Get rid of old Windows, a warning for Evite users and fake but-kind-of-true news
Welcome to Cyber Security Today. It’s Friday June 14th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast click on the arrow below:
Attention IT pros and company owners: Those outdated Windows servers and computers still in the firm may save money, but they’re prime targets for hackers. Proof is in a blog this week from security vendor Trend Micro, which says its found evidence that criminals are using advanced tools to implant malware, ransomware and cryptomining software on outdated versions of Windows. Most victims were running Windows Server 2003. Some had Windows Ultimate Professional and Windows XP Professional. Some firms keep systems with unsupported versions of Windows because they run applications that can’t run on new versions. Sometimes they keep old systems to save money. I know it costs to upgrade Windows, and you’ll probably have to buy a new computer or server powerful enough to run it, and maybe new applications. However, you’re putting at risk customers, partners and shareholders when you use unsupported software.
Have you used the online invitation service called Evite? Well, according to the ZDNet news service the company has finally admitted it was hacked earlier this year. Apparently a database of names, usernames, email addresses, passwords and possibly dates of birth for users up to 2013 was copied. A hacker told ZDNet they were selling 10 million records from the theft. Users are being told to reset their passwords.
There’s a lot of news about fake news. One of the questions is, what is fake news? It seems obvious, but it’s a report on something that never happened or that a person never said, or a distortion of what a person said. However, security company Recorded Future says it has found another definition: Recycling of old news to appear as new. It found an organized campaign of recent reports on social media of terror attacks that happened several years ago, but might fool readers into thinking they just happened. There’s usually a link back to the original news story, which would obviously show that the event is old. Why do this? Perhaps the goal is to get attention, or to see how many clicks such nonsense will get. Or perhaps the goal is to create fear. Whatever the reason, more than 215 social media accounts were created to participate in this con.
One lesson: If you see a report on social media of a violent event and there’s no coverage on mainstream media, be suspicious.
Another big ransomware attack. This one hit a Belgium-based company called Asco, which makes parts for airplanes. But it reportedly spread to the company’s factories in the U.S., Canada and Germany. As a result some 1,000 staffers were sent home.
Finally, news of security updates you should install: If you use VLC Media Player, update to the latest version. If you use a Chrome plugin called Evernote Clipper, which allows you to copy and paste into the Evernote application, update to the latest version. And, because this was patch week for Windows check to make sure the latest fixes have been installed.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon
Sponsor: Micro Focus
How GDPR can be a strategic driver for your business