Cancer hospital chain breached again, security advice, new Instagram feature and patches to watch for.
Welcome to Cyber Security Today. It’s Wednesday October 9th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
Cancer Treatment Centres of America, a group of five care centres across the United States, has acknowledged a data breach after employees at its Atlanta hospital fell for a phishing scam late last month. Personal data on just under 4,600 patients was apparently copied, according to the news site Databreaches.net. In fact, that was the second announced breach at the Atlanta hospital in two months. The group’s hospital in Philadelphia was also hit over the summer. The group has suffered five data breaches since November, 2018. Three involved Atlanta. A company official told the news site it is implementing enhanced security controls and heightened employee security training.
For Cyber Security Awareness Month I’m passing on tips to help keep you safer online. One way is to check if your email or login credentials have been compromised. There’s a site to check called “Have I Been Pwned.com”. Pwned is spelled P-w-n-e-d. Just enter your email address, or, on a separate page, your password. If the password you test here has been exposed, don’t use it ever again. The site has a database of hundreds of data breaches. Just added are data from the 2016 breach at real estate company StreetEasy and the southeast Asia division of beauty store Sephora. Remember, not every data breach is listed, so this site is only a guide. If you use the Firefox browser, it has a plugin called Monitor that uses “Have I Been Pwned.” Google Chrome has a similar plugin called Password Checkup that warns users if it detects a username/password combination that has been stolen in a data breach.
A big worry for computer users is being fooled by a security text or email that pretends to come from a software provider they use. Instagram is trying to meet that with a new feature announced this week. If you get an email claiming to be from Instagram, go into Instagram’s settings and click on the security tab. There you’ll see a list of the real security-related emails that it has sent you over the previous two weeks.
Administrators of the vBulletin forums software recently had to scramble to install a vital security patch to plug a big hole. Well, there are new patches out. These affect versions 5.5.4 and earlier. They’re not as serious as the earlier one, but should be looked after.
If you use the Android version of the Signal Private Messaging app for secure messaging, make sure you update to the latest version. There’s a bug that could allow a hacker to turn on the microphone of your device.
Finally, yesterday was the monthly Patch Tuesday release of security fixes for Microsoft products. Watch out for them appearing on your Windows computer if you use automatic updates, or, get them manually.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon