A new version of bank trojan is infecting computers, update the Android ShareIT app and how to be a millionaire.
Welcome to Cyber Security Today. It’s Monday March 4th I’m Howard Solomon, contributing reporter on cyber security and privacy for ITWorldCanda.com.
To hear the podcast, click on the arrow below:
There are at least 1,700 computers in the U.S. and 58 in Canada infected with a new strain of the Qbot banking trojan that steals personal and corporate bank login credentials. That’s according to a new report from security vendor Varonis. There are also thousands of other victims around the world. The report says the usual way people get infected is by clicking on an emailed document that has malware. This particular malware looks for the anti-virus software on your computer to interfere with it. Then it does its dirty work, which is trying to get bank login username and password.
You can defend yourself by being careful before clicking on anything included in an email. Is the sender’s email address the one you usually see? Is the message legit? Are you expecting something from that person? Sometimes an attacker will have hacked the email of someone you know and send an email that way, so the sender will look right. But do they really need to send you a document? Finally, if your bank offers two-factor or multi-factor authentication, sign up for it. That way even if the attacker has your password, they don’t have the extra code the bank sends and is needed to complete the login.
Do you use the Android ShareIT app for sharing files music and videos? If so, make sure you’ve got the latest version. A serious bug was discovered and quietly patched a year ago. News is only coming out from the developer now because hackers have a tendency to try to exploit a vulnerability as soon as its revealed, and before people can install the fix. So, for those of you who haven’t updated ShareIT in a year, you could be in trouble.
Finally, strictly speaking a hacker is someone who tries to improve software code. Over the years the media has turned it into a term that’s synonymous with attacker. So there are good hackers. And, they can make good money from finding vulnerabilities in software made by companies and governments. How good? Last week it was announced that a teenager from Argentina is the first to earn a total of $1 million for almost four years of finding bugs through the HackerOne program. An American security consultant hit that total a few days later.
Over 1,000 companies around the world including, Microsoft, Google, Starbucks and Twitter pay for major issues found in their applications through management sites like HackerOne and BugControl. That’s good. It helps make applications secure. The bad news is that developers still can’t put out secure code.
That’s it for this edition of Cyber Security today. Around the time you’re hearing this I’ll be on my way to San Francisco to report on the big RSA security conference. My news stories will appear on ITWorldCanada.com, and I hope to do some special edition podcasting as well. In the meantime, IT World Canada editor Brian Jackson will be filling my place on Cyber Security Today’s regular podcasts on Wednesday and Friday.
You can subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon