Be careful buying connected gifts for others, hackers arrested, and two more data breaches.
Welcome to Cyber Security Today. It’s Monday December 2nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Happy Cyber Monday to all you shoppers. There’s a wide range of stuff on sale out there, including Internet or Bluetooth-connected doodads like toys, speakers, fitness trackers and more. But if you’re considering these as gifts for others, a writer at Wired.com makes a good point: Think carefully before buying a device, particularly if it has a microphone or camera. You could be saddling a family member or friend with a security risk. Unfortunately, many companies — big and small — haven’t thought through the privacy implications of devices. That includes giants like Google and Apple who acknowledged that technicians were allowed to listen in to recordings of commands by users of their smart assistants. The goal may have been to improve the devices, but it was a privacy intrusion that few users knew about.
It takes a lot of research to determine if a wireless device has proper security controls, including password control and whether the manufacturer puts out software security updates. When buying for yourself take the time to do that research. When buying for others, set aside time to do the same. If you can’t, think twice before grabbing anything wireless in the sale bin.
Good news in the field of cyber justice: Police in nine countries including the U.K., Belgium and Australia have combined to take down a website selling a hacking tool that gave attackers the ability remotely control infected computers. The announcement was made by Europol on Friday. It is believed 14,500 copies were sold, but with the closing of the site the tool can no longer be used. The developer and 13 of the most prolific users of the tool, which could have been bought for as little as $25, have been arrested.
Bad news in the field of data breach breaches: A Virginia sleep disorder clinic last week began notifying some patients their personal information may have been compromised in June after a staff member’s email was hacked. Some patient information may have been copied including names, dates of birth, Social Security numbers, drivers’ licence numbers, passport numbers and medical history.
Meanwhile, a New Mexico early childhood development centre said last week it is notifying affected people after discovering several staff email accounts had been hacked, possibly as far back as a year ago. Personal information that may have been accessed includes names, Social Security numbers, dates of birth, passport numbers, medical treatment information, student identification card numbers, medical record numbers, and insurance information.
There’s no detailed information on either incident but experts say adding two-factor authentication to logins greatly decreases the odds a criminal can hack email. Meanwhile, company leaders should remember that hackers don’t necessarily have to break into a database to steal valuable information. If they find the right email account — particularly someone in the finance department — there’s lots of personal data sitting there in messages and attached documents. All the more reason for companies to consider encrypting email.
Finally, a 12-year-old Florida student is in trouble. According to news reports last week, the youngster hacked into a school and shut the Internet and phone service not only at the facility but also in the district. The student is no longer going to that school.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon