Cyber Security Today, Sept. 1, 2023 – Celebrate Women in Cyber Security

Share post:

Celebrate Women in Cybersecurity.

Welcome to Cyber Security Today. It’s Friday, September 1st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Today is International Women in Cybersecurity Day. It’s a day IT and security leaders should think about how they ensure their teams are diverse. This is especially important with the number of unfilled IT and cybersecurity jobs in organizations around the world. So the first thing listeners who are leaders need to ask themselves is are their teams diverse, and if not, why? Second, what are you going to do about it? Do you go out of your way to give women a chance? Are job postings written in an open way that encourages diversity? Is there too much reliance on IT certifications? If there are women on your IT and security teams, are their solutions and opinions valued?

There will be an online celebration this afternoon at 1 p.m. Pacific time. Register here

I have a more detailed story on International Women in Cybersecurity Day here. And later today it will be discussed as part of the Week in Review podcast.

Also in the news, clothing retailer Forever 21 is notifying over a half a million current and former employees of a data breach earlier this year. The attacker got names, Social Security numbers, birth dates and bank account numbers.

Threat actors continue planting malicious packages in open-source repositories, hoping to sucker unsuspecting application developers. The latest example was found by researchers at Reversing Labs: Three packages in the PyPI repository for Python-language code that continue a campaign of planting code that mimics the names of popular Python tools. As I’ve said before, if you want to download something from PyPI, NPM, Ruby, GitLab or any public code repository you’d better be sure it’s legit — and you’d better scan it to be sure.

Separately, researchers at Checkmarx report that for the last three years a threat actor has been plopping malicious packages in the NPM repository. These particular packages steal data from developers’ work. Apparently they are looking to infect cryptocurrency apps or wallets.

Someone is loading old bugs into the Common Vulnerabilities and Exposures list. Known to most infosec pros as the CVE list, its a compilation of publicly disclosed computer security flaws found by IT companies and security researchers. However recently CVEs that are upwards of three years old were added. According to Dan Lorenc, chief executive of Chainguard, 138 were entered on one day. It looks like the person is scraping old issues and commits and filing them. Their motive is unknown. And while they have CVE numbers, Lorenc says some of them aren’t really vulnerabilities. And in most cases patches were issued for them long ago.

Threat actors use all kinds of tricks to get you to click on a malicious link in an email. One of them is putting a phony date in the subject line. Why? To make you think the message was sent earlier than it was. So if the subject line reads, ‘Warning. Invoice due at the end of today’ and beside it is a date 24 or 48 hours ago, you might think, ‘I’d better get on this fast.’ Which is exactly what you shouldn’t do, say researchers at Cofense who reported on this trick. Don’t be fooled by what’s in the subject line, any more than you should be fooled by the content of the email.

Later today the Week in Review will be available. There will be discussion on a Canadian government report on cybercrime, the takedown of the Qakbot botnet and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 1, 2023 – Celebrate Women in Cyber Security first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Open Source AI: Hashtag Trending Weekend Edition – Show Notes

The conversation explores the topic of open source AI and its significance in the industry. It highlights the...

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

Resignations at OpenAI. Hashtag Trending for Friday, May 17, 2024

The question changes from “where’s Ilya” to what took so long?  Did Musk’s Neuralink team know there might...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways