Cyber Security Today: Oct. 10, 2018 – New ransomware hits Canada, Google criticized, PIN punched in Experian’s security

New ransomware hits Canada, Google criticized and a PIN punched in credit bureau’s security

Welcome to Cyber Security Today. It’s Wednesday, Oct. 10th. To play the podcast click on the arrow below.

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

A new strain of ransomware first reported in August is now being seen in Canada. This week a Canadian privacy lawyer told me he’s learned four cases of what has been called the Ryuk strain of ransomware have been seen in the last month in organizations here in the health care field. How they were infected isn’t clear yet. In August the U.S. Department of Health and Human Services and Check Point Software issued alerts on this particular strain of ransomware. The way attacks have gone suggest the people behind it have researched their targets well, probably infiltrating networks before launching the ransomware, because they know where valuable data is. Organizations are advised to watch their security logs for suspicious behaviour and to make sure people with administrative privileges have to log in with complex passwords requiring multi-factor authentication.

Google is being criticized for not telling the public sooner about a vulnerability in its Google Plus social networking platform that could have let attackers gain access to personal information of a half million users. In its defence Google says it couldn’t find proof outsiders accessed the data; on the other hand, it admits it doesn’t have extensive log information to do a full search of the two years the vulnerability was present. However, Canadian privacy expert Ann Cavoukian told me this was effectively a data breach. The Wall Street Journal says it was told Google didn’t want to make the thing public because it feared bad publicity. Well, that’s what it got.

Finally, credit bureau Experian has been caught with a foolish flaw in its online PIN number recovery process that protects an individual’s credit record. If people want, they are issued a PIN number to ensure only authorized lenders can access the report. You can put a credit freeze on your account if you think it’s being improperly accessed. Use the PIN number to activate the account again. But if you forget your PIN, it needs to be reset. How? By going online and answering four questions, like what’s the model of your car. There are several listed choices; only one is correct. But one of the options is ‘none of the above.’ The flaw is if someone chooses ‘none of the above’ for all four questions, the automated software issues a new PIN number. A fraudster who figured this out could have had access and tampered with anyone’s credit report. Experian has fixed the flaw. Password and PIN reset systems drive security pros nuts. This is another example of why such systems have to be scrutinized carefully and toughened.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast