Cyber Security Today, August 11, 2023 – Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more.

Share post:

Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more.

Welcome to Cyber Security Today. It’s Friday, August 11th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Many data leaks are caused by mistakes by employees. The latest example involved the publishing of a spreadsheet with the names, ranks, departments and work locations of all 10,000 members of the Police Service of Northern Ireland. Publishing wasn’t the mistake because data was asked for by someone under a Freedom of Information request and they put up whatever they got. The mistake was made by the police employee who created the spreadsheet. The request was only for the number, ranks and grades of all police officers and staff. For some reason their last names and first initials were included. The spreadsheet was only available online for two hours on a website that helps people make Freedom of Information requests. Police are asking anyone who copied the data to delete it.

Almost half of the organizations that recently were infected by the Gootloader malware were law firms. That’s the finding of researchers at Trustwave. Gootloader is a package for delivering malicious payloads. Threat actors using this package commonly employ search engine optimization techniques to trick victims who are searching for business-related information. For example, a staffer may be looking for a template for a contract, an agreement or a form. Up pops a link to a supposed template, but clicking on it leads to a website that may appear to be a group forum with a compromised document. One of the keys to this strategy is to create web pages that will rise to the top of a search engine’s results when a query with the right words or phrases is entered. The hope is a victim will click on the first link. Employee awareness training is vital to stop this kind of attack.

Still on the topic of employees falling for scams, researchers at Fortinet came across a typical phishing scam last month that uses a new piece of malware. The email purports to be an urgent order supplement request to a company, with a PDF attachment the recipient is urged to click on. It leads to the installation of malware. While antimalware and antivirus systems can detect this, the best defence is investing in employee awareness training.

By the way, separately Fortinet warned that a botnet is trying to exploit a vulnerability in unpatched models of a now end-of-life Zyxel router. First, you shouldn’t still have this router, model P660HN-T1A, on your network. Second, if you do, there’s no excuse for not having installed the five-year-old patch.

Finally, researchers at Check Point Software have released an analysis of the Rhysida ransomware gang showing possible links to the Vice Society ransomware group. Many of the techniques both groups use are similar. And they both often target the education sector. One interesting thing: The number of victims claimed by Vice Society has dropped since the Rhysida group emerged in May.

Later today the Week in Review will be available. On this episode Terry Cutler of Cyology Labs will talk about recent ransomware news, the MOVEit data breach and potential attacks on sports events.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, August 11, 2023 – Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more. first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Microsoft faces criticism for managing of vulnerability disclosure

Microsoft is criticized for its handling of bug reporting with critics saying, “they just don’t seem to get...

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Disney investigating a potential major leak of internal communications

Disney is investigating a significant data breach by the hacking group Nullbulge, which claims to have accessed and...

Kaspersky to shut down its US business due to sanctions

Russian cybersecurity firm Kaspersky Lab announced it will cease its U.S. operations starting July 20, following sanctions from...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways