CWelcome to Cyber Security Today. It’s Wednesday September 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Someone at Microsoft got a little careless earlier this month. A researcher at a security firm called WizCase discovered an unsecured server that stored data on millions of people who used Microsoft’s Bing search engine with a mobile app. The database apparently had been password-protected until the first week of September, when it seems someone made a mistake. If you knew where to look you could see internet searches of lots of people. Their names weren’t in the database, but it did have details about the devices people were using and the GPS co-ordinates of some. A determined criminal could figure out who was searching for sensitive topics like adult content. This information could be used for phishing or embarrassment.
Many of you are now working from home because of the COVID pandemic. That means there’s an increased risk of being targeted for a cyber attack there rather than the office, where your network security is better. Or you’ll make a slip and click on something. So, how will you know if you’ve been hacked at home? The U.S. National Security Agency has prepared a four-page information sheet listing 22 signs something is wrong, and what to do about it. It’s aimed at federal employees, but the rest of the world will also find it useful. Signs you may have been hacked include obvious things — you can’t log in because your router password has been changed — and not so obvious things — like your smartphone gets hot even though you don’t use it. As for what you can do, it depends on how bad things are. You may be able to solve things by changing passwords. Or you may have to disconnect a device from the Internet. It’s not a comprehensive guide, but it’s a useful start. There’s a link to the document here.
In case you don’t know, there are good-guy hackers as well as bad-guy hackers. Good guy hackers work for security firms or on their own, and part of their time is spent looking for software vulnerabilities in other people’s applications. Smart companies pay bounties to people who find these bugs. Then they can patch the software. How much can you earn? According to a report this week from a company called HackerOne, which runs a platform that software companies can subscribe to to run their bug bounty programs, last year more than 50 white-hat hackers earned over $100,000. There are over 830,000 good guy hackers registered on the HackerOne community. Obviously not all earn big bucks. But they have no trouble finding big and small bugs. Those registered on the HackerOne platform helped find and resolve about 60,000 vulnerabilities last year. Other platforms that companies can subscribe to include Bug Crowd and Cobalt Bug Bounty. Some companies operate their own bounty program.
Finally, a man from the United Kingdom has been sentenced to five years in prison and ordered to pay $1.4 million in restitution after pleading guilty in a U.S. court to conspiring to commit aggravated identity theft and computer fraud. Nathan Wyatt was part of the computer hacking gang called “The Dark Overlord” which targeted victims in the St. Louis area starting in 2016. Data was stolen from healthcare providers, accounting firms and others. Then the gang threatened to publicly embarrass the companies by releasing the data unless they paid a ransom of up to $350,000.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon