carefully if you click on something and are asked to log in.

Finally, how many Android apps in the Google Play store were infected with the SpinOK spyware? One hundred and one, researchers at Doctor Web said in a report last week. Not so, said researchers at CloukSEK a few days later. The real number is 193. Regardless, both security companies think there may have been millions of downloads of the corrupt apps, which included games, video editors, offline readers and so-called rewards apps. A smart phone isn’t smart if you download something stupid. Games and utilities made by unknown developers are the most likely carriers of malware. So, be smart — research before downloading anything.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast