New strain of ransomware found, the dangers of unpatched software, an Outlook hack and a big fine in Britain for deceiving new mothers.
Welcome to Cyber Security Today. It’s Wednesday April 17th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
To hear the podcast click on the arrow below:
A new ransomware strain is out there with an unusual threat message. According to the news site Bleeping Computer, after locking up a computer an on-screen message says privacy is important to the attacker. So important there’s a promise the record of your payment will be erased. There are two options for payment to get back your data: Three bitcoin per infected computer, or seven bitcoin for an entire network. There’s a $10,000 a day penalty if the ransom hasn’t been paid after three days. Apparently the city of Greenville, North Carolina was hit by this strain of malware last week.
The best way for individuals and organizations to defeat ransomware is to regularly back up data. And back it up to a device that either can’t be infected, or is not always attached to the network. Get advice from an IT security professional.
Experts warn about the dangers of running old or unpatched software. Here’s two examples how organizations got stung:
–The FBI National Academy is a training course run by the FBI for local U.S. and international police. Those who pass the course see themselves as a group with common interests, so have set up the non-profit FBI National Academy Associates, with a number of chapter web sites, to promote training. Well, last week hackers broke into three of those sites and published the names, phone numbers and postal addresses of thousands of members. The hacker told the news site TechCrunch they used publicly-known exploits to get into the web sites, which, if true, suggests they weren’t patched. Associations might not have the money to hire a web site administrator to watch sites closely. They should be careful.
–In the second example, earlier this month there was a hack at Matrix.org, an encrypted messaging service used by some organizations for secure communications. The attacker may have accessed unencrypted messages and other data. Users of the service are advised to change their passwords. The problem: The company was using what it says was a “slightly outdated” version of a software development server called Jenkins. Again, this was a failure to keep things patched fast.
Microsoft has acknowledged that unknown attackers got into the company’s customer support portal and may have accessed some information related to Outlook email accounts for three months. In a letter sent to customers Microsoft said a support agent’s login credential was stolen. What the hacker would have been able to see were things like a user’s email address, the email addresses of people who mail was sent to, subject lines of emails and folder names. The attacker could not see the content of email. No user passwords were stolen. But Microsoft told the users affected that they should consider resetting their passwords, just in case. Microsoft told The Hacker News that a “limited” number of email accounts were involved. It is also looking at hardening its systems to prevent this from happening again.
Britain’s Information Commissioner has fined a company called Bounty UK the equivalent of $540,000 for collecting personal information from new or expectant mothers and selling it to credit rating and marketing companies. Bounty is a pregancy and parenting club. It collected the information through its web site, mobile app and directly from women in hospitals. The problem was Bounty wasn’t completely up front with mothers about who the data was going to.
Finally, IT teams should note a patch has been issued for some versions of the Apache Tomcat application server. The bug could allow an attacker to take over a targeted Windows server.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon