Celebrate Women in Cybersecurity.
Welcome to Cyber Security Today. It’s Friday, September 1st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Today is International Women in Cybersecurity Day. It’s a day IT and security leaders should think about how they ensure their teams are diverse. This is especially important with the number of unfilled IT and cybersecurity jobs in organizations around the world. So the first thing listeners who are leaders need to ask themselves is are their teams diverse, and if not, why? Second, what are you going to do about it? Do you go out of your way to give women a chance? Are job postings written in an open way that encourages diversity? Is there too much reliance on IT certifications? If there are women on your IT and security teams, are their solutions and opinions valued?
There will be an online celebration this afternoon at 1 p.m. Pacific time. Register here
I have a more detailed story on International Women in Cybersecurity Day here. And later today it will be discussed as part of the Week in Review podcast.
Also in the news, clothing retailer Forever 21 is notifying over a half a million current and former employees of a data breach earlier this year. The attacker got names, Social Security numbers, birth dates and bank account numbers.
Threat actors continue planting malicious packages in open-source repositories, hoping to sucker unsuspecting application developers. The latest example was found by researchers at Reversing Labs: Three packages in the PyPI repository for Python-language code that continue a campaign of planting code that mimics the names of popular Python tools. As I’ve said before, if you want to download something from PyPI, NPM, Ruby, GitLab or any public code repository you’d better be sure it’s legit — and you’d better scan it to be sure.
Separately, researchers at Checkmarx report that for the last three years a threat actor has been plopping malicious packages in the NPM repository. These particular packages steal data from developers’ work. Apparently they are looking to infect cryptocurrency apps or wallets.
Someone is loading old bugs into the Common Vulnerabilities and Exposures list. Known to most infosec pros as the CVE list, its a compilation of publicly disclosed computer security flaws found by IT companies and security researchers. However recently CVEs that are upwards of three years old were added. According to Dan Lorenc, chief executive of Chainguard, 138 were entered on one day. It looks like the person is scraping old issues and commits and filing them. Their motive is unknown. And while they have CVE numbers, Lorenc says some of them aren’t really vulnerabilities. And in most cases patches were issued for them long ago.
Threat actors use all kinds of tricks to get you to click on a malicious link in an email. One of them is putting a phony date in the subject line. Why? To make you think the message was sent earlier than it was. So if the subject line reads, ‘Warning. Invoice due at the end of today’ and beside it is a date 24 or 48 hours ago, you might think, ‘I’d better get on this fast.’ Which is exactly what you shouldn’t do, say researchers at Cofense who reported on this trick. Don’t be fooled by what’s in the subject line, any more than you should be fooled by the content of the email.
Later today the Week in Review will be available. There will be discussion on a Canadian government report on cybercrime, the takedown of the Qakbot botnet and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.