Quebec talent agency and U.S. fertility clinic hit by ransomware, a Verizon logo scam, and more.
Welcome to Cyber Security Today. It’s Wednesday October 13h. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Ransomware attacks continue to victimize companies. Among the latest in Canada is Agence Goodwin, a Montreal-based company that represents 150 performing artists from actors to scriptwriters. I don’t know how extensive it is. Asked for comment, Natalie Goodwin, one of the senior partners, emailed me that the company is “very busy with this issue at this time” and would get back to me later. The Conti ransomware gang is taking credit for this cyber attack. According to a security researcher I spoke to, this is among seven Canadian firms that ransomware groups allege were successfully hit in the past month and a half.
Meanwhile in the U.S. a subsidiary of Quest Diagnostics said in a regulatory filing that a fertility clinic it owns called ReproSource discovered ransomware on its servers in August. ReproSource is now notifying 350,000 people that their personal and health information may have been copied by a hacker.
Medical imaging firm Olympus said it suspended certain IT systems in Canada, the U.S. and Latin America this weekend after detecting suspicious activity. Olympus told the BleepingComputer news service that the company found no evidence of data loss during an ongoing investigation regarding this incident.
If your firm uses the open-source LibreOffice or OpenOffice productivity suites make sure they’re on the latest versions. Security updates have recently been released to close three vulnerabilities that could either change the timestamp of digitally signed documents or alter the contents of documents.
Hackers have lots of ways of tricking victims into thinking an email attachment is legitimate. One way is by copying the logo of the company they are impersonating. A security firm called I.N.K.Y. this week detailed scams that make fake but slightly altered versions of the logo of the American telecommunications giant Verizon. The real logo has the word “verizon” in black with a specially designed red checkmark at the end. One phony version of the logo places an exact copy of the red checkmark at the beginning of the logo to replace the letter “v” in Verizon. Another fake uses almost the same standard red checkmark. A third, more obvious fake, has a red “v” with an overscore above it, so it almost looks like a red triangle, at the beginning of the word Verizon. All three fake logos are used in email messages that pretend to be a voicemail alert from Verizon. The victim has to click on a button to supposedly hear the voicemail. That leads to a realistic-looking Verizon website with a media player. But to play the supposed message the victim has to enter their Microsoft username and password – which, of course, the hackers are trying to steal. One way this scam could have worked is that the gmail addresses these messages were sent from were new, so they might have got past antivirus detection. Sharp users, however, would – hopefully – have spotted the sender’s address wasn’t Verizon. The second lesson is just because a logo looks real doesn’t mean it is. If an email asks you to click on a link or an attachment, look for warning signs. They can be found in the sender’s address and spelling mistakes.
Attention software developers using GitHub: If you use the GitKraken graphic interface you may have to log in again and create new authentication keys. This is because Microsoft found a vulnerability in a third-party library that generates SSH authentication keys.
Finally, yesterday was Patch Tuesday, the day Microsoft and several other companies release software security updates. Make sure your computer has the latest patches installed from Microsoft. Adobe also released updates for Acrobat, Connect, Commerce and Campaign Standard.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.