{"id":34717,"date":"2023-01-27T15:13:27","date_gmt":"2023-01-27T20:13:27","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=524050"},"modified":"2023-01-30T11:01:47","modified_gmt":"2023-01-30T16:01:47","slug":"cyber-security-today-week-in-review-for-friday-january-27-2023","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-january-27-2023\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday, January 27, 2023"},"content":{"rendered":"<p data-ar-index=\"0\">Welcome to Cyber Security Today. This is the Week in Review edition for Friday, January 27th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"1\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25741383\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">In a few minutes Terry Cutler of <a href=\"https:\/\/www.cyologylabs.com\/?r_done=1\" rel=\"noopener\">Cyology Labs<\/a> will be here to discuss recent news. But first a look back at some of the headlines from the past seven days:<\/p>\n<p data-ar-index=\"3\">Data Privacy Week ends tomorrow. Terry will have some thoughts about what your company should be doing.<\/p>\n<p data-ar-index=\"4\">GoTo, which makes remote IT and communications software used by companies, <a href=\"https:\/\/www.goto.com\/blog\/our-response-to-a-recent-security-incident\" rel=\"noopener\">has acknowledged<\/a> a hacker not only stole encrypted backup data of customers in November but also an encryption key for some of that data. This data was stolen from the outside cloud storage provider that GoTo uses. Terry and I will discuss this incident.<\/p>\n<p data-ar-index=\"5\">We\u2019ll also talk about employees at customer support provider <a href=\"https:\/\/www.securityweek.com\/zendesk-hacked-after-employees-fall-for-phishing-attack\/\" rel=\"noopener\">Zendesk giving their usernames and passwords<\/a> to a hacker after falling for an SMS text phishing scam.<\/p>\n<p data-ar-index=\"6\">And we\u2019ll comment on<a href=\"https:\/\/thehackernews.com\/2023\/01\/security-navigator-research-some.html\" rel=\"noopener\"> a report that IT departments not only are slow to patch vulnerabilities<\/a>, some aren\u2019t even aware of them.<\/p>\n<p data-ar-index=\"7\">Elsewhere, a Canadian-based international manufacturer of die-cast tools and car parts <a href=\"https:\/\/www.itworldcanada.com\/article\/canadian-tool-manufacturer-hit-by-cyber-attack\/523620\" rel=\"noopener\">has been the victim of a cyber attack<\/a>. Exco Technologies said that three production facilities within its Large Mould Group are recovering from a cyber incident last week.<\/p>\n<p data-ar-index=\"8\">A <a href=\"https:\/\/www.itworldcanada.com\/article\/compromised-api-led-to-data-theft-of-37-million-t-mobile-customers\/522989\" rel=\"noopener\">hacker leveraged an application programming interface (API)<\/a> to steal the personal information of 37 million customers over two months, undetected, from American cellular carrier T-Mobile.<\/p>\n<p data-ar-index=\"9\">American cybersecurity agencies <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa23-025a\" rel=\"noopener\">issued a reminder to organizations<\/a> to be on the lookout for remote monitoring and management applications that have been secretly implanted into their IT environments. Applications like AnyDesk, ScreenConnect and ConnectWise Control are being uploaded into victims\u2019 networks to be used by attackers as a backdoor.<\/p>\n<p data-ar-index=\"10\">Video game maker Riot Games <a href=\"https:\/\/www.vice.com\/en\/article\/qjky8d\/hackers-demand-dollar10m-from-riot-games-to-stop-leak-of-league-of-legends-source-code\" rel=\"noopener\">reportedly received a ransom demand of US$10 million<\/a> after some of its source code was stolen. According to a news report, the hackers are now auctioning off what they said is code for the game League of Legends.<\/p>\n<p data-ar-index=\"11\">And a four-year-old copy of a U.S. government no-fly list<a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-jan-23-2023-old-us-no-fly-list-found-on-unprotected-airline-server-ad-fraud-is-scheme-is-disabled-and-more\/523246\" rel=\"noopener\"> was discovered on an unsecured server<\/a> on the internet. The server belongs to the U.S. airline CommuteAir. The airline said the data was on a development server used for application testing.<\/p>\n<p data-ar-index=\"12\"><i>(The following is an edited transcript of the first of the topics Terry Cutlter and I discussed.\u00a0 To hear the full conversation play the podcast.)<\/i><\/p>\n<p data-ar-index=\"13\"><strong>Howard<\/strong>:\u00a0Let\u2019s start by talking about Data Privacy Week. It\u2019s often thought of as a way to remind consumers about how to protect their personal data when online, but companies play a role as well. What\u2019s your experience with organizations treating privacy, as opposed to cybersecurity?<\/p>\n<p data-ar-index=\"14\"><strong>Terry Cutler:<\/strong> Let\u2019s first differentiate the two: In general security will keep you safe from potential threats. Cybersecurity involves securing the data from unauthorized use to access. Data privacy refers directly to how companies are able to collect, manage, store and control the use of personal data.<\/p>\n<p data-ar-index=\"15\"><strong>Howard:<\/strong> The thing is, your company\u2019s reputation can be influenced by consumers perception of how you value data privacy. In a recent consumer survey by Interac, which runs the credit and debit card networks used by banks and retailers, over half of Canadian respondents said they believe that organizations are primarily responsible for protecting their personal information. Nearly seven in 10 Canadian respondents would hold organizations that they have given personal information to accountable for a data breach. Just over 70 per cent want more control over their online information. What do you make of these numbers?<\/p>\n<p data-ar-index=\"16\"><strong>Terry:<\/strong> Well, you can\u2019t have your cake and eat it too. Consumers rely heavily on convenience and, unfortunately, security and privacy are not about convenience. We saw this just happen very recently with Home Depot. Let me describe quickly how your information is actually being tracked when you purchase something. Assume you\u2019re on your way to purchase a pair of pants. GPS satellites know that you just pulled up to the store\u2019s parking lot. GPS companies are going to start selling your data about that parking lot to thousands of other firms that actually track insights and trends for this location. Those companies will analyze these photos and see where people are shopping. In some of the analytics they can actually predict where the consumer traffic is. That can give them early sense of some sales and revenues. That\u2019s kind of like a heads-up of earnings. But it doesn\u2019t stop there. There are at least 100 apps on your phone, including weather apps and traffic apps, that are also selling your geolocation data. Firms that specialize in these types of data could buy this information about foot traffic and spit out insights to how many consumers are actually visiting a store in a given location.<\/p>\n<p data-ar-index=\"17\">Remember you haven\u2019t opted into anything yet. This is from apps that are tracking you. When purchasing those pants you wanted companies are also tracking. If you give away your email address companies can target your inbox [with ads]. And these companies can now link with banks as well, so they can see your transaction history. Some will anonymize data but at least they will see some insight into what\u2019s happening in locations so they can predict things more accurately. If you\u2019re shopping for those pants online there are a lot of companies that are scraping Facebook and Twitter to gather as much information about brands. The bottom line is if you\u2019re not paying for the product you are the product.<\/p>\n<p data-ar-index=\"18\"><strong>Howard:<\/strong> You mentioned Home Depot. I think that you were referring to a just-released report by the Privacy Commissioner of Canada about Home Depot of Canada. If people gave their email addresses when they bought products to get an e-receipt and instead of a paper receipt they didn\u2019t realize was the data that came with the e-receipt was going to Meta, the parent company of Facebook. The privacy commissioner Home Depot Canada customers were not properly informed what the company was doing with their data.<\/p>\n<p data-ar-index=\"19\"><strong>Terry:<\/strong> It makes sense: You think that you\u2019re just going to get a copy of the receipt in your inbox. This happens all the time at other stores. When I do a self-checkout and it asks would I like to have an e-receipt, and you type it in there. So I\u2019m a victim of that, too.<\/p>\n<p data-ar-index=\"20\"><strong>Howard:<\/strong> The privacy commissioner\u2019s ruling is the company shouldn\u2019t be doing that unless the customer knows exactly that\u2019s what\u2019s happening.<\/p>\n<p data-ar-index=\"21\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-january-27-2023\/524050\">Cyber Security Today, Week in Review for Friday, January 27, 2023<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode features discussion on Data Privacy Week, data breaches involving GotTo and Zendesk, an<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-34717","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=34717"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34717\/revisions"}],"predecessor-version":[{"id":34796,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34717\/revisions\/34796"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=34717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=34717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=34717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}