A new ransomware gang emerges, bad news for cyber crooks and pensioners’ information exposed.
Welcome to Cyber Security Today. It’s Wednesday December 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Cyber Security Today is brought to you by the new Cisco Security Outcomes Study, where we surveyed 4,800 cybersecurity and IT professionals.
Visit https://cisco.com/go/SecurityOutcomes to read the results.
Cisco Secure Insights Summit on January 21, 2021, at 10 a.m. Pacific Time.
There’s another sign that ransomware is paying off for cybercriminals: A new group has emerged, according to the Bleeping Computer news site. The gang calls itself Hades, and one of its first victims is a large American freight transportation firm called Forward Air Corporation. The attack occurred on December 15th but the firm only filed a report with the U.S. Securities and Exchange Commission on Monday.
Meanwhile a group of tech companies including Microsoft, McAfee, Rapid7 and Citrix are banding together to fight ransomware. To be called the Ransomware Task Force, it will officially start next month. Its goal is to assess the effectiveness of existing anti-ransomware solutions and create a road map of concrete objectives and actionable milestones fighting ransomware. It hopes to include representatives of government, law enforcement, nonprofits, cybersecurity insurance, and international organizations.
There is another organization of largely European security vendors and police called No More Ransom. It’s a three-year-old project that hosts a number of decryption tools for IT security professionals to use in case their firm is attacked.
Some good news: Police in Europe and the FBI have taken down three websites that offered protected web hosting and virtual private networking encryption often used by criminals for ransomware and other scams. Among crooks these are called bulletproof hosting services, because they ignore complaints about suspicious activity and don’t care who uses them. After taking down the sites police identified and alerted over 250 companies who were being spied on by criminals using the services.
In another move the European police co-operative called Europol announced the launch of a platform to help police unscramble encrypted information lawfully seized in criminal investigations. Police in 24 countries will be able to use the service. Not included is the United Kingdom, because it’s no longer in the European Union.
Attention IT administrators: If your firm uses the Dell Wyse Thin Client — which is a small computer — there are security updates available for the ThinOS operating system.
Attention Windows users: Microsoft has just put out an update to fix a bug that can cause the operating system to crash. The cause is a problem in a maintenance capability called Check Disk. The patch should automatically be installed, but you can always check to be sure.
Here’s another of those oopsy moments: A British pension provider called Now Pensions is telling customers their names, email addresses and dates of birth were unintentionally posted by an unnamed partner it deals with to a public software forum. The data could have been copied over three days earlier this month. The news site The Register says there is no statement yet on how many records were exposed.
Finally, I’m taking a break for a few days, so my next podcast will be Monday December 28th. Until then, I hope many of you also get time to relax. Some of you may even unwrap gifts. Even if you don’t, stay healthy, and cherish your loved ones and friends.
In the meantime, details about today’s and other stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.