Don’t get burned by wildfire donor pitches, domain registrars hacked, bad Android apps, password woes and more.
Welcome to Cyber Security Today. It’s Friday November 1st. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
 |
 |
 |
There’s lots of news to squeeze into today’s podcast, so let’s get going:
California’s wildfires are capturing headlines around the world. And any kind of disaster in the news prompts scammers to try to take advantage of people who want to make helpful donations. Security vendor Proofpoint issued a reminder to watch out for scams. If you want to donate, choose known and reputable charities. The California governor’s office of emergency services has a special website that lists organizations it recognizes. Ignore email or SMS messages asking for donations.
When you want to register a domain — say ITworldCanad.com — you go to a company called a domain registrar. Well on Thursday it was reported that three big American based registrars, Web.com, and subsidiaries Network Solutions and Register.com, suffered a data breach. An unknown number of names, addresses, phone numbers and email addresses could have been copied. Passwords were not compromised, which is good. If attackers got hold of them, they could take over a domain. Even so, affected customers have to reset their passwords. The company said it scrambles credit and debit card numbers and doesn’t believe they could be compromised.
Statistics Canada’s latest report on Internet use here also sheds light on cyber crime. Last year 57 per cent of respondents who use the internet reported a cyber security incident. That included 11 per cent who said they got a virus or other computer infection and 19 per cent who said they’d been re-directed to fraudulent websites that asked for personal information. Some actually took some steps to protect privacy: 61 per cent said they deleted their browser history, 60 per cent blocked emails like junk mail and spam, and 42 per cent changed the privacy settings on accounts or apps to limit their profile or personal information.
Another bad Android app has been found in the Google Play store. This one is a substitute for the keyboard that comes with smartphones. Called “ai.type”, it’s supposed to help add emojis to messages. But what it really does behind the scenes is make money for criminals through unapproved purchases of premium digital content and making fake clicks on ads. Google was warned about this over the summer and removed the app from the Play store in July. However, a mobile security firm called Upstream said this week that lots of people still have the keyboard on their devices. Apparently they didn’t get the word. If you have this app, delete it. All smartphone users should check their phone bills regularly for unwanted charges for accessing premium data services. That’s one sign you’ve been infected. And remember, be careful when downloading new apps. Just because it’s in the Google Play store doesn’t mean it has evaded their security checks.
Meanwhile Symantec has updated other warnings about an Android app called XHelper that downloads malware and pushes ads. Here’s the thing: It isn’t clear where this app comes from. Probably it gets installed when a user downloads an infected app. Remember my advice about being careful before you download? The problem with XHelper is it finds ways to hide on devices and resists being deleted. Symantec says the app has infected over 45,000 devices in the past six months. If you’re the kind of person who downloads apps, think about adding an anti-malware app from a reputable company to scan your software.
I often talk about the importance of having strong passwords, and having a different password for every application and device. Lots of people still aren’t getting the message. Security vendor ImmuniWeb recently did a study of 16 million usernames and passwords stolen from big companies in the past 12 months and being sold by criminals. Lots of people are still using foolish and use short passwords like “password”, “abc123”, “student” and “welcome.” By the way, those of you who think you’re being clever with a password that moves down a keyboard, like “qaz” or “wsx”, criminals have figured that out. Aside from the fact that Fortune 500 companies aren’t doing a good job of protecting their lists of customer and employee passwords, this study also shows many people still don’t get it. Companies have to do a better job of scanning the lists of customer and employee passwords and warn users to improve them. They also have to do a better job of protecting passwords from being stolen. And users have to do a better job of creating passwords. The best way is for companies and individuals is to use a password manager.
Speaking of re-used passwords, the chain Bed Bath and Beyond this week admitted someone hacked into the system of an unnamed supplier and got away with a copy of login email addresses and passwords of customers. No credit or debit cards were copied. The company suggested fewer than one per cent of Bed Bath and Beyond customers were affected. According to SecurityWeek, the retailer blames customers who used the same password for multiple accounts.
There’s another warning about Wi-Fi routers being infected and then used for a chain of infected devices called botnets. This warning comes from security vendor Palo Alto Networks, which says it has discovered a new variety of malware aimed at particular models used in small offices and homes made by Zyxel, Huawei, Realtek. This new variant also goes after online gaming servers. Botnets are then used to launch attacks or distribute malware. The ways you can protect your Internet devices from being exploited are to make sure they have the latest software and change the default passwords into something hard. Remember, Internet-connected devices like routers, home surveillance cameras and others may only get updated by manufacturers for a couple of years. When you buy, ask if the manufacturer provides security updates, and for how long.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.