Monday, January 24, 2022

Cyber Security Today, Jan. 12, 2022 – Install these security updates, and beware of phony QR codes

Install these security updates, and beware of phony QR codes.

Welcome to Cyber Security Today. It’s Wednesday, January 12th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

This might be called the security updates edition, because it’s a common theme in several stories.

Internet routers used by millions of small businesses and home owners could be at risk of being hacked because of a new vulnerability found in the devices. That’s the conclusion of researchers at a security firm called SentinelOne. They discovered a high severity flaw in a module many router manufacturers buy and include in their device. The module lets users plug in USB-connected devices, like printers. The vulnerability could allow an attacker to take control of the router. SentinelOne says manufacturers that use the troubled module include Netgear, TP-Link, DLink, Western Digital, Tenda and EdiMax. A security patch has been available to these companies since October. If your firm uses devices from these manufacturers check to see if an update is available.

SonicWall’s Secure Mobile Access 100 devices need to be updated. That’s because five vulnerabilities have been found. The most serious can allow an attacker to remotely take over these network access control devices. Patches were issued early in December. Researchers at Rapid7, who discovered the bugs and warned the manufacturer, this week published a detailed report on the vulnerabilities.

And a reminder: Microsoft issued a slew of fixes yesterday as part of its monthly Patch Tuesday. Adobe and SAP also issued patches for their products yesterday.

If you think your organization has been seeing more cyberattacks than ever, you’re probably right. Check Point Software says companies using its protection saw as many as 925 attempted intrusions a week in December, a record number. Too often, the report adds, attacks successfully penetrate networks by leveraging known vulnerabilities that have a patch that has not been applied. That’s why rigorous patch management is so important.

On Monday I reminded listeners to beware of receiving unexpected USB keys in the mail or by courier. These memory sticks can be used for transferring malware to your computer. Here’s another thing you should be careful of: Scanning QR codes just because they’re available. Scammers can easily create infected QR codes and paste them on bus stops, telephone poles or on top of legitimate QR codes in magazines, restaurant menus or store windows. In the latest tactic someone in Texas is pasting fake QR codes on public parking meters. The goal is to fool drivers into thinking they can pay for parking by scanning the codes. If a QR code looks like it has been stuck onto something, it may be a scam.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Follow this Podcast

More Cyber Security Today