Cyber Security Today, May 26, 2023 – Hackers are using YouTube to flog pirated software, and more

Share post:

Hackers are using YouTube to flog pirated software, and more.

Welcome to Cyber Security Today. It’s Friday, May 26th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Hackers are using YouTube to publicize pirated software. According to researchers at Fortinet, videos advertising cracked software are uploaded by verified YouTube channels with a large number of subscribers. Victims who think they’re saving money are instead downloading apps that install malware to steal passwords and cryptocurrency. Infosec leaders need to remind employees to beware of anything advertised for free that usually carries a price tag. Don’t let ‘free’ be another word for ‘sucker.’

Separately, Fortinet released a report on cyber attacks on operational technology networks. These run things like pipelines and factories. Three-quarters of the 507 OT professionals surveyed said their firm had at least one intrusion in the last year. Nearly one-third of respondents said their firm was hit by ransomware.

Barracuda Networks released a survey on spear phishing trends. These are targeted emails aimed at an identifiable employee or company. Half of the organizations surveyed said they were victims of spear-phishing last year. Twenty-two per cent said their organization had at least one email account compromised. Barracuda estimates spear-phishing messages are responsible for 66 per cent of data breaches.

Apria Healthcare, an American firm that sells home medical equipment, is notifying over 1.8 million people their personal information may have been stolen. The security breaches took place in the spring of 2019 and the fall of 2021. The letter to customers says Apira believes the purpose of the hack was to fraudulently get money from the company and not to steal data. However an investigation was unable to confirm personal information was not accessed.

The Week in Review news roundup for March 31st mentioned that NCB Management Services, an account receivables firm, was notifying over a half million American residents of a data breach. That number has now been updated to over 1 million people.

A warning to infosec professionals: The Legion hacking tool for stealing usernames and passwords from misconfigured servers has been updated. According to researchers at Cado Labs, a new function extracts username and password pairs and then tries to log into a server through a secure shell, or SSH, protocol. It seems this tool is going after cloud services like AWS. The best way web servers can be protected is by making sure they’re not misconfigured.

That’s it for now. But later today the Week in Review edition will be available. Guest commentator Terry Cutler of Montreal’s Cyology Labs will join me to discuss the data breach of a U.S. company that was aided by employees sharing credentials to an email account, why companies hold data for so long and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, May 26, 2023 – Hackers are using YouTube to flog pirated software, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

GPT outperforms financial analysts in predicting company earnings. Hashtag Trending for Wednesday, May 28th, 2024

The US is widening the innovation gap with Europe when it comes to leveraging AI. Microsoft is pulling...

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

Google suffers another embarrassing AI launch. Hashtag Trending for Tuesday, May 28th, 2024

London Drugs refused to pay ransom and data is leaked. Another epic AI fail from Google, Meta’s chief...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways