A lot of people have unpatched software on your PC, an angry ex-employee hurts his former company and another misconfigured server with sensitive data found on the Internet.
Welcome to Cyber Security Today. It’s Friday January 25th. To hear the podcast click on the arrow below:
Are you worried about the security of your computer? Apparently, not enough. Just over half of the software on personal computers is out of date, if a report out this week from anti-virus software maker Avast is accurate. The company looked at data of what’s on the computers of its users and found a long list of software without the latest patches. The top five are Adobe Shockwave, the VLC Media Player, Skype, Java and the 7-Zip Filemanager. Others regularly not up to date are Foxit Reader, WinZip, iTunes, a media player called DivXPlus and the Mozilla Firefox browser. And, attention those of you on Windows 10: Nine per cent of you don’t have the latest security updates. Some of these applications may not be notifying users of updates. Some people may be ignoring updates. Some users may have installed software to try long ago and have forgotten about them. Go through your computer and check every piece of software. Do you use it? If not, delete it. For the rest, go to the manufacturer’s web site and make sure you’re on the latest version. Old software can easily be used by hackers to get into your system.
While I’m on the subject of updates, if you use an Apple device this week the company issued updates for devices that use the iOS and Mac operating systems. Make sure they’ve been installed.
When employees leave a company it’s vital an IT administrator make sure all of the password access they had is revoked. A company that makes the WPML plug-in for the WordPress content management system forgot about that and was embarrassed this month when an angry former employee used an old password and a backdoor he’d created to hack into the system. Then he used the company email to send a message to customers saying the product had a security problem. The company has now improved its internal security.
Finally, another company has been caught storing thousands of documents with sensitive personal, loan and mortgage information of Americans on an open Internet-connected server. Security researcher Bob Diachenko and news site TechCrunch found the files, which were held by a Texas data processing company. Ironically, the documents were originally on paper, which is pretty safe. But they’d been converted to digital files and then put on an unsecured server. The loans and mortgages had originally been made at a number of financial institutions, then apparently were sold to another financial firm. That company blamed the mistake on a server configuration error.
UPDATE: Diachenko found a second exposed server with the original, and easier to read, documents.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon