Cyber Security Today, Oct. 16, 2023 – Why a hacker created a fake conference website after the event, and more

Share post:

Why a hacker created a fake conference website after the event, and more.

Welcome to Cyber Security Today. It’s Monday, October 16th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Not all hacking gangs keep the same strategy. Take the Clop/Cl0p ransomware group, for example. In addition to ransomware attacks in the past year it’s found gold stealing data by exploiting vulnerabilities in file transfer applications like Progress Software’s MOVEit. Another example is a gang researchers at Trend Micro call Void Rabisu RAB-IS-OO. Early in its life it was behind ransomware attacks for profit. Then it hacked targets in Ukraine and EU politicians. A new report says one of its latest tactics was to go after those who attended or were interested in the June meeting of the Women Political Leaders Summit in Belgium. In August, after the conference, the gang set up a look-alike website hoping to lure and attack people of influence. How? Well, the fake website offered photos supposedly from the conference that those who were there might like to download. However, those who did also downloaded a backdoor into their computers. There are a couple of lessons: One is threat attackers are conniving sons-of-guns. The other is the rule of basic cybersecurity awareness training: Be aware of where you go on the internet. The URL of the real conference site ended in .com, the fake site ended in .org.

Microsoft has launched an AI bug bounty program. It’s offering up to US$15,000 for vulnerabilities in AI components in its Bing and Edge browsers such as Bing Chat, Bing Image Creator as well as in Skype mobile apps. Submissions will be reviewed under the same terms as the Microsoft 365 bounty program. Note that for public sector employees who make successful submissions the bounty goes to the government department. This rule is to make sure the payment doesn’t violate the gifts and ethics rules of a government agency.

OrthoAlaska, a group of orthopedic providers in Alaska, is notifying over 161,000 patients that personal data it held was stolen a year ago. It took until last month for the company to find all current addresses of victims so they could be notified. Data stolen could have included a patient’s date of birth, driver’s licence or state identification, social security number, payment card number, medical information and more.

A British financial regulator has fined credit rating agency Equifax the equivalent of about US$13 million over a data breach in 2017. The Financial Conduct Authority levied the fine because Equifax failed to manage and monitor the security of data it sent for processing to head office in the U.S. The breach allowed hackers to access the personal data of just under 14 million people. The authority said the hack was entirely preventable. Worse, Equifax headquarters knew of the data theft but didn’t tell the UK division for six weeks — and then only minutes before headquarters announced it.

Finally, Juniper Networks has released patches for more than 30 vulnerabilities in its Junos OS and Junos Evolved operating systems. Network admins with Juniper equipment should evaluate the impact of these vulnerabilities and patch accordingly.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Oct. 16, 2023 – Why a hacker created a fake conference website after the event, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Hashtag Trending Feb.23- Companies losing top talent with long hiring processes; Intel – the “foundry for the world?”; AT&T outage

(PRE MUSIC ANNOUNCEMENT) If you know me, you know I’m passionate about three things – music, books and data. My interview on the weekend edition hits two of those passions. I read a book called Winning with Data Science, and it blew me away. So, I reached out and managed to get one of the

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways