Kids clothes site hacked, a new phony email extortion scam and be careful with Internet Explorer

Welcome to Cyber Security Today. It’s Wednesday January 22nd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

To hear the podcast click on the arrow below:

Cyb er Security Today on Amazon AlexaCyber Security Today on Google PodcastsSubscribe to Cyber Security Today on Apple Podcasts

 Children’s apparel maker Hanna Andersson says some people who bought clothes from the website had their names and credit card numbers stolen. The thefts occurred between September 16 and November 11 last year after its online sales platform was hacked. According to a report the attacker was able to place code on the payment page that skimmed off valuable data as it was being entered by customers. Anyone who bought goods during that period is eligible for identity theft protection. They should also watch their monthly payment card statements for suspicious activity.

There’s another phony email extortion scam going around. According to Bleeping Computer the email message says ‘Your Computer Hacked.” It directs recipients to open the attachment to get instructions on how to send the attacker $100. Don’t fall for this. The attachment is infected with malware that will steal your passwords and files. Beware of any email with a Microsoft Word or PDF attachment unless you know who sent it and are sure it’s legit. And remember, hackers may get into the accounts of people you know to send their messages, so even if an email sender address is right the attachment may not be safe.

Encryption is a vital tool to protect businesses and individuals from attack. Scramble data and it becomes useless to theft. That’s why some versions of Windows come with encryption capabilities. You may have heard of Bitlocker, a Windows tool for scrambling entire hard drives. There’s also a Windows tool called EFS, which allows individual folders or files to be encrypted. However, a security firm called SafeBreach warns this capability could also be used by hackers as a form of ransomware by in effect turning Windows against itself. SafeBreach began quietly notifying anti-virus companies months ago and many have updated their product to detect a possible exploitation. Others say they will soon issue an update. Organizations worried about this vulnerability should think about turning EFS off and using other encryption technologies to protect data.

Finally, if you or your organization still uses Microsoft Internet Explorer web browser, be warned there is a serious vulnerability. Microsoft hasn’t issued a patch yet. If you are an individual consider switching to Microsoft Edge or another browser. If you are an IT administrator apply a workaround or consider switching the company to another browser.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

0
0
Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada


Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now