Cyber Security Today, May 9, 2022 – Breaches of security controls at Ikea Canada and two American healthcare providers

Share post:

Breaches of security controls at Ikea Canada and two American healthcare providers. Welcome to Cyber Security Today. It’s Monday May 9th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Ikea Canada continues notifying 95,000 Canadians that an employee made unapproved searches of its customer database in March. It isn’t clear how the company realized there had been a breach of security controls. But it told Global News that an employee made what it called a generic search of the database. Ikea said no customer financial information was involved. It also told Global News it made sure the information wasn’t shared with a third party. Two American healthcare providers have acknowledged that compromised email accounts of employees were behind data breaches. WellDyneRx, a Florida-based pharmacy benefits provider, said last December it discovered someone had accessed an employee’s email account the previous month. That account included emails with information of some patients including their names, dates of birth, Social Security numbers, driver’s licence numbers, prescription information and treatment information. The company isn’t saying how many people it is notifying. Meanwhile says the North Alabama Bone and Joint Clinic filed a preliminary notice of a cyber incident that happened in March. Several email accounts of employees and clinic files were accessed without authorization. The clinic is still trying to determine how many patients were affected, but the information seen could have included names, financial information, dates of birth, family information, prescription information, and medical information. Threat actors have found a new place to hide malicious code: In the event logs of Windows computers. According to researchers at Kaspersky, that’s where an unknown hacker was caught depositing shellcode for execution and other malicious components. This particular attacker has created some novel techniques for malware that mostly runs in memory. However, they start with a victim being tricked into downloading a file that leads to the installation of a Cobalt Strike and SilentBreak penetration testing tools. These are tools often used by attackers. IT administrators need to regularly scan their networks for unexpected evidence of these tools. They’re evidence you’ve been hacked. Microsoft is extending the mandatory use of two-factor authentication to contributors to its GitHub developer platform. Only 16 per cent of active GitHub users and 6.5 per cent of users of the NPM open-source code repository use multifactor authentication. But GitHub is going to force more users to adopt 2FA until everyone is enrolled by the end of next year. For example, at the end of this month all maintainers of the top 500 code packages on NPM will have to use two-factor authentication. Later this year those who maintain high-impact packages will be added. Finally, security administrators whose firms use Trend Micro’s Apex One endpoint security should make sure the latest Smart Scan pattern has been installed. This is because an earlier pattern may cause a false alert when the Microsoft Edge browser is updated. There may also have been a change to the Windows registry. That will require going in and replacing a file. Instructions on how to do that are in a customer advisory issued by Trend Micro. There’s a link to that advisory here. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, May 9, 2022 – Breaches of security controls at Ikea Canada and two American healthcare providers first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for Friday, December 8, 2023

This episode features discussion on cyber attacks against OT networks, the discovery of exposed servers with medical images and  why outdated Microsoft Exchange servers are s

Canadian mid-sized firms pay an average $1.13 million to ransomware gangs

Survey for Palo Alto Networks also shows fewer firms willing to pay da

Cyber Security Today, Dec. 8, 2023 – Ransomware is increasingly impacting OT systems, and more

This episode reports on how hackers break into AWS cloud instances, fake anti-Ukraine online ads  using photos of celebrities

Canadian privacy czars release principles for responsible development of AI

The principles remind AI developers they have to follow Canadian data pr

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways