Applications accused of harvesting user data, NFL teams boot social media security and hacking gang members arrested
Welcome to Cyber Security Today. It’s Wednesday January 29th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear today’s podcast click on the arrow below:
Data privacy is on the minds of businesses this week because of the annual International Data Privacy Day. But that hasn’t stopped the flow of unfortunate news. The Electronic Frontier Foundation says the Android app for Amazon’s Wi-Fi Ring doorbell and security camera system quietly sends a lot of user information to data analysis and tracking companies, including Facebook. One company gets the user’s name and address. The Foundation says there’s enough information for other companies to figure out what each Ring owner does online. The Foundation has already complained that Ring partners with police departments to promote its system.
What else captures and sends out your data? The free version of Avast anti-virus. According to a joint investigation by PC Magazine and Motherboard, Avast captures a user’s browsing history and sends it to a sister company that sells the data. Now, the data is supposed to be scrubbed of any identifiable information like the user’s name or email address. However, the investigators found it does include a device identification number that can be tracked back to every user. Companies with huge piles of data — like Amazon or Google — could figure out who you are from the Avast browsing data. That’s a worry for people who browse porn, gambling or certain health-related sites. The article quotes Avast as saying it no longer captures and sells data from its browser extension. However, it says browsing data is still collected from the Avast and AVG antivirus applications. PCMag no longer recommends Avast Free Antivirus as an Editor’s Choice.
A hacking gang calling itself OurMine broke into the Twitter, Facebook or Instagram accounts of 16 National Football League teams, as well as the social media account of the League headquarters. And they hijacked the account of Eduardo Saverin, Facebook co-founder, now an angel investor as well as Twitter accounts of others. The Bleeping Computer news site says the takeovers didn’t last long, but the attackers posted messages like we want to show how everything is hackable. On the football club sites they also posted prank messages. In response OurMine’s Twitter account was suspended. But the incident is a reminder to all listeners that in addition to a tough password you need to enable two-factor authentication on your social media and email accounts.
Attention IT professionals: If you’re not sure how to protect your firm against ransomware and other serious cyber attacks an authoritative body has issued some guidance. The U.S. National Institute of Standards and Technology, also known as NIST, has put out a draft practice guide. It’s not the final version, but it will give executives and IT administrators an idea of which direction to go. It even includes a How-To Guide. There’s a link to the draft guide here.
Finally, three people in Indonesia have been arrested and charged with being in a gang that injected code into websites around the world to steal credit card data. They were arrested in December but the news was announced this week. The security firm Group-IB said police are still looking for other suspects.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.