Dangerous Android security apps in the Google Play store, advice for email and WordPress administrators and more on unsafe credit card readers

Welcome to Cyber Security Today. It’s Friday March 15th I’m Howard Solomon, contributing writer on cyber security and privacy for ITWorldCanda.com. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon AlexaCyber Security Today on Google PodcastsSubscribe to Cyber Security Today on Apple Podcasts

So you want a security app for your Android smart phone or tablet. Think you can pick just anything from the Google Play store? No, says an antivirus testing firm called AV-Comparatives. It analyzed 250 security applications in the Google store and found almost half of them are ineffective. Either they detected less than 30 per cent of malware in tests, or they had a relatively high rate of false positives when scanning clean apps. In some cases the apps were just buggy because of the way they were written. Others were just unreliable, still others were apparently designed to pass minimal tests so they would be accepted by app stores and make money. Worst of all, some actually included malware.

Just because an app has the word “security” or “antivirus” in its name doesn’t mean it’s safe or effective at what it’s supposed to do. Just because a security app is in the Google Store doesn’t mean its effective.

What should you do when looking for a security app? Check lists from companies like AV-Comparatives or AV-Test. Some sites test software for Android, iOS, Mac and Windows. Look for apps that have at least a 90 per cent detection rate. Usually the safest apps come from well-known brand names.

Can you trust user reviews in app stores? Well, many will give a rating based solely on their experience in using the app, not whether its effective. And some reviews in app stores are fakes.

Attention corporate email administrators: If you use a cloud application like Office 365 or G Suite, make sure you turn off the IMAP protocol. According to security vendor Proofpoint, criminals are increasingly exploiting IAMP in using brute force login attacks. IMAP helps organizations enroll lots of people, but it also bypasses multifactor authentication. Multifactor authentication is when users get an extra code sent to their smartphones to enter in addition to a username or password. So, IT teams, turn off IMAP on cloud applications and enable multifactor authentication. It may make things a little more complicated, but it’s safer.

WordPress administrators should be aware there is a new security patch now available. Version 5.1.1 includes 14 fixes. One of them patches a problem that could lead to a cross-site scripting corruption of your site if the comments capability is enabled. This affects all versions of WordPress. This latest update also includes things needed for the upcoming major version 5.2.

In my last podcast I mention how disappointed I was at finding stores in San Francisco that insisted I swipe my chip-enabled credit card along the side of the card reader. It’s much safer to either tap a card or insert from the bottom and enter a PIN number. Taping or inserting in the bottom allows the reader to use the security chip on the front of the card. Security vendor Flashpoint this week said it has found another version of data-stealing malware aimed at these store readers that may have been used for several years in the restaurant and entertainment business. If you’re a store owner, it’s important you pay up for modern credit and debit card readers that can use card with security chips. If you’re a consumer, stop using cards that don’t have the safety chip on the front. And refuse to swipe your card.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
Download Now