Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more

Share post:

Ransomware gang posts data stolen from a Canadian POS provider, and more.

Welcome to Cyber Security Today. It’s Monday, November 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The Medusa ransomware gang has publicly posted what is says is data stolen from Canada’s Moneris Solutions. Moneris operates a network that supports credit card processing terminals used by retailers across the country. When news of the data theft first emerged earlier this month Moneris said the attackers didn’t get access to critical data. But Medusa says it has copies of “accounts and email addresses of the Moneris employees and clients, ID numbers, contracts, presentations, reports of financial transactions” and more. Asked for comment, the company pointed to a statement on its website that the gang did access and release data from a corporate shared drive which included merchant IDs, issues logs and names and addresses related to legacy gift cards.

The NoEscape ransomware gang says it copied 35GB of sensitive information before encrypting the data of Utah’s Granger Medical Clinic. The gang claims it has confidential agreements and contracts, documents on employees and personal information of patients. According to the news site, the gang demanded US$700,000 before publicly releasing the data on its site.

The Rhysida ransomware gang says it hacked one of China’s biggest energy infrastructure builders. The gang is demanding 50 bitcoin — about US$1.9 million — or it will publish the data it stole from government-owned China Energy Engineering Group.

Administrators of the open-source ownCloud content collaboration platform have been warned to address a critical vulnerability. If leveraged, configuration details of PHP environments including admin passwords and mail server credentials could be revealed. For the time being a specific application file has to be deleted. In addition, the ownCloud admin password, mail server and database credentials should be changed. Coming soon are core releases to mitigate similar vulnerabilities.

An IT managed services provider to a number of law firms in the United Kingdom is partly offline after a cyber attack. The company, called CTS, said Friday it is confident it can restore full service, but can’t say when. According to one news site, around 80 law firms are directly affected. But indirectly others — like home movers — are said to be affected as well because some legal work can’t be finished.

General Electric is investigating claims a hacker is selling network access and stolen data. According to the BleepingComputer news site, the IntelBroker gang says it has military information and other documents taken from GE, which has aerospace, energy and digital divisions.

Finally, a criminal gang that scams people selling or shopping for used goods on online marketplaces is looking for recruits. Be prepared, though, to fill out a criminal work experience application form. That’s according to researchers at ESET and Flare. The just published an analysis of the threat group they call Neanderthals. This gang has a tool called Telekopye that helps create phony websites, phishing emails and text messages. Those whose applications are approved and can join in on the scams can use the tool. One scam tricks people into buying an advertised but non-existent item. The victim is sent a link to a phishing website that looks like the payment page of a legitimate online marketplace, where their payment card information is captured. Another type of scam has the gang member pretending they paid for an article being advertised by a victim. Gang members are also involved in apartment rental scams, creating a fake website ad that copies a real apartment for rent. Victims a tricked into paying a so-called reservation fee. The gang even has instruction manuals with suggested persuasive conversations for its members to help make convincing pitches.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Hashtag Trending Feb.23- Companies losing top talent with long hiring processes; Intel – the “foundry for the world?”; AT&T outage

(PRE MUSIC ANNOUNCEMENT) If you know me, you know I’m passionate about three things – music, books and data. My interview on the weekend edition hits two of those passions. I read a book called Winning with Data Science, and it blew me away. So, I reached out and managed to get one of the

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways