Dangerous new Mac malware is a quadruple threat, SuperBowl online alert and protect your email from this attack.
Welcome to Cyber Security Today. It’s Friday February 1st. To hear the podcast click on the arrow below:
Users of Macintosh devices are being warned about new malware. Security company Palo Alto Networks said this one’s a quadruple threat: It can steal web browser cookies used by some cryptocurrency exchanges and wallet service websites an infected devices goes to; it steals passwords saved in the Chrome browser; and it steals iPhone text messages from iTunes backups on a tethered Mac. With this combination there’s a risk the multi-factor authentication users depend on for security could be bypassed, allowing an attacker to steal the victim’s digital currency. And to round off the attack, this malware installs a digital currency miner on the infected device to make the attacker more money.
Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and theft. And your computer should have up to date malware and anti-virus detection software.
The Super Bowl is set for Sunday, and you know what that means: Scammers are hawking phony game-related shirts, hats and other stuff online. It’s easy to fake an official logo. If these things matter to you, be careful where you shop. Remember, scammers don’t just want your money, they want your credit card number. And by the way, there’s no way to get a free Super Bowl broadcast on the Internet. Don’t do an Internet search for “free Super Bowl.” For sure you’ll be stung.
Here’s another reminder of why you need to protect your email account: According to email security company Agari, its customers recently saw a big hike in attacks coming from other people’s legitimate email accounts. The problem is the infected emails look legit because they come from someone or a company the recipient trusts. So not only after getting into someone’s email will the hacker read private mail and try to get deeper into their computer, They’ll also use the account to mail malware to others, or try to trick others in business to wire them money. So, IT administrators, one of the best ways to protect your company is to set up a secure multi-factor authentication login system. That way if an attacker has a user name and password it isn’t enough to crack a login. And make sure your company is also using an email authentication system like DMARC to make sure your domain can’t be impersonated.
Finally, there’s a new version of the Google Chrome browser available that patches a bunch of vulnerabilities. Usually Chrome updates automatically, but just to be sure check it yourself. Do it by clicking on the three dots in the right-hand corner of the browser, go to Help, then About Google Chrome. After that it will check for the latest version.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon