Cyber Security Today, July 30, 2021 – Canada consultation on social media regulation, a new ransomware group, abuse of WeTransfer and more

Canada consultation on social media regulation, a new ransomware group, abuse of WeTransfer and more.

Welcome to Cyber Security Today. It’s Friday July 30th. I’m Howard Solomon, contributing writer on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Should the Canadian government regulate social media platforms in some way to limit the amount of hate, promotion of extremism and illegal activity? It thinks so. It has suggested a framework for creating a law and regulations. But first Ottawa wants to hear from residents. So for the next two months you can send written submissions on the idea. Here’s a link to a site that has background information and how you can make a submission.

Remember the feared REvil and Darkside ransomware gangs? They said they were disbanding after adverse publicity following the Colonial Pipeline and Kaseya attacks. But researchers at a security firm called Recorded Future say a new gang has emerged: Called BlackMatter, this ransomware-as-a-service group says it has the best features of Darkside, REvil and LockBit. It promises to not attack governments, critical infrastructure or non-profits. It’s looking to buy IT access hackers have to anyone else.

A number of organizations use the WeTransfer website for moving big files between computers. It works like this: You upload a file for moving, and WeTransfer sends a notice to the receiver that a file is ready to be downloaded. However, cyberattackers have been discovered creating fake notifications. The goal, according to a security company called Armorblox, is to steal Microsoft Office passwords of people asked to login to get the file. One tipoff this is fake is that while the word ‘wetransfer’ is in the email address of the sender, it really comes from somewhere else. In one case it comes from ‘valuesaver[.]jp’. This is a server in Japan. This is why you have to pay attention to to full email address of senders. You also need to be careful with any email messages whose link leads to a page asking you to log in.

Worried about Wi-Fi and Bluetooth security? The U.S. National Security Agency has just released an advice sheet for American government workers, but anyone can follow it. Bottom line: If you worry about anyone remotely accessing the data on your mobile devices, disable Wi-Fi, Bluetooth, and Near Field Communications (known as NFC) when you don’t need them. When you need Wi-Fi, use a VPN. Don’t use public Wi-Fi sites in restaurants, malls, convention centres and airports without a VPN. And, of course, use multifactor authentication to protect passwords.

In May I told you about a Russian-based group abusing a mass email service called Constant Contact to send infected email messages to potential victims. A security company called I.N.K.Y. says this month it detected the same group, dubbed Nobelium, doing the same trick with another mass email service called Mailgun. It worked like this: A Mailgun account that a food and beverage company used for sending mass emails was hacked. That account was used to send 121 email messages with various scams. Some had supposed voicemail attachments. Victims who clicked on the link to play the voicemail had their computers infected. Other emails pretended to come from USAA, a financial services company. The goal would be to get victims to log into a fake bank website. Most of the phony emails tried to get people to log in to fake a Microsoft login page.

Again, the lesson is to pay attention to the full senders’ email address in messages you get, especially if after clicking on a link you have to log into something.

Speaking of stealing passwords, one technique hackers use to get bank passwords of people who use Android phones to connect to their financial institution is installing malware that puts a fake overlay on the users’ screen. Victims think they are logging into their bank. They are really logging into a screen with a fake bank page that captures passwords. A security firm called ThreatFabric has found new Android malware that works differently. It records users’ taps as they enter passwords. This scam been seen in Italy, Austria and Spain, but no doubt the attackers will try it in North America. Android malware can be distributed on the Google Play store. Google tries to catch as much as it can, but it isn’t perfect. So think carefully about apps before downloading them, even if they are in the Google store. And be careful with apps that ask for access to Accessibility Services. Saying yes gives the app access to everything on your phone.

Finally, some security update news:

If your organization uses Microsoft’s Hyper-V hypervisor for virtualization make sure it’s got the latest patches. Guardicore Labs and SafeBreach Labs this week revealed they discovered a critical vulnerability earlier this year. On being told, Microsoft issued a patch in May. News of the vulnerability and how it works is being released now on the assumption that by now Windows administrators will have installed the patch. But with the news out hackers will be looking for unpatched systems.

And Foxit has released security updates for its PDF reader and editor. If you use these two applications make sure they’re updated.

That’s it for now. Later today look for the Week In Review edition of the podcast. It features discussion about the increasing cost of a data breach and the risk a new search engine to find vulnerabilities may be used by cyber attackers.

Remember links to details about podcast stories are in the text version at That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today