Google login with fingerprints, ransomware on cameras and more unsecured personal data found on Internet.
Welcome to Cyber Security Today. Wednesday August 14th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
You can use a fingerprint reader to unlock your laptop or smartphone. Now Android users can use a fingerprint to log into Gmail and other Google services instead of a password. You have to be using Android versions 7, 8 or 9. Also a personal Google Account must be added to the Android device with a screen lock. Just go to passwords.google.com for instructions. Google does not store your fingerprint. This is part of a trend for major companies, including Microsoft, to offer biometric authentication for services instead of forcing people to create passwords.
If you use the Steam video game platform for buying and playing online games, make sure you install the latest security fix. Researchers say a vulnerability could allow an attacker to get into your computer. However, according to the news service Bleeping Computer, this fix may not solve all problems.
A company called Wind River has acknowledged some versions of industrial products using the VxWorks operating system have vulnerabilities that need to be patched or addressed. These include modems, routers, and printers, as well as some industrial and medical devices. Manufacturers and IT staff using this operating system need to look into this.
Attackers can install ransomware on desktop and laptop computers, smartphones, tablets and servers. Now comes news it’s possible to put ransomware on digital cameras. That’s what security company Check Point Software has discovered. Researchers wondered if the Picture Transfer Protocol, an international software standard used by camera companies for transferring images from cameras to computers, could be compromised. And testing a camera from Canon, the answer was yes. And Canon issued an advisory acknowledging the research is right. This protocol is used in other camera makers’ software, so they may be vulnerable as well. Here’s how you can protect yourself: First, make sure your computer has up-to-date Windows and security software, including anti-malware. One way an attack starts is by hacking your computer. Then when you connect it to the camera the ransomware goes there. Second, be careful when using Wi-Fi to transfer images from your camera to your computer. Don’t use public Wi-Fi because it could be compromised: Use your home wireless network. And make sure it is up to date and protected. Turn off the Wi-Fi on your camera if you aren’t using it — that will also save your battery as well. Canon camera owners should watch for a firmware update. Your camera’s menu will show what the current version of firmware is. An update is now available for the Canon 80D.
Another company employee apparently has been stupid using Amazon’s S3 data storage service for storing data. According to the news service DataBreaches.net, a researcher found 1.8 million unprotected patient-related records that appeared to be from American pharmacies in Tennesee, Maryland and Florida. The documents appear to be copies of completed fax cover letters records from three different pharmacies. The faxes were to physicians, asking them to approve their patients’ requests for diabetic supplies or other medications. So they had patient names, addresses and phone numbers. Who is responsible for leaving this data unsecured isn’t clear, but there is some suggestion these fax cover sheets were set to a telemarketer. That’s because also in this folder were telemarketer phone recordings of people asking consumers to agree to have a pharmacy send them supplies. Whatever the source, someone was very clumsy. Hopefully state regulators will investigate.
Finally, yesterday was Microsoft’s monthly Patch Tuesday for issuing security fixes to Windows and other Microsoft products. You may have security updates automatically installed, but it doesn’t hurt to check Windows Update to make sure it’s been done.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon