Ransomware hits another Ontario town, how the British Airways hack might have been done and Trend Micro cleans up its apps
Welcome to Cyber Security Today. It’s Wednesday, September 12th. To hear the podcast click on the arrow below:
 |
 |
 |
A number of Canadian municipalities still aren’t completely prepared to deal with a ransomware attack. The latest one hit is the town of Midland, Ontario, some of whose systems were victimized Sept. 1st. According to CTV News, the town may have to pay a ransom to unlock the machines. Earlier this year the Ontario town of Wasaga Beach had to pay out after a ransomware attack. Apparently Midland’s email access and payment processing were out for 48 hours. A backup and recovery system that can’t be infected is the best way any organization and individual can protect against a ransomware attack. It can be expensive to have live or almost live backup, but as these municipalities have shown, without it your organization may be in trouble.
Last week I told you about a hack at British Airways’ main web site and mobile app that could have exposed personal and credit card information on 380,00 customers. Yesterday security vendor RiskIQ said it thinks it knows who was behind it, and how the theft was done. The finger is pointed at a criminal group dubbed Magecart, and the technique may have been the same the gang used recently to attack Ticketmaster UK: A piece of code is added to a web site or app that can grab data entered by customers in forms, like a credit card number. Looking at the airlines’ web site, RiskIQ said there’s evidence this code was specially crafted for British Airways’ site. The code was designed to blend in with normal payment processing to avoid detection. RiskIQ says companies, especially those that collect sensitive financial data, must realize that they should consider the security of their forms as well as the controls that influence what happens to payment information once a customer submits it. If you’re a Web site or application developer, think carefully about the amount of JavaScript you use.
Security vendor Trend Micro has apologized and removed the ability of several consumer macOS security apps to collect browser history data after complaints the apps were violating users’ privacy. The company confirmed that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history covering the 24 hours prior to installation. This was a one-time data collection, Trend Micro said, done to analyze whether a user had recently encountered adware or other threats. The data collection and use of browser history data was disclosed in the user agreements customers approved when downloading and installing the software, the company said. Meanwhile, in addition to ending the browser data collection it has also permanently dumped all legacy logs of data collected, which were stored on U.S.-based servers. The company also denied allegations data was sent to China. Trend Micro apologized to users for concern they might have had, and promise all their data is safe and at no point was compromised.
Finally, attention users of Adobe Flash Player and ColdFusion: There are new security updates available for you.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.