Cyber Security Today, May 9, 2022 – Breaches of security controls at Ikea Canada and two American healthcare providers

Share post:

Breaches of security controls at Ikea Canada and two American healthcare providers. Welcome to Cyber Security Today. It’s Monday May 9th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Ikea Canada continues notifying 95,000 Canadians that an employee made unapproved searches of its customer database in March. It isn’t clear how the company realized there had been a breach of security controls. But it told Global News that an employee made what it called a generic search of the database. Ikea said no customer financial information was involved. It also told Global News it made sure the information wasn’t shared with a third party. Two American healthcare providers have acknowledged that compromised email accounts of employees were behind data breaches. WellDyneRx, a Florida-based pharmacy benefits provider, said last December it discovered someone had accessed an employee’s email account the previous month. That account included emails with information of some patients including their names, dates of birth, Social Security numbers, driver’s licence numbers, prescription information and treatment information. The company isn’t saying how many people it is notifying. Meanwhile says the North Alabama Bone and Joint Clinic filed a preliminary notice of a cyber incident that happened in March. Several email accounts of employees and clinic files were accessed without authorization. The clinic is still trying to determine how many patients were affected, but the information seen could have included names, financial information, dates of birth, family information, prescription information, and medical information. Threat actors have found a new place to hide malicious code: In the event logs of Windows computers. According to researchers at Kaspersky, that’s where an unknown hacker was caught depositing shellcode for execution and other malicious components. This particular attacker has created some novel techniques for malware that mostly runs in memory. However, they start with a victim being tricked into downloading a file that leads to the installation of a Cobalt Strike and SilentBreak penetration testing tools. These are tools often used by attackers. IT administrators need to regularly scan their networks for unexpected evidence of these tools. They’re evidence you’ve been hacked. Microsoft is extending the mandatory use of two-factor authentication to contributors to its GitHub developer platform. Only 16 per cent of active GitHub users and 6.5 per cent of users of the NPM open-source code repository use multifactor authentication. But GitHub is going to force more users to adopt 2FA until everyone is enrolled by the end of next year. For example, at the end of this month all maintainers of the top 500 code packages on NPM will have to use two-factor authentication. Later this year those who maintain high-impact packages will be added. Finally, security administrators whose firms use Trend Micro’s Apex One endpoint security should make sure the latest Smart Scan pattern has been installed. This is because an earlier pattern may cause a false alert when the Microsoft Edge browser is updated. There may also have been a change to the Windows registry. That will require going in and replacing a file. Instructions on how to do that are in a customer advisory issued by Trend Micro. There’s a link to that advisory here. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, May 9, 2022 – Breaches of security controls at Ikea Canada and two American healthcare providers first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

GPT outperforms financial analysts in predicting company earnings. Hashtag Trending for Wednesday, May 28th, 2024

The US is widening the innovation gap with Europe when it comes to leveraging AI. Microsoft is pulling...

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

Google suffers another embarrassing AI launch. Hashtag Trending for Tuesday, May 28th, 2024

London Drugs refused to pay ransom and data is leaked. Another epic AI fail from Google, Meta’s chief...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways