Cyber Security Today, Nov. 11, 2022 – A new report on phishing, a warning of Venus ransomware, malware hidden in images and more.

A new report on phishing, a warning of Venus ransomware, malware hidden in images and more.

Welcome to Cyber Security Today. It’s Remembrance Day, November 11th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


Many advanced email attacks still successfully end with the theft of user credentials or account takeovers. That’s according to new research from Tessian. The company surveyed 600 IT and security leaders in organizations across the U.S., the U.K., the Middle East and Africa. Seventy-one per cent of respondents said an advanced email attack this year at their organization resulted in an account being taken over. Among other things, 62 per cent of respondents said advanced email threats got past even their secure email gateways and into employee inboxes. Ten per cent of respondents said they received over 450 email-based ransomware attempts since the beginning of the year.

Speaking of email attacks, researchers at Avanan looked at patterns against the government of an unnamed country in the Western hemisphere with a population under 100,000. They calculate the government sees an average of 93 phishing attacks a day. For some reason, most attacks were directed at the Bureau of Standards.

Hospitals are being warned that new Venus ransomware is circulating. That’s the word from the U.S. Health Sector Cybersecurity Co-ordination Center. It says the strain, discovered in August, has hit at least one healthcare entity in the United States. Unsecured instances of Windows remote desktop protocol are a common way these attackers get into IT systems. RDP must be put behind a firewall.

Computer technical support scams, like crooks pretending to be from Microsoft, continue to victimize people. That came in a reminder this week from the FBI. Scammers email or phone potential victims demanding money to renew a software subscription. When the victim wants to cancel the so-called renewal the crook says there’s a fee, and asks for the victim’s bank information. Remember, any email or phone request that pressures you to act quickly is likely a scam. Never send money on the instructions of someone you have only spoken to online or by phone.

Software companies like adding features to make life easier for customers. Unfortunately sometimes the features come with vulnerabilities. One example is credential roaming, added to Windows 20 years ago. A Russian-based threat group used a hole in credential roaming early this year against a European diplomatic target. A new report from Mandiant goes deeply into what this problem is. Credential roaming allows a digital certificate used for access to roam with an employee. The vulnerability allows a hacker to compromise the system and gain administrative privileges. Microsoft issued a patch in September to fix this. The Mandiant report details how Windows administrators can avoid or fix the problem. There’s a link to it in the text version of this podcast.

Researchers at Avast have added to knowledge about a threat group dubbed Worok, which hides malware in PNG images. In a report released this week Avast said the purpose of the malware is to steal data. They think the attackers are somehow exploiting unpatched vulnerabilities called ProxyShell in Microsoft Exchange servers and uploading stolen data to a DropBox cloud storage account. This is a good reason to make sure Exchange servers are fully patched.

Another attacker is also hiding malware in images. One was found recently by researchers at Check Point Software in a software package in the open source PyPI library for developers using the Python programming language. Any developer who downloaded and inserted the package called Apicolor in their application would have it infected with a virus. The package has been deleted from PyPi, but it’s another reason why developers who use open source libraries have to be careful before downloading code, and have it scanned before being inserted into applications.

That’s it for now. But later today the Week in Review edition will be available. Terry Cutler of Cyology Labs and I will discuss the latest arrest of a ransomware operative, a cyber insurance settlement and more.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Sponsored By:

Cyber Security Today Podcast