{"id":24940,"date":"2022-07-06T08:21:22","date_gmt":"2022-07-06T12:21:22","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=491736"},"modified":"2022-07-18T11:21:00","modified_gmt":"2022-07-18T15:21:00","slug":"cyber-security-today-july-6-2022-a-phishing-test-failure-the-astralocker-ransomware-developer-quits-and-a-wi-fi-warning-to-those-sitting-in-airports","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-july-6-2022-a-phishing-test-failure-the-astralocker-ransomware-developer-quits-and-a-wi-fi-warning-to-those-sitting-in-airports\/","title":{"rendered":"Cyber Security Today, July 6, 2022 \u2013 A Phishing Test Failure, The AstraLocker Ransomware Developer Quits And A Wi-Fi Warning To Those Sitting In Airports"},"content":{"rendered":"<p data-ar-index=\"0\">A phishing test failure, the AstraLocker ransomware developer quits and a Wi-Fi warning to those sitting in airports.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, July 6th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for <em>ITWorldCanada.com<\/em>.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23640674\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\">\n<p data-ar-index=\"4\"><strong>Even the savviest people<\/strong> can fail a phishing test. I know one: He\u2019s a friend who used to be a reporter and now works for an IT research company. His firm recently sent out a phishing email test telling him his company laptop was due to be replaced. To register to receive the new one he had to click on a link. The message looked real \u2014 it had the research company\u2019s logo, and the sender\u2019s email address looked legit. But there were three clues the message was a fake: First, while the sender\u2019s email was close to the company\u2019s domain it wasn\u2019t identical. Hackers can do this easily by creating a fake domain like \u201cwidget.co\u201d instead of \u201cwidget.com.\u201d Second, the message misspelled the word \u201cyour\u201d as \u201cyou\u2019re.\u201d And third, the message didn\u2019t conclude with the usual phrasing from the company\u2019s IT team. Fortunately this was a test, but it contained elements of a typical real phishing message. The lesson: Hackers rely on people making mistakes because everyone reads their emails fast. It\u2019s easy to be suspicious of messages you get from strangers. But it\u2019s important to also be careful with messages from senders that look familiar. You can\u2019t completely rely on your organization\u2019s email screening to catch every scam. Each of us also has to take personal responsibility for cybersecurity as well.<\/p>\n<p data-ar-index=\"5\"><strong>The person<\/strong> or group behind the AstraLocker ransomware has apparently closed shop. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/astralocker-ransomware-shuts-down-and-releases-decryptors\/\" rel=\"noopener\">The Bleeping Computer news site says<\/a> it\u2019s been told by the developer that they are releasing decryptors for any organization or individual whose data has been encrypted by the ransomware. That\u2019s the good news. The bad news is the developer says they\u2019re shifting to stealing cryptocurrency from victims.<\/p>\n<p data-ar-index=\"6\"><strong>The British Army\u2019s Twitter and YouTube<\/strong> accounts <a href=\"https:\/\/www.bitdefender.com\/blog\/hotforsecurity\/official-british-army-twitter-and-youtube-accounts-hijacked-by-nft-scammers\/\" rel=\"noopener\">were hacked earlier this week<\/a> to promote online scams involving non-fungible digital tokens, or NFTs. Like digital currency, NFTs are tokens on a blockchain. Usually they represent ownership of artwork, trading cards, comic books, sports collectibles, games and more. In this case those on the army\u2019s Twitter site saw promotions for hyped-up NFT digital artworks in a raffle. Those on the army\u2019s YouTube site saw ads promoting \u2018double your cryptocurrency\u2019 scams. The British Army soon took back control of the accounts. There was no immediate explanation of how the army lost control of what are supposed to be access-limited accounts.<\/p>\n<p data-ar-index=\"7\"><strong>The news is full of stories<\/strong> these days about chaos at airports. Being forced to spend a lot of time in lines before a flight, and then to find luggage after a flight pushes people to do something to keep from being bored. And often they log into the airport\u2019s free Wi-Fi network to catch up on email, Twitter or the news. But it\u2019s a great opportunity for hackers to set up fake airport hotspots to capture people\u2019s usernames and passwords. Robert Falzon of cybersecurity provider Check Point Canada warns air travelers to be careful with Wi-Fi in general, including at airports. Your cellular network is safer, even if it means eating up your data quota. Before going to the airport turn off Wi-Fi and Bluetooth services. If you have to use a public Wi-Fi network, avoid using personal accounts like email and bank accounts. He also reminds travelers that cyber awareness starts when planning a trip. Make sure the airline, accommodation or car rental site used is legitimate. If a deal looks too good to be true, it probably is. And don\u2019t tell the world on social media that you\u2019re away from home. Tout your vacation when you get back.<\/p>\n<p data-ar-index=\"8\"><strong>Meanwhile<\/strong> Israel\u2019s Privacy Protection Authority has taken over the travel booking sites of a company after the sites were hacked by Iranian attackers. <a title=\"Attackers abusing another threat simulation tool, report warns\" href=\"https:\/\/www.itworldcanada.com\/article\/attackers-abusing-another-threat-simulation-tool-report-warns\/491680\" rel=\"noopener\">According to the Times of Israel<\/a>, the attackers copied the personal data of over 300,000 customers last month. The new site quotes the regulator as saying it acted because security changes it demanded weren\u2019t made by the websites\u2019 owner.<\/p>\n<p data-ar-index=\"9\"><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/06\/30\/toll-fraud-malware-how-an-android-application-can-drain-your-wallet\/#Mitigating-toll-fraud\" rel=\"noopener\"><strong>Microsoft is warning<\/strong> <\/a>smartphone users to be careful downloading software from unapproved app stores. Those who aren\u2019t careful unknowingly install bad apps that automatically enroll the phones to premium-priced services that pay the scammers money. Called toll fraud malware, this billing fraud shuts off the victim\u2019s access to Wi-Fi networks and forces the phones to use the cellular carrier\u2019s network. Some malware can even intercept the multifactor authentication process needed for a subscription so the user isn\u2019t aware of fraudulent transactions. To avoid being victimized only download apps from an authorized site like the Google Play store. Any time you get an app avoid giving it SMS permissions, notification listener access or accessibility access unless it\u2019s needed. If you\u2019re the type of person who downloads a lot of apps, consider installing an anti-malware or antivirus solution. Just be careful it\u2019s from a source you trust.<\/p>\n<p data-ar-index=\"10\"><strong>Finally,<\/strong> there\u2019s a security update from Google for users of the Chrome browser.<\/p>\n<p data-ar-index=\"11\">Remember links to details about podcast stories are in the text version at <em>ITWorldCanada.com.\u00a0<\/em><\/p>\n<p data-ar-index=\"12\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I\u2019m Howard Solomon<\/p>\n<p data-ar-index=\"13\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-july-6-2022-a-phishing-test-failure-the-astralocker-ransomware-developer-quits-and-a-wi-fi-warning-to-those-sitting-in-airports\/491736\">Cyber Security Today, July 6, 2022 \u2013 A phishing test failure, the AstraLocker ransomware developer quits and a Wi-Fi warning to those sitting in airports<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on phishing tests, a ransomware developer moves on, what you shouldn&#8217;t do when stuck at an airport, a warning about app toll scam<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-24940","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=24940"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24940\/revisions"}],"predecessor-version":[{"id":25612,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24940\/revisions\/25612"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=24940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=24940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=24940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}