{"id":31983,"date":"2022-11-30T08:05:46","date_gmt":"2022-11-30T13:05:46","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=516117"},"modified":"2022-11-30T11:17:16","modified_gmt":"2022-11-30T16:17:16","slug":"cyber-security-today-nov-30-2022-inflation-benefits-scam-aimed-at-canadians-a-warning-for-fortinet-administrators-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-nov-30-2022-inflation-benefits-scam-aimed-at-canadians-a-warning-for-fortinet-administrators-and-more\/","title":{"rendered":"Cyber Security Today, Nov. 30, 2022 -Inflation benefits scam aimed at Canadians, a warning for Fortinet administrators and more"},"content":{"rendered":"<p data-ar-index=\"0\">Inflation benefits scam aimed at Canadians, a warning for Fortinet administrators and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, November 30th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25170702\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Cyber crooks are trying<\/strong> to take advantage of a government of Canada promise to help businesses and people meet rising inflation. Researchers at Kaspersky said this week they discovered 40 web domains with pages that looks like a Canadian government web site \u2014 complete with the Canadian flag \u2014 offering an anti-inflation benefit. Victims are asked to enter income tax, payroll or business information to calculate what they might be entitled to. Those who do are sending that information not to the government but to crooks. The Canadian government actually did announce an anti-inflation Affordability Plan in June, so this scam could have been going on for months. However, the government doesn\u2019t have website to calculate what you might get. Around the world crooks regularly run government benefits scams. Pandemic-related scams are common. So are income tax return scams. These usually start with people getting emails or text messages that appear to come from governments. If you get one, don\u2019t click on the link. Always go to a government web site by typing in an address you know is authentic.<\/p>\n<p data-ar-index=\"4\"><strong>Threat actors are selling access<\/strong> to compromised Fortinet network security products. That\u2019s the <a href=\"https:\/\/blog.cyble.com\/2022\/11\/24\/multiple-organisations-compromised-by-critical-authentication-bypass-vulnerability-in-fortinet-products-cve-2022-40684\/\" rel=\"noopener\">word from researchers at Cyble<\/a>, who say attackers are taking advantage of an unpatched vulnerability in products using the FortiOS operating system. In particular they are going after organizations using Fortinet\u2019s VPN. It\u2019s vital network and security administrators with Fortinet products install the latest security updates.<\/p>\n<p data-ar-index=\"5\"><strong>Baseboard management controllers<\/strong> are part of motherboards that enable IT administrators to remotely monitor low-level system operations of computers. Commonly found in servers, these baseboard controllers are increasingly being used in operational technology and internet of things devices for industrial equipment. So any vulnerabilities can be used by hackers to cause serious damage. I\u2019m telling you this because <a href=\"https:\/\/www.nozominetworks.com\/blog\/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1\/\" rel=\"noopener\">researchers at Nozomi Networks have discovered<\/a> 13 holes in some baseboard management controllers made by a network appliance manufacturer called Lanner. Lanner has issued updated firmware to fix the vulnerabilities. Regardless of whether your IT or OT environment has Lanner equipment, this is another reminder to IT administrators to forbid internet access to servers and other equipment unless it\u2019s needed \u2014 and when it is needed, remote access should require protection like a VPN.<\/p>\n<p data-ar-index=\"6\"><strong>Facebook\u2019s parent company<\/strong> Meta Platforms <a href=\"https:\/\/www.dataprotection.ie\/en\/news-media\/press-releases\/data-protection-commission-announces-decision-in-facebook-data-scraping-inquiry\" rel=\"noopener\">has been fined<\/a> the equivalent of US$277 million by Ireland\u2019s privacy commission for not adequately protecting users personal information. This follows the discovery last year of a file of personal data of over 500 million people stolen by hackers by scraping users\u2019 profiles. The Irish privacy commission was acting on behalf of the European Union. <a href=\"https:\/\/thehackernews.com\/2022\/11\/irish-regulator-fines-facebook-277.html\" rel=\"noopener\">According to The Hacker News, that scraping capability has been removed.<\/a><\/p>\n<p data-ar-index=\"7\"><a href=\"https:\/\/community.acer.com\/en\/kb\/articles\/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings\" rel=\"noopener\"><strong>Acer is working on<\/strong><\/a> a firmware update to address a vulnerability in some models of Aspire and Extensa laptops. If it isn\u2019t fixed an attacker could make changes to the Secure Boot settings and do nasty things. The update will be available on the Acer Support website or on the Windows update site.<\/p>\n<p data-ar-index=\"8\"><strong>Crooks are taking advantage<\/strong> of a challenge game on TikTok to spread malware. The game is called an \u201cInvisible Challenge,\u201d where a person films themself naked using a special video effect called \u201cInvisible Body.\u201d The effect removes the person\u2019s body from the video, making a blurred contour. But <a href=\"https:\/\/medium.com\/checkmarx-security\/attacker-uses-a-popular-tiktok-challenge-to-lure-users-into-installing-malicious-package-fe6248dfe0ae\" rel=\"noopener\">according to researchers at Checkmarx<\/a>, crooks have created videos with links to an \u201cunfilter\u201d that supposedly remove the TikTok filters. Don\u2019t fall for this lure. What happens is you download malware that steals passwords as well as personal information of Discord subscribers.<\/p>\n<p data-ar-index=\"9\"><strong>Finally,<\/strong> today is National Computer Security Day. I know, we just had Cyber Security Awareness Month in October. But Computer Security Day was created in 1988 by the Association of Computing Machinery after a worm was discovered in the computer system of Cornell University. So for those of you doing penance for not doing enough last month, think today about how to be safer on your computer at home and at work. At home that means making sure devices \u2014 including routers \u2014 have safe passwords, being careful before clicking on links in emails and texts, creating safe passwords on sites you go to, having a different password for every site you subscribe to, using a password manager to keep track of your passwords and enabling multifactor authentication to protect your login accounts. And in case you\u2019re losing track, Data Privacy Week starts January 24th, Safer Internet Day is February 7th, National Clean Out Your Computer Day is February 13th \u2014 and there\u2019s Backup Day, World Password Day \u2026. I don\u2019t make this up.<\/p>\n<p data-ar-index=\"10\">That\u2019s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com.<\/p>\n<p data-ar-index=\"11\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"12\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-nov-30-2022-inflation-benefits-scam-aimed-at-canadians-a-warning-for-fortinet-administrators-and-more\/516117\">Cyber Security Today, Nov. 30, 2022 -Inflation benefits scam aimed at Canadians, a warning for Fortinet administrators and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on an inflation benefits scam aimed at Canadians, 13 vulnerabilities found in a Lanner baseboard management controller, a con aimed at TikTok user<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-31983","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=31983"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31983\/revisions"}],"predecessor-version":[{"id":31987,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31983\/revisions\/31987"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=31983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=31983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=31983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}