Many U.S. states don’t use an email protection tool, Windows 10 feature update coming and beware of fake Valorant apps.
Welcome to Cyber Security Today. It’s Monday June 1st. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
It sometimes feels that companies and governments are defenceless against the phishing attacks employees get in their email. As experts often repeat, all that has to happen is one employee clicks on a malicious link and, Boom, the firm is infected. Actually, organizations that host their own email systems have a lot of defences. One of them is setting up an email address enforcement check called DMARC. That will block or at least warn users of fraudulent lookalike email addresses. However, according to a report from a security company called Proofpoint 44 per cent of U.S. state and health departments haven’t done this on their email gateways. As for the 56 per cent of departments that do implement DMARC, the majority haven’t set it to block fraudulent email. So your taxpayer-supported government office in some cases isn’t implementing the best email protection. DMARC validates the domain name in an email address. That’s so hackers can’t impersonate firstname.lastname@example.org, for example. Unfortunately hackers have lots of other ways to fool you with email addresses. But implementing DMARC should be an easy move for governments and companies.
As you may know, on the second Tuesday of every month Microsoft releases security updates for Windows that have to be installed. Every six months it issues a Windows 10 feature update. The latest one is just starting to be released. But if you have an older computer you may find the update gets blocked. That’s because it won’t get installed if there are old or incompatible display drivers. These are pieces of software code that help put the graphics and images on your screen. To resolve this make sure you have the latest drivers, or follow Microsoft’s instructions and turn off memory integrity. Usually Windows ensures you have the latest drivers.
Cybercriminals don’t just want to steal valuable credit card and other personal information from big retailers and banks. They’ll target any group eager to spend money, like online gamers. The latest proof is the ads for the mobile version of the tactical game Valorant. Those ads are scams. The desktop version of the game will be released tomorrow. There won’t be mobile versions for a while. But according to the Bleeping Computer news service, hackers are posting YouTube ads promoting so-called Android and iOS versions of the game. What happens if you’re foolish enough to click on a link? You have to download what looks like a coupon for McDonald’s or a gift card or another game. Some of these offers really generate money for malware developers. The scam also opens the door for the installation of bad software. Remember only download software or games direct from a developers web site or from the Apple or Google stores. Don’t click on links that promise to take you there.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon