Cyber Security Today, Jan. 22, 2024 – LockBit ransomware gang hits the Subway fast food chain, and Data Privacy Week starts

Share post:

The LockBit ransomware gang hit the Subway fast food chain, and this is the start of Data Privacy Week

Welcome to Cyber Security Today. It’s Monday, January 22nd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The LockBit ransomware gang says it compromised the Subway fast food chain. It’s threatening to leak hundreds of gigabytes of stolen data on February 2nd. According to the news site SecurtyAffairs.com, that data allegedly includes employee salaries, franchise royalty payments, master franchise commission payments, numbers on restaurant turnovers and more.

A data centre provider in Sweden called Tietoevry says one of its facilities was partially hit by a ransomware attack Friday night. Service to some customers has been affected.

A Russian state-sponsored group used a password spray attack last November to get into a Microsoft legacy non-production test account and then pivot to steal corporate emails. The attack, by a group Microsoft used to call Nobelium and now it calls Midnight Blizzard, was only detected earlier this month. The group used their initial access to get into the email accounts and stole attachments of a “very small percentage” of executives and employees in the cybersecurity, legal and other departments. Microsoft said the attack was not the result of a vulnerability in its products or services.

Last October VMware patched an out-of-bounds write vulnerability in its vCenter Server. However, researchers at Mandiant now say a Chinese-based threat group was exploiting that unknown hole for a year and a half before the patch was released. The discovery comes from Mandiant’s continued research into the group it calls UNC3886, which goes after VMware and Windows virtualized hosts. IT administrators with VMware systems that experienced unexplained crashes since 2021 should look for backdoors and signs of compromise — and, if they haven’t already done, so update to the latest version of vCenter.

The operator of the BreachForums marketplace for hacked and stolen data has been sentenced to 20 years of supervised release. Conor Brian Fitzpatrick received that sentence last week from a Virginia judge after pleading guilty to conspiracy to commit access device fraud, possession of child porn and other charges. According to Cyberscoop.com the 20-year-old will serve the first two years of the sentence as home confinement, won’t have access to a computer for a year and will have to register with state sex offender registries.

The maker of the MOVEit file transfer service hasn’t lost many customers despite the exploitation of a vulnerability last year that saw the personal information of over 90 million people stolen from over 2,000 firms using the application. Progress Software said last week customer retention levels remained steady in the second half of 2023. One cybersecurity analyst told Cybersecurity Dive customers may be sticking with the product because the vulnerability was a zero-day, so they don’t see the developer as negligent.

Finally, today starts Data Privacy Week, when IT, data privacy and organization leaders should think about their data collection and protection policies. They may want to consider a just-released study by Consumer Reports. It says Facebook is a great receiver of personal information from firms that collect individuals’ shopping information. These include big brands (like Amazon), retailers (like Home Depot, Walmart and Macy’s), data brokers and political service firms. This is how Facebook targets ads to its users. One finding: more than 2,000 companies had data on a group of over 2,000 volunteer Facebook users in the study group — but many of those people didn’t directly interact with all those firms. Is all this data collection and selling bad for your business’s reputation? The report says many consumers will be concerned about the extent to which their activity is tracked by Facebook and other companies. It suggests governments demand firms only collect data they need, and that governments improve the ability of consumers to opt out of data collection from several companies at once through automation.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Jan. 22, 2024 – LockBit ransomware gang hits the Subway fast food chain, and Data Privacy Week starts first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Hashtag Trending Mar.1- HP debacle; Humanoid robots closer to hitting our workplaces; Apple blew $10 billion on the electric car before pulling the plug

If rumours are true and this one should be, I started it, we have a special edition of the Weekend show where we talk about the evolution of the role of the CIO with two incredible CIOs as the CIO Association of Canada turns 20. Don’t miss it.  MUSIC UP Can HP make you love

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways