Deezer hack, free tips to do better, and LockBit bringing the holiday vibes.

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

Did you know? 3 out of 4 organizations fell victim to some sort of cyber attack, up 61% from 2020.The question is not if you're going to get attacked, it's when. Stay alert boys & girls.

In this week's edition:🌟 Kids' hospital gets ransomware decryptor for free👎🏻 Deezer hack, free tips for companies to do better🔥 the quick and dirty

Reading time: 03:13

Kids' hospital gets ransomware decryptor for free

Back from spending time with family and loved ones, making news resolutions for the new year (which I'm probably not going to keep). Ah yes, I love the holidays.So let's start the first newsletter in 2023 with some good news, huh?

Ransomware group LockBit has offered their apologies to sickkids.ca, a Toronto based kids hospital.LockBit is known for their cryptolocker ransome - you'll never guess this one - LockBit. The software can be bought by other hackers and APT's to infiltrate targets, but under strict rules so it seems:

As you can see, hospitals and clinics are not entirely off-limits, but only under strict rules.

When LockBit found out this rule was violated, they contacted SickKids.ca with apologies, and provided the decryptor.

This made it possible for SickKids to decrypt the infected systems and continue with their day-to-day operation.SickKids already told the media that they made a maximum effort to mitigate potential impact to the continuity of care. The further recovery of systems would have taken weeks without the decryptor.

Make no mistake, this still has an impact, even with the "free" decryptor.But somehow I read this and thought "ah yes, there are still people with morale in this world.".Am I an old romantic? Maaaaaybe.Or am I just glad to be posting something somewhat uplifting this time? Also maaaaaybe.

Good on you, LockBit!

Deezer hacked, free tips for companies to do better

So Deezer got hacked.The first thing that came to mind when reading this was: "wtf is Deezer again?".Ah yes, the Spotify wannabe.

So, where was I, Deezer got hacked.Well, one of their third-party associates was.While Deezer found it very important to stress that it's not them but a third party.However, this makes no difference for the affected users:

• First and last names

• Dates of birth

• Email addresses

• Gender

• Location data (City and Country)

• Join date

• User ID

All for sale.

The sad thing is, this is the 202939394757th time (give or take) a company tries to downplay what has happened, and fails to make even the slightest effort to inform their users.Also, on the bottom of their press release they casually mention "As a precautionary measure, we would recommend that you change your password."Rather odd, given that the previous sentence states no passwords or payment details have leaked.That's a 0 on all parts, Deezer.

We need to do better. Really. I can't take it anymore.So, if you work in 'a' company and ever experience something similar, here are 5 tips from your friendly neighborhood Disable User.

• Inform users - You know who's affected. Send them an e-mail.

• Be transparant - what happened, what data got stolen

• Provide relevant help - don't tell users to change their password if their password haven't leaked. Tell them to look out for targetted phishing mails, because their Personal Information is up for sale.

• Follow-up - investigate, learn, do better. Inform users - also the not affected ones - that you are taking steps to prevent this from ever happening again

• Bonus: don't specify what you're doing to prevent this from happening again - huh? Well. This gives hackers free insights in your defence. And once a company gets hacked, they are on the "easy target" list, so expect to be a victim again.

Speaking of passwords

The quick and dirty

• Synology fixes maximum severity vulnerability in VPN routers - with a maximum (10/10) severity vulnerability rating, patch fast.

• Microsoft: Windows Server 2012 reaches end of support in October - feels like saying goodbye to the friend that overstayed his welcome. Seriously though, get on that Server 2022, yo.

• Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws - probably the most overlooked update there is, but don't forget to give your BIOS the TLC it deserves.

• Meme of the week

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)