Cyber Security Today, Oct, 28, 2022 – A troubling employee security awareness survey, beware of so-called scanned email attachments and more

Share post:

A troubling employee security awareness survey, beware of so-called scanned email attachments and more

Welcome to Cyber Security Today. It’s Friday, October 28th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

With Cybersecurity Awareness Month ending on the weekend, business and IT leaders may be wondering what employees really think about cybersecurity. Consider these numbers from a recent survey of 4,000 people in France, Canada, the United States, the U.K,, and Australia: Eighteen per cent of respondents believe they can’t be targeted by cybercriminals. Twenty-six per cent said they don’t need cybersecurity training. Forty-six per cent believe few employees actually fall for scams or phishing attempts at work. Seventy-eight per cent said it is the IT department’s responsibility to ensure the company’s cybersecurity. Only 59 per cent said IT security at their company is partly their responsibility as well as the organizations.

Here’s something else to think about: Only 38 per cent of respondents said their company has a mandatory cybersecurity awareness program for all employees.

The survey was done for Canadian firm Terranova Security. Registration is required.

Researchers at the Cybernews website say they found three databases left open on the internet owned by the Thomson Reuters media company. However, the company says two of the databases are supposed to be publicly accessible, It said the third only held applications logs from a pre-production environment. However, the researchers said the logs had sensitive information including usernames and passwords to third-party servers that could lead to supply-chain attacks. There were also logs that showed what subscribers were searching for within Thomson Reuters news and information services. The company believes there was a server misconfiguration. It is notifying affected customers.

Threat actors are emailing supposed scanned documents as a way to infect computers with malware. According to researchers at Avanan, targets are getting email messages with a scanned attachment — perhaps a supposed receipt or a cheque — in the hopes that it will be opened. Attacks like this are another reminder that when you receive an email with an attachment check the sender’s address. Is this someone you know? Is their name being spoofed and the email address itself not one you’re familiar with ? Are you expecting a document from this person? If the answer is no to any of these questions report the email to your IT department.

With two weeks to go before the November 8th U.S. midterm elections researchers at Mandiant say a China group is behind an attempt to influence the vote through a variety of ways on social media. They include alleging the U.S. is responsible for the Nord Stream gas pipeline explosions in Europe and attempts to discourage Americans from voting. Voters in any country need to make sure the information they rely on for making decisions is credible.

Attention cloud security administrators: If you aren’t locking down your Docker or Kubernetes infrastructure it could be leveraged by hackers for spreading malware. This warning comes from researchers at Crowdstrike, who recently discovered a threat group using compromised cloud containers to deliver cryptocurrency mining applications to business severs.

In a related report, researchers at Sysdig have discovered an extensive cryptomining operation that takes advantage of application development sites like GibHub, Heroku, Buddy.works and others. This has been dubbed “freejacking” because it takes advantage of free trial accounts on these platforms. The platforms try to make it less easy for accounts to be opened, but the researchers say hackers are getting around the restrictions. More than 30 GitHub accounts, 2,000 Heroku accounts and 900 Buddy accounts have been used in this scheme.

That’s it for now. But later today the Week in Review edition of the podcast will be available. IT World Canada CIO Jim Love, reporter Paul Baker and I will look back at highlights from the recent MapleSec cybersecurity conference and the advice given to infosec pros.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Oct, 28, 2022 – A troubling employee security awareness survey, beware of so-called scanned email attachments and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Pushing back against rising cloud costs: Hashtag Trending for Wednesday, April 24, 2024

Pushing back against rising cloud costs – one CEO make big savings, Microsoft makes it clear that it...

Digital humans make inroads into customer service: Hashtag Trending for Tuesday, April 23, 2024

Before we get to our stories, coincidentally leading with one on digital humans used in customer service, we...

Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways