Canadians hit by scams, vulnerable Android apps, another open database and three apps to update.
Welcome to Cyber Security Today. It’s Friday November 22nd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
More holiday online scam warnings. This one comes from security vendor McAfee, which surveyed 1,000 Canadians and found 65 per cent of them had lost more than $100 and almost a third had lost more than $500 to various cyber scams so far this year. Forty per cent of respondents said they have either been a victim of or know someone who has been a victim of email phishing this year. Some of that is the fault of consumers: Over one-third of respondents admitted they don’t check an email sender or retailer’s website for authenticity. In this holiday seasons its more important than ever to watch what you click on, what you buy and where you buy it from.
Security-conscious computer, smartphone and laptop users make sure they regularly update their software for security reasons. And responsible app developers update what they create. But what about the free or purchased software components app developers include from other sources? Are these parts of the code kept up to date, too? Not necessarily, according to a survey by security vendor Check Point Software. It said this week that hundreds of current Android apps in the Google Play store had old but serious bugs in them that hadn’t been patched. We expect better from app developers. They have to keep an eye on all the code in their products, not just the code they create.
As I’ve told you several times before, employees keep doing bad things with company data in the cloud. The latest example is a firm called PayMyTab, which provides restaurants in the U.S. with card and wireless payment terminals. A news site called vpnMentor reports learning of a misconfigured database on the Internet with personal information of customers using PayMyTab had been left open on an Amazon storage server. PayMyTab allows users to get a receipt emailed to them. But apparently if a person clicked on a link to see a receipt anyone who knew how to access the database could see it, too. This is a failure of access control.
Do you use Microsoft Outlook for Android? Make sure the app is updated to close the possibility that a hacker could spoof your email and send messages with malware to victims.
Attention WordPress site administrators: If you use the security and management plugin called Jetpack, make sure it’s updated to the latest version. It includes a fix for a serious bug.
Computer manufacturers often include utilities with their PCs to help manage them. Unfortunately these often ignored applications can be a source of vulnerabilities. Owners of Lenovo computers come with software called Lenovo System Interface Foundation. Make sure it’s running the latest version. Look in your list of applications and if it’s there run an update.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.