Mobile phishing attacks on the rise, you may soon be able to forget passwords and patch your Windows.
We’re bringing you the latest cyber security news Welcome to Cyber Security Today. It’s Friday April 13th.
 |
 |
 |
Many people use mobile devices like smart phones and tablets. But in a new report security vendor Lookout Inc. warns they aren’t as well protected as company-controlled desktop computers.
Lookout did phishing tests of its customers with mobile devices between 2011 and 2016. Just over half of recipients clicked on a phishing URL sent to them. In fact, the company says, it’s easier to trick people into falling for phishing attacks on mobile devices than it is on PCs. One way is by making a phony app page, which hides the fake URL people might be looking for. The unwitting user clicks on a button to enter their password and is stung.
How can you protect yourself? If your company has a bring-your-own-device policy, ask about its mobile device protection. If it doesn’t have a policy, consider adding malware protection to your device. And be careful of links you receive not only in email but also in text messages and social media.
Using passwords to log onto sites and applications can be a chore, in addition to being risky — so many passwords to remember. It may become easier soon. SecurityWeek reports that Microsoft Edge, Google Chrome and Mozilla Firefox web browsers may be approved shortly to handle an upcoming password-less solution. A standard called Web Authentication has been built by the FIDO Alliance of software companies and the World Wide Web Consortium for browsers. It’s in the final stages of approval. Web Authentication has already approved for Windows, MacIntosh, Linux, Chrome OS and Android platforms. Solutions built on this standard will allow smartphones, fingerprints or eye scanners to be used to log into sites. Goodbye passwords, supporters hope.
Finally, this week Microsoft’s April Patch Tuesday saw the disclosure of 64 bugs, 24 of which were labelled critical, along with a bunch of fixes. That’s on top of a non-scheduled Windows update issued last week. Trend Micro notes this week’s patches cover problems with the way Windows handles fonts, a flaw in Microsoft Wireless Keyboard 850 that leaves an opening for a nearby hacker to read keystrokes and another bug that can let someone hijack a vulnerable system and modify or delete its data and programs.
So make sure Windows is set to automatically download fixes, or if you prefer to do it manually, make sure it gets done today.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, your Alexa Flash Briefing or wherever else you listen to podcasts. Thanks for listening.