Cyber Security Today, May 17, 2023 – An email invoice scam that impersonates your boss, a new ransomware gang discovered and more

An email invoice scam that impersonates your boss, a new ransomware gang discovered and more.

Welcome to Cyber Security Today. It’s Wednesday, May 17th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Tricking employees into paying an invoice by sending an email supposedly from a company the firm does business with is an old scam. But researchers at Armorblox have found a new tactic: The email is copied to the employee’s boss. Or at least it looks like it is. Actually, the boss’s email address is spoofed. Including it is supposed to give the email added credibility and increase the odds of the invoice being paid. Why? Because the crook also replies to the employee using the fake address of the boss, telling them to pay the invoice as soon as possible. Employees who handle money have to be warned about scams like this.

A new ransomware gang has been found. Researchers at Cisco Systems say the RA Group seems to be using the ransomware code of the Babuk group that was leaked in 2021. As I told you on Friday morning’s podcast, a number of gangs use this code. The RA Group launched its data leak site on April 22nd. So far it has hit victims in the U.S. and South Korea.

Threat actors are finding new ways of hiding distributed denial of service attacks. According to a new report from researchers at Corero Network Security, one tactic is called a carpet bomb attack. It launches multiple small attacks across a wide IP address space to evade detection. Carpet bomb attacks are up 300 per cent over 2021. It’s another type of attack IT defences have to be ready for.

A national provider of drugs to American hospitals called PharMerica is notifying 5.8 million people of a data breach. During a March cyberattack a hacker got hold of people’s names, addresses, dates of birth, Social Security numbers, medications and health insurance information. According to Bleeping Computer, the Money Message ransomware gang is taking credit for the hack.

The Philadelphia Inquirer is still dealing with a cyber attack that stopped print publication of the Sunday edition. It also prevented employees from working in its building for two days. One of the affected systems was the heart of the news operation, the content management system. It handles both news and advertising content. The online version of the news service continued thanks to workarounds. Monday’s newspaper was printed, but the classified ads section wasn’t available until today.

Storage manufacturer Western Digital has acknowledged that attackers in a March cyber attack got hold of a database of customers who bought products online. The information includes names, billing and shipping addresses, email addresses and phone numbers. Western Digital didn’t say how many people are affected. Access to the online store was expected to be restored this week.

Some American cities have banned their police departments from using facial recognition software. But it’s being used by other agencies. The Associated Press reports the U.S. Transportation Security Administration is testing the use of facial recognition in 16 airports. A passenger puts their driver’s licence or passport in a machine that reads their photo and compares it to an image of the passenger snapped at the same time. The document image has to match the face of the traveler. That’s different from the type of facial recognition that scrapes images from the internet of people for comparison purposes. Whether using a piece of ID you carry as the standard will satisfy critics isn’t clear yet.

A Chinese-sponsored group is believed to be hacking TP-Link Wi-Fi routers used by foreign affairs organizations in Europe. That’s according to researchers at Check Point Software. There’s evidence that compromised firmware images for TP-Link WR940 routers used in homes or small businesses are being used. It isn’t known how the attacker managed to infect the devices. But once inside they were able to add a backdoor. From there the ability to execute commands and transfer files was activated. The lessons from this: Make sure you regularly update routers and other internet devices’ firmware and software to prevent vulnerabilities from being exploited by attackers. And always change the default login credentials of any device connected to the internet to stronger passwords and use multi-factor authentication whenever possible. Attackers are scanning the internet for devices that keep the default credentials of their device.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Sponsored By:

Cyber Security Today Podcast