Cyber Security Today: Dec. 10, 2018 — Malicious attachments, support problems and it’s no toy

A new malware campaign includes targeted attachments, a games publisher’s customers get a surprise from its support centre and a reminder that kids’ Internet connected devices have to be patched.

Welcome to Cyber Security Today. It’s Monday December 10th. I’m Howard Solomon

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

It may be the holiday season, but that doesn’t mean Internet scammers take any time off. According to security vendor Proofpoint a gang has launched email malware campaigns aimed at employees of large retail chains, restaurant chains, grocery chains as well as other organizations in the food and beverage industries. One particular campaign is personalized, with the email including attachments that make the message look like it has come from a colleague in the company because the letters have the firm’s logo. Clicking on the attachment, of course, leads to an infection. For security, you should make sure if you have a productivity suite like Microsoft Office to disable the ability for a document to automatically run macros. This malicious document encourages you to turn off macros so you can read the letter. But doing that allows the malware to be downloaded. As I’ve said before, read every email you get slowly. Don’t take for granted the source of messages. And don’t automatically click on every attachment you get.

Here’s another example of how companies that seemingly try to do things right in security get into trouble: A U.S. games publisher called Bethedsa last week was suddenly inundated with complaints from users of its customer support website. The site is where customers fill in forms for help with a product. Well, suddenly users were getting forms back with other customers’ personal information, such as their names, email addresses and type of credit card. That’s an oopsy moment. Bethedsa blamed it on an ‘error’ with the site. Was it a coding mistake or someone at the company made a configuration error. We don’t know.

Finally, a reminder to parents that not only do you have to make sure your computing devices are patched, the ones used by your kids have to be looked after as well. This comes to mind after a security company called SureCloud last week said it discovered serious vulnerabilities in an Android tablet for children made by Vtech. The tablet, called either Storio Max or InnoTab Max, could allow hackers to remotely take over the device and spy on users through the webcam or microphone. Vtech was notified earlier this year and properly issued a notice several months ago about installing a patch. That message popped up on device screens. However, according to a news report that notice didn’t detail the patch was to fix a security vulnerability. So, when buying something for a child that is internet-connected, make sure it can be updated. And remember, like products for adults, updates will likely only be available for a few years until a new model is made.

That’s it for today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast