US schools hit hard by ransomware, event ticket agency hacked and more.
Welcome to Cyber Security Today. Today is Wednesday, October 26, 2022. I’m Howard Solomon, a contributing reporter on cybersecurity for ITWorldCanada.com.
A public school district Iowa has become the latest board of education in the US to be listed as a victim by a ransomware gang. According to ESET researcher Brett Callow, the Karakurt tribe is claiming responsibility. So far this year, 32 school districts in the US with more than 1,800 schools have been affected by ransomware. The crooks stole data from at least 18 of those boards and released them. Additionally, at least 33 colleges and universities have been affected by the ransomware. Among them, the crooks stole data from 20 organizations.
Meanwhile Microsoft researchers warned that a threat group known as the Vice Society is not only targeting schools in the US recently, but also using different ransomware strains.
Crooks choose public sector organizations such as school boards and municipalities because they cannot afford sophisticated cyber defenses and may be more willing to extort or extort money than larger companies.
separately, The Hive ransomware group is posting data it claims was stolen earlier this month from Tata Power, one of India’s largest electricity suppliers. The Bleeping Computer news site says that so far the data posted by the attackers appears to be personal information of Tata employees. Tata has said that the attack was on its IT system.
American Event Ticket Agency See Tickets acknowledged that hackers may have stolen customers’ names and their credit or debit card information for more than two years in late June 2019. In a copy of the letter filed with the state of Montana and sent to potential victims, the company said in April it noticed a hacker had compromised some event checkout pages.
Microsoft discontinued support for the Internet Explorer browser in June. This expectation led some IT departments to switch their organization’s employees to Microsoft Edge or other browsers some time ago. However, some entries left behind by Internet Explorer are still at risk because they allow access to Windows. According to researchers at Varonis. Hackers can use access to either cause a crash or a denial of service to the computer. This month’s Windows Patch Tuesday updates included a patch for a vulnerability on October 11. But another threat still exists. Windows administrators need to see who is granted administrator privileges on this log file.
As part of Cybersecurity Awareness Month It’s time to remind listeners about the importance of secure passwords. Experts know what many people do wrong: they use passwords like 123456, days of the week, months of the year, their first names, names of sports teams or sequential letters on the keyboard like ‘qwerty’. Crooks know this and will test them first. So here’s my advice: First, get a software password manager to manage the different passwords you want to create. Your antivirus suite may come with one or may be an option. Second, create a secure and unique password for each important site you want to log into. An important site is your email, your office computer, your bank — anything that holds your sensitive personal information.
You have two options for a password: create one from a jumble of letters, numbers, and special characters — like exclamation marks — of at least 12 characters; Or create a passphrase consisting of at least three random words that is at least 15 characters long. The idea is relatively easy to remember passphrases.
Third, say yes when a website or service offers multifactor or two-factor authentication. It’s an extra step to log in by typing in the six-digit code initially sent by email or the authenticator app on your smartphone. But this is a key to added security. Remember, each site must have a different password. More password advice is available here and here.
more people Canada and the US are using multifactor authentication. That’s according to a survey released this week by Chubb Insurance Group. More than half of those surveyed said they now use multifactor authentication for logins, more than double from last year. Maybe they’re using it because their employer or email provider forces them to too, but it’s still good. The bad news: 61 percent of respondents say they have trouble keeping track of their passwords. They probably don’t use a password manager.
Finally, Those of you with Apple devices should look for operating system updates or security patches. Apple this week released a new version of its macOS and updates to iOS and iPadOS.
Follow Cyber Security today on Apple Podcasts, Google Podcasts, or join us in a Flash briefing on your smart speaker.