Kids clothes site hacked, a new phony email extortion scam and be careful with Internet Explorer
Welcome to Cyber Security Today. It’s Wednesday January 22nd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Children’s apparel maker Hanna Andersson says some people who bought clothes from the website had their names and credit card numbers stolen. The thefts occurred between September 16 and November 11 last year after its online sales platform was hacked. According to a report the attacker was able to place code on the payment page that skimmed off valuable data as it was being entered by customers. Anyone who bought goods during that period is eligible for identity theft protection. They should also watch their monthly payment card statements for suspicious activity.
There’s another phony email extortion scam going around. According to Bleeping Computer the email message says ‘Your Computer Hacked.” It directs recipients to open the attachment to get instructions on how to send the attacker $100. Don’t fall for this. The attachment is infected with malware that will steal your passwords and files. Beware of any email with a Microsoft Word or PDF attachment unless you know who sent it and are sure it’s legit. And remember, hackers may get into the accounts of people you know to send their messages, so even if an email sender address is right the attachment may not be safe.
Encryption is a vital tool to protect businesses and individuals from attack. Scramble data and it becomes useless to theft. That’s why some versions of Windows come with encryption capabilities. You may have heard of Bitlocker, a Windows tool for scrambling entire hard drives. There’s also a Windows tool called EFS, which allows individual folders or files to be encrypted. However, a security firm called SafeBreach warns this capability could also be used by hackers as a form of ransomware by in effect turning Windows against itself. SafeBreach began quietly notifying anti-virus companies months ago and many have updated their product to detect a possible exploitation. Others say they will soon issue an update. Organizations worried about this vulnerability should think about turning EFS off and using other encryption technologies to protect data.
Finally, if you or your organization still uses Microsoft Internet Explorer web browser, be warned there is a serious vulnerability. Microsoft hasn’t issued a patch yet. If you are an individual consider switching to Microsoft Edge or another browser. If you are an IT administrator apply a workaround or consider switching the company to another browser.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon