Cyber Security Today, Dec. 3, 2021 – A holiday ransomware warning, ManageEngine patches needed, and more

A holiday ransomware warning, ManageEngine patches needed and be careful downloading software.

Welcome to Cyber Security Today. It’s Friday, December 3rd. I’m Howard Solomon, contributing writer on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


IT leaders know that the November-December holiday season is a time when crooks increase their attempts to steal credit and debit card data. But according to researchers at Darktrace it’s also a time of increased ransomware attacks. In the last three years the average number of attempted ransomware attacks in November and December went up 30 per cent compared to the rest of the year. And the largest rise in attempted ransomware attacks occurred between Christmas and New Year’s Day. That’s probably because many IT teams give staff time off. These numbers are another reason why IT teams have to be extra vigilant this month for signs of intrusions.

Here’s another reminder to be careful where you download software from. According to researchers at Cisco Systems, consumers in Canada, the U.S. Australia and Europe have been falling for ads pushed up when people search for popular desktop and mobile software. What victims get instead of legitimate software is malware that steals personal data and passwords or installs a backdoor for secret access. Half of the victims in this campaign that’s been going on since 2018 are from Canada. The researchers suspect victims start by using a search engine to hunt for software, then click on an ad for that application with a link to the promised software. What they should be doing is going to the developer’s website where legitimate software is found. One of the fake apps is WeChat. Listeners should remember some search engines, like Google, list ads at the top of their results. And they are clearly marked as ads. Consumers should be careful downloading software from links in ads. IT departments need to remind employees that using company computers for downloading software without approval is forbidden.

Attention IT administrators: If your organization uses IT help desk software called ManageEngine ServiceDesk Plus, make sure it’s got the latest security patches. A report from Palo Alto Networks says an advanced threat group recently began targeting this application. In fact this is the second ManageEngine product from a company called Zoho to be targeted by this threat group. The other product is called ADSelfService Plus In the past three months 13 organizations have been compromised through one or both ManageEngine products. Both applications need to be patched.

IT administrators using the Nginx web server should be on the lookout for a compromise. A security firm called Sansec has seen malware on Nginx-powered e-commerce servers that install a backdoor for stealing credit and debit card data from product purchasers. This malware has been seen in servers in the U.S., Germany and France. Click here for instructions on removing the malware 

Having the latest updates isn’t a guarantee all security problems are fixed. A recent study of Wi-Fi routers for home and small business use found there can still be security issues buried in the firmware, in outdated functions and in weak default passwords even in newly-patched routers. The study was done by a German cybersecurity company, IoT Inspector, for a magazine. One lesson: Change the default password to something strong when you first install a router. The manufacturers of the devices studied, including TP-Link, Asus, Netgear and Linksys, released new security patches as a result of the research.

Finally, remember that later today my Week in Review podcast will be out. Today IT World Canada CIO Jim Love and I will discuss some of the cyber attacks from the past week.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today