American schools are increasingly being hit by ransomware, a hacked event ticketing company, etc.
Welcome to Cybersecurity today. Today is Wednesday, October 26, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
A public school district in Iowa has become the latest school board in the United States to be listed as victims of a ransomware gang. According to ESET researcher Brett Callow, the Karakurt gang is claiming responsibility. To date, 32 school districts with more than 1,800 schools in the United States have been affected by ransomware. Fraudsters stole and disclosed data from at least 18 of them. Additionally, at least 33 colleges and universities have been affected by the ransomware. Among them, the crooks stole data from 20 organizations.
Meanwhile Researchers at Microsoft have warned that a threat group called the Vice Society has recently not only targeted schools in the US, but also used different strains of ransomware.
Scammers choose public sector organizations such as school and city boards because they may not be able to afford sophisticated network protection and they may be more willing to pay ransom or blackmail than large companies.
Individual, The Hive ransomware group is posting data it claims to have stolen earlier this month from one of India’s largest electricity suppliers, Tata Power. Bleeping Computer reports that so far the data posted by the attackers appears to be the personal information of Tata employees. Tata has said that the attack was on its IT systems.
US event ticketing agent See Tickets has admitted hackers may have stolen customers’ names and their credit or debit card information for more than two years since late June 2019. In a copy of the letter to the state Montana and sent to potential victims, the company said in April, it realized that a hacker had compromised several event check-in pages.
Microsoft has ended support for Internet Explorer in June. In the past, some IT departments have asked employees at their organizations to switch to Microsoft Edge or other browsers to anticipate this. However, certain logs left by Internet Explorer are still risky because they allow access in Windows. That’s according to researchers at Varonis. Hackers can use access to crash or cause a denial of service to a computer. The patch for a vulnerability was included on October 11 in this month’s Windows Patch Tuesday update. But otherwise is still a risk. The Windows administrator must see who is granted administrator privileges for this log file.
As part of Cybersecurity Awareness Month It’s time to remind your listeners of the importance of secure passwords. Experts know what many people do wrong: They use passwords like 123456, days of the week, months of the year, their names, names of sports teams, or consecutive characters on the keyboard. like ‘qwerty’. Scammers know this and will check those out first. So here’s my advice: First, use a software password manager to manage the different passwords you have to generate. Your antivirus suite may come with one, or it may be an option. Second, create a unique and secure password for every important website you have to log in to. An important website is your email, your office computer, your bank — anything that contains your sensitive personal information.
You have two password options: Create a password from a jumble of letters, numbers, and special characters — like an exclamation point — of at least 12 characters; or generate a passphrase consisting of at least three random words at least 15 characters long. Idea passphrases are relatively easy to remember.
Third, agree whenever a website or service offers multi-factor or two-factor authentication. Initially, this is an additional step to sign in by entering a six-digit code sent via email or an authenticator app on your smartphone. But that’s the key to increased security. Remember, each website must have a different password. More password advice here and here.
More people in Canada and USA are using multi-factor authentication. That’s according to a survey published this week by insurance group Chubb. More than half of those surveyed said they now use multi-factor authentication to sign in, twice as many as last year. Maybe they’re using it because their employer or email provider is forcing them too, but that’s fine. Bad news: 61% of respondents said they had trouble keeping track of their passwords. They may not be using a password manager.
Final, Those of you who use Apple devices should look for OS updates or security patches. Apple this week released a new version of macOS and updates for iOS and iPadOS.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Summary on your smart speaker.