Sneaky instant messaging apps attack, has this gang retired and another video conferencing app with trouble.
Welcome to Cyber Security Today. It’s Wednesday July 17th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
Do you use What’sApp or Telegram for messaging on an Android device? Well, security company Symantec has discovered a flaw that may allow an attacker to modify documents, audio files, photos and videos sent through these services. It can happen if files are stored on an SD card on the device instead of in the internal storage and an attacker can hack your device. So an invoice you get might be changed; so could an audio message from your boss. To protect yourself, those using messaging apps should make sure attached files are stored internally. Or you could encrypt files stored externally, like on SD cards. Meanwhile application developers should use techniques to verify that files haven’t been tampered with after they’ve been stored.
We all look forward to retiring after stockpiling a bunch of cash. Criminals allegedly dream, too. That apparently was behind the announcement in May by the person or persons behind a strain of ransomware called GandCrab that they were calling it quits after allegedly pulling in $2 billion. But security reporter Brian Krebs and others have their doubts. In a column this week Krebs says there’s evidence the gang has merely switched to a more exclusive version of renting ransomware to others called ransomware as a service. The suggestion is the so-called retirement is just a way of covering their tracks. The new way of doing business is an attempt to keep police from finding them.
Last week I told you about a vulnerability in the Mac version of the Zoom video conferencing app used by many businesses. Well, the same vulnerability is also in the RingCentral video-conferencing application. That’s because is based on the Zoom technology. RingCentral and Apple have issued patches that remove a troublesome piece of software on your Macs. However, if you’ve deleted RingCentral from your machine that problem piece of software will still be there. If you’re worried about being victimized, contact an expert for advice.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.