G7 nations speak out on cybercrime and artificial intelligence, the latest ransomware news, and more,
Welcome to Cyber Security Today. It’s Monday, May 22nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
This is a holiday Monday in Canada, so thanks for tuning in and I hope you’re having a great long weekend.
The G7 nations have repeated their strong commitment to work together to fight cybercrime, ransomware and misuse of technology for criminal purposes. In their final communique over the weekend the U.S., Canada, Japan, France, Italy, the U.K. and Germany also called on private sector to step up their efforts to address the dissemination of terrorist and violent extremist content online. They also urged tech companies to prioritize safety by design, stop child sexual exploitation and abuse on their platforms. They also agreed to set up a working group to discuss issues related to the responsible use of generative artificial intelligence including governance, possible AI foreign manipulation and disinformation.
A major American eye insurance provider will pay US$2.5 million to settle a lawsuit from four states about a 2020 data breach. EyeMed Vision Care already paid a fifth state just over US$5 million, bringing the total financial penalties it paid over the attack to US$7.6 million. A hacker got into the company’s email account and accessed messages and attachments with data on 2.1 million subscribers. The data included dates of birth, driver’s licences and full or partial Social Security numbers. The attacker then used their access to send about 2,000 phishing emails from the company to subscribers. An investigation found that against company rules nine employees shared a username and password for email access. Before the hack the company had started rolling out multifactor authentication to email accounts but hadn’t implemented it for the account accessed by the hacker.
The website of the Northern Ontario School of Medicine was still down on Sunday after the Canadian university reported a cyber attack. The attack was detected last Wednesday. Internet at both the Sudbury and Thunder Bay campuses, many websites as well as shared and departmental drives were initially affected.
The PyPI repository for open-source Python projects has temporarily stopped accepting new user and new project registrations. This comes because administrators couldn’t make a dent in the volume of malicious users and malicious projects added to the index last week. Threat actors are increasingly using open-source repositories like PyPI, GitHub, NPM and others to place malware. Often these packages have look-alike names to legitimate files to fool users.
Carvin Software, an Arizona-based maker of billing, payroll and staffing applications, has updated the number of people affected by a data breach. At the beginning of the month it said just over 187,000 people whose firms use its applications were affected by the breach earlier this year. However, in an updated filing last week with the state of Maine the company said the attack affected just over 356,000 people. Data copied could have included peoples names, financial account number, credit or debit card number and a security or access code to their accounts.
A Philadelphia law firm called Kline and Specter has acknowledged being hit by a ransomware attack in March. It is notifying 16,000 people the attackers may have copied data including their names, Social Security numbers and contact ID. The firm doesn’t believe any information from legal cases was copied.
I told you in March that produce supplier Dole Foods acknowledged employee information was compromised in a February ransomware attack. Last week in a financial report the company said direct costs so far to recover from the attack were US$10.5 million. In a separate filing with the U.S. Securities and Exchange Commission the company said the attack hit half of Dole’s legacy servers and a quarter of its end user computers. Those servers and computers have now been restored or rebuilt.
Also in a March podcast I told you that American satellite TV provider Dish Network was hit by a ransomware attack the previous month. Last week it started notifying almost 297,000 current and former employees, family members and a small number of others that the attackers got some of their personal data. In an indication that some sort of deal was reached with the attackers, the letter to affected people says Dish has “received confirmation that the extracted data has been deleted” by the attackers.
A financially-motivated threat actor dubbed FIN7 by researchers has added ransomware to its tactics. Microsoft says the group has deploying the Clop strain of ransomware since April. Under Microsoft’s new threat actor naming convention, all groups that have money as their motive have Tempest in their nicknames. So FIN7 is now known as Sangria Tempest.
Just when you thought cybersecurity news couldn’t get worse, there’s this: The fingerprint ID protection on some Android smartphones can be defeated with brute-force fingerprint attacks. That’s if the attacker can get hold of a fingerprint database, which apparently isn’t hard, and they assemble a $15 device for projecting fingerprints onto the smartphone’s reader.
Finally, Apple released updates to address three zero-day vulnerabilities. Updates are for recent models of macs, iPhones, iPads, Apple TV, Apple watches and the Safari browser.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.