Cyber Security Today, Sept. 23, 2023 – Nova Scotia details MOVEit victims, a new ransomware strain found and more

Share post:

Nova Scotia details MOVEit victims, a new ransomware strain found and more

Welcome to Cyber Security Today. It’s Friday, September 22nd., 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


The number of North Americans impacted by the theft of personal data by the exploitation of the vulnerability in MOVEit file transfer servers keeps climbing. On Thursday the province of Nova Scotia said the sensitive personal data of 165,000 people — which is roughly 16 per cent of the population — was stolen when a hacker exploited a vulnerability in its MOVEit servers at the end of May. So far the province has paid $2.8 million to give those victims five years of credit monitoring. Researchers at Emsisoft calculate just under 1,200 organizations worldwide were hit either directly or indirectly through companies that processed their data. Data on perhaps as many as 56 million people are in the hands of the Clop ransomware group, which discovered the vulnerability.

A new ransomware variant distributed by the BlackCat/AlphV gang has been spotted. Sophos calls it Sphynx. In one case the attacker was able to use the ransomware to encrypt an organization’s data stored in the cloud on Microsoft Azure. Briefly here’s how they did it: First, they were somehow able to hack into an employee’s LastPass password manager through the app’s browser extension. That got them the employee’s one-time password for accessing their Sophos Central account. It managed the company’s Sophos products for defence. With that access the attacker could modify security policies to get access to the Azure data storage. One lesson: Multifactor authentication isn’t a complete defence against cyber attacks. The IT and security team also has to constantly watch for suspicious network activity.

Earlier this week I moderated a panel discussion at the Swift network’s SIBOs conference in Toronto. One of the questions was is there a ransomware crisis. Terry Cutler will have thoughts in the Week in Review podcast which will be out later today. But here are numbers released this week by Trend Micro for you to think about: The number of victim organizations claimed by ransomware groups in the first half of this year was 1,999. That’s 45 per cent more than the same period in 2022.

Corporate and IT leaders should consider this: In the first half of this year businesses with 200 or fewer employees made up the biggest number of victims of the top three ransomware groups.

Apple released three security updates on Thursday to patch several zero day vulnerabilities. iPhone, iPad, Apple Watch and Mac users should make sure they have the latest patches.

Finally, last May I told listeners about a scam using PayPal’s free business invoicing service to fool people about a fake firefighter funding drive. Crooks continue to take advantage of PayPal’s generosity. Researchers at Netcraft have come across another version of this scam. A victim recieves an invoice purporting to be from PayPal claiming money is owed for for a purchase. The surprised victim has the option of paying or calling customer support. That’s the real goal. A fake PayPal employee will try to convince the protesting victim to install remote access software so they can look on their computer, or trick the victim into sending the crook money. Don’t fall for this scam. One tip-off: The person who sent the email is someone or a business you’ve never heard of. Another is if you click on the email address of the sender it shows the PayPal account is registered to a free email service like Gmail.

Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs will join me to discuss the ransomware attack on MGM Resorts, denial of service attacks and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 23, 2023 – Nova Scotia details MOVEit victims, a new ransomware strain found and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Hashtag Trending Mar.1- HP debacle; Humanoid robots closer to hitting our workplaces; Apple blew $10 billion on the electric car before pulling the plug

If rumours are true and this one should be, I started it, we have a special edition of the Weekend show where we talk about the evolution of the role of the CIO with two incredible CIOs as the CIO Association of Canada turns 20. Don’t miss it.  MUSIC UP Can HP make you love

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways