Cyber Security Today, August 11, 2023 – Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more.

Share post:

Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more.

Welcome to Cyber Security Today. It’s Friday, August 11th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Many data leaks are caused by mistakes by employees. The latest example involved the publishing of a spreadsheet with the names, ranks, departments and work locations of all 10,000 members of the Police Service of Northern Ireland. Publishing wasn’t the mistake because data was asked for by someone under a Freedom of Information request and they put up whatever they got. The mistake was made by the police employee who created the spreadsheet. The request was only for the number, ranks and grades of all police officers and staff. For some reason their last names and first initials were included. The spreadsheet was only available online for two hours on a website that helps people make Freedom of Information requests. Police are asking anyone who copied the data to delete it.

Almost half of the organizations that recently were infected by the Gootloader malware were law firms. That’s the finding of researchers at Trustwave. Gootloader is a package for delivering malicious payloads. Threat actors using this package commonly employ search engine optimization techniques to trick victims who are searching for business-related information. For example, a staffer may be looking for a template for a contract, an agreement or a form. Up pops a link to a supposed template, but clicking on it leads to a website that may appear to be a group forum with a compromised document. One of the keys to this strategy is to create web pages that will rise to the top of a search engine’s results when a query with the right words or phrases is entered. The hope is a victim will click on the first link. Employee awareness training is vital to stop this kind of attack.

Still on the topic of employees falling for scams, researchers at Fortinet came across a typical phishing scam last month that uses a new piece of malware. The email purports to be an urgent order supplement request to a company, with a PDF attachment the recipient is urged to click on. It leads to the installation of malware. While antimalware and antivirus systems can detect this, the best defence is investing in employee awareness training.

By the way, separately Fortinet warned that a botnet is trying to exploit a vulnerability in unpatched models of a now end-of-life Zyxel router. First, you shouldn’t still have this router, model P660HN-T1A, on your network. Second, if you do, there’s no excuse for not having installed the five-year-old patch.

Finally, researchers at Check Point Software have released an analysis of the Rhysida ransomware gang showing possible links to the Vice Society ransomware group. Many of the techniques both groups use are similar. And they both often target the education sector. One interesting thing: The number of victims claimed by Vice Society has dropped since the Rhysida group emerged in May.

Later today the Week in Review will be available. On this episode Terry Cutler of Cyology Labs will talk about recent ransomware news, the MOVEit data breach and potential attacks on sports events.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, August 11, 2023 – Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more. first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Hertz Data Breach Exposes Customer Information via Supply Chain Hack

Hertz has disclosed a data breach resulting from a cyberattack on its vendor, Cleo Communications, which compromised sensitive...

Google’s New Security Feature – Automatic Reboot

Google is introducing a new security feature in its latest Android update that will automatically reboot phones and...

Cybersecurity Firm Prodaft Buys Hacker Forum Accounts to Monitor Cybercriminal Activity

Swiss cybersecurity company Prodaft has initiated a program to purchase verified and aged accounts on hacking forums, aiming...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways