Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Be wary of free Wi-Fi
As COVID-19 restrictions loosen, people are getting out more often. But we return to coffee shops, malls, and other public spaces that offer free Wi-Fi, we must make sure to remain diligent about using these open Internet services securely. Don’t use free Wi-Fi to access financial, health, or other sensitive personal information, and use a VPN to protect and anonymize your communications. Check out Danny Pehar’s excellent LinkedIn post for additional tips and insights on staying safe on public Wi-Fi.
Apple releases wide range of patches
Apple has released a sweeping set of patches for many of its products. MacOS and iOS platforms, Safari for Mac, Apple TV and Apple Watch security and performance updates were issued between October 25-27. If you do not have automatic updates enabled on your Apple devices, be sure to check and install these important fixes manually, as soon as possible.
Google issues eight high severity patches for Chrome
In an October 28 blog post, Google issued details of eight high priority patches recommended for its Chrome browser. Importantly, Google noted that exploits for two of the bugs – tracked as CVE-2021-38000 and CVE-2021-38003 – have been seen in the wild, increasing the urgency to patch. If you do not have automatic updates enabled for your Chrome browser, be sure to check and install these important fixes manually, as soon as possible. The stable channel for the Chrome browser has been updated to 95.0.4638.69 for Windows, Mac and Linux platforms.
ISA Cybersecurity in the news on how to be cyber smart
ISA Cybersecurity President & CEO Kevin Dawson has been featured on CTV News Edmonton’s “Morning Live” segment, wherein he presented a series of useful tips and tricks on how to be “cyber smart”. Kevin was also featured on Claudette McGowan’s popular “C Suite” podcast. Many average home users aren’t aware that they can be targeted by cyber attack just like businesses can be: headlining the second episode of season 2, Kevin discussing important insights for individuals to take to defend themselves and their data against the threat of a cyber incident, and how to respond in the event of a successful attack.
Toronto Transit Commission victimized by cyber attack
The Toronto Transit Commission (TTC), the third-largest mass transit system in North America, has been hit with a cyber attack. In an October 29 news release on Twitter, Stuart Green – the Senior Communications Specialist with the TTC – revealed that a ransomware attack had affected a wide range of systems and services. The TTC said that there were no major service interruptions caused by the attack and that there is no risk to employee or customer safety; however, communications with vehicle operators, transit platform displays and “next vehicle” information are unavailable, and the Wheel-Trans online booking portal and internal email services are offline.
In an interview with local news broadcaster CP24, Green advised: “Unfortunately, there is no update really to speak of… We continue to have issues. We’ve got our internal staff as well as some external cybersecurity experts that we’ve called in to help with this.”
The TTC originally downplayed the extent of the attack, which was discovered on the evening of October 28 when an IT employee noticed “unusual network activity,” according to the Friday, October 29 statement. The attack was thought to have been relatively minimal, but problems spread through the course of the day Friday. Green indicated that the compromise has been contained, and that the recovery is proceeding according to plan: “We think we’ve managed to sort of isolate things and stabilize our network…We’ve got sort of a hierarchy of things that we need to get back online first,” he advised. The TTC is using radio backup to speak with its staff in the interim.
“We obviously have done everything we possibly could and humanly could. You know, we identified the threat early. But as anyone who has been a victim of these things knows, and many large organizations have been victims of these things, they move very, very quickly. We are in the process of upgrading our systems,” said Green.
The transit agency has called in law enforcement and cybersecurity experts, including the City of Toronto’s IT department, to fix the issue and determine the cause of the attack. It is currently not known whether customer data was exfiltrated in the incident.