LibreOffice and password managers need updates, hotel chain stung and more.
Welcome to Cyber Security Today. It’s Monday August 19th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Do you use the free LibreOffice productivity suite? You may have installed a security update last month. Well, another one has been issued because severe vulnerabilities have been found. The latest version is 6.2.6 for conservative users or 6.3. for power users.
Microsoft has found another variation of a scam to get you to give away your username and password. You get an email or a text message that appears to come from Microsoft with a link. If you click on it, you go to a login page that looks like a genuine Microsoft site, but it isn’t. The best way to avoid being suckered is to be suspicious of any link in an email that takes you to a login page. The safest way to log in to a site is by going yourself to the home page of the organization and logging in, not by following a link in an email or text. Don’t click on the link, don’t manually type in the address listed in the link.
Here’s another of those oopsy moments: Organizations should use phony data with fake names, addresses and credit cards when testing an application before it goes live. Choice Hotels, one of the biggest chains in the world, does that. Unfortunately, somehow real customer data got inserted into an test database the hotel company gave to a software company trying to sell its product to the hotel chain. Presumably the test data would have been used to help evaluate the software. But someone at that software company didn’t protect the database. Security researchers hunting around the internet last month found the open database, which among the millions of fake records were 700,000 real names, phone numbers and email addresses. The bad news: A criminal also discovered and copied the database before it was closed, and is demanding a ransom or the data will be released. No credit card information was divulged, but the email addresses could be used for phishing.
Choice Hotels says it won’t be buying anything from that software company.
I’ve talked about the importance of having a password manager on your devices. It safely stores all your passwords — safe as long as the master password is strong. Two password managers say they have recently discovered bugs that have to be patched. One is in the Firefox browser manger. So, make sure you have the latest version of the browser installed. For any browser it’s a good idea to have automatic updating enabled. But if you want to be sure, go into the menu — usually its a symbol with three dots or three lines on the far right of the browser — and find Help, and then About Firefox, or About Google Chrome.
The other bug is in Trend Micro’s password manager that has to be patched. Again, you should have automatic updating enabled. But make sure if you use the Trend Micro solution you have the latest version installed.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon