Big hack of Canva graphics site, insurer leaves documents open and ransomware going after databases.
Welcome to Cyber Security Today. It’s Wednesday May 29th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
To hear the podcast, click on the arrow below:
One of the world’s most prolific hackers has apparently struck again. A person or group calling themselves GnosticPlayers says they have stolen data of 138 million users of an online graphics site called Canva. The ZDNet news service says it verified at least some of the stolen data. Canvas has acknowledged being hacked. Stolen data included customer usernames, real names, email addresses, and city and country information and passwords. However, those passwords were scrambled and well-protected. Canva owns the stock images sites Pexels and Pixabay, but apparently they were not hacked. Since February GnosticPlayers has taken credit for putting up for sale stolen data of 932 million users. Companies are still not doing enough to protect themselves or their partners from being hacked.
[CORRECTION: The original version of this story mis-spelled the name of the victim company. It has been corrected]
Here’s another example: A few days ago security reporter Brian Krebs reported that the web site of a huge U.S. real estate title insurance company called First American Financial Corp. wasn’t secured right. As a result anyone could have seen millions of documents with personal information relating to mortgage deals going back to 2003. It was an old bungle I’ve reported on before: Companies that make documents available on the Internet give them a number that can be seen in a browser’s address. If you change one digit in the number, you can see another document, and keep on going. It isn’t known if criminals knew about the First American flaw. There are ways to prevent this from happening by restricting who can see documents and by not using a numbered document system.
Sometimes companies get hit with ransomware on desktop computers through email. However, IT staff should note that attacks can be spread through attacks on servers. Security vendor Sophos recently discovered a campaign that goes after vulnerable MySQL databases that are open to the Internet. The infected database then automatically downloads a copy of the ransomware. Sophos thinks 800 copies of the ransomware were downloaded in five days. So database administrators, you’ve been warned.
Finally, this week I’m covering parliamentary hearings in Canada of the International Grand Committee on Democracy, Big Data and Privacy. It spent a lot of Tuesday grilling officials from Google, Facebook and Twitter. Hard to summarize it all in a short podcast, but if you go to ITWorldCanada.com you’ll find my news stories. The companies were given a rough ride and you might find their answers interesting.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon