{"id":22566,"date":"2022-05-09T08:06:26","date_gmt":"2022-05-09T12:06:26","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=483370"},"modified":"2022-05-09T12:15:32","modified_gmt":"2022-05-09T16:15:32","slug":"cyber-security-today-may-9-2022-breaches-of-security-controls-at-ikea-canada-and-two-american-healthcare-providers","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-may-9-2022-breaches-of-security-controls-at-ikea-canada-and-two-american-healthcare-providers\/","title":{"rendered":"Cyber Security Today, May 9, 2022 \u2013  Breaches of security controls at Ikea Canada and two American healthcare providers"},"content":{"rendered":"<p>Breaches of security controls at Ikea Canada and two American healthcare providers.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday May 9th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23041322\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Ikea Canada<\/strong> continues notifying 95,000 Canadians that an employee made unapproved searches of its customer database in March. It isn\u2019t clear how the company realized there had been a breach of security controls. <a href=\"https:\/\/globalnews.ca\/news\/8812708\/ikea-canada-internal-data-breach-95000-records\/\" rel=\"noopener\">But it told Global News<\/a> that an employee made what it called a generic search of the database. Ikea said no customer financial information was involved. It also told Global News it made sure the information wasn\u2019t shared with a third party.<\/p>\n<p><strong>Two American healthcare providers<\/strong> have acknowledged that compromised email accounts of employees were behind data breaches. WellDyneRx, a Florida-based pharmacy benefits provider, <a href=\"https:\/\/www.prnewswire.com\/news-releases\/welldynerx-llc-provides-notice-of-data-privacy-event-301541927.html\" rel=\"noopener\">said last December it discovered<\/a> someone had accessed an employee\u2019s email account the previous month. That account included emails with information of some patients including their names, dates of birth, Social Security numbers, driver\u2019s licence numbers, prescription information and treatment information. The company isn\u2019t saying how many people it is notifying.<\/p>\n<p><strong>Meanwhile<\/strong> <a href=\"https:\/\/www.databreaches.net\/sunday-notes-welldyne-north-alabama-bone-joint-clinic-disclose-breaches-affecting-patient-data\/\" rel=\"noopener\">Databreaches.net says<\/a> the North Alabama Bone and Joint Clinic filed a preliminary notice of a cyber incident that happened in March. Several email accounts of employees and clinic files were accessed without authorization. The clinic is still trying to determine how many patients were affected, but the information seen could have included names, financial information, dates of birth, family information, prescription information, and medical information.<\/p>\n<p><strong>Threat actors have found<\/strong> a new place to hide malicious code: In the event logs of Windows computers. <a href=\"https:\/\/securelist.com\/a-new-secret-stash-for-fileless-malware\/106393\/\" rel=\"noopener\">According to researchers at Kaspersky,<\/a> that\u2019s where an unknown hacker was caught depositing shellcode for execution and other malicious components. This particular attacker has created some novel techniques for malware that mostly runs in memory. However, they start with a victim being tricked into downloading a file that leads to the installation of a Cobalt Strike and SilentBreak penetration testing tools. These are tools often used by attackers. IT administrators need to regularly scan their networks for unexpected evidence of these tools. They\u2019re evidence you\u2019ve been hacked.<\/p>\n<p><a href=\"https:\/\/github.blog\/2022-05-04-software-security-starts-with-the-developer-securing-developer-accounts-with-2fa\/\" rel=\"noopener\"><strong>Microsoft is extending<\/strong> <\/a>the mandatory use of two-factor authentication to contributors to its GitHub developer platform. Only 16 per cent of active GitHub users and 6.5 per cent of users of the NPM open-source code repository use multifactor authentication. But GitHub is going to force more users to adopt 2FA until everyone is enrolled by the end of next year. For example, at the end of this month all maintainers of the top 500 code packages on NPM will have to use two-factor authentication. Later this year those who maintain high-impact packages will be added.<\/p>\n<p><strong>Finally,<\/strong> security administrators whose firms use Trend Micro\u2019s Apex One endpoint security should make sure the latest Smart Scan pattern has been installed. This is because an earlier pattern may cause a false alert when the Microsoft Edge browser is updated. There may also have been a change to the Windows registry. That will require going in and replacing a file. Instructions on how to do that are in a customer advisory issued by Trend Micro. <a href=\"https:\/\/success.trendmicro.com\/dcx\/s\/solution\/000290966?language=en_US\" rel=\"noopener\">There\u2019s a link to that advisory here.<\/a><\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-may-9-2022-breaches-of-security-controls-at-ikea-canada-and-two-american-healthcare-providers\/483370\">Cyber Security Today, May 9, 2022 \u2013  Breaches of security controls at Ikea Canada and two American healthcare providers<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on data breaches, a new trick by a hacker and GitHub&#8217;s determination to get developers to use two-factor authentication<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-may-9-2022-breaches-of-security-controls-at-ikea-canada-and-two-american-healthcare-providers\/483370\">Cyber Security Today, May 9, 2022 \u2013  Breaches of security controls at Ikea Canada and two American healthcare providers<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20701,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-22566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=22566"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22566\/revisions"}],"predecessor-version":[{"id":22601,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22566\/revisions\/22601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20701"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=22566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=22566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=22566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}