No party for this Christmas email, don’t buy pricey sneakers and more product security updates
Welcome to Cyber Security Today. It’s Wednesday December 18th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
Criminals, as usual, are taking advantage of the holiday season to send out Christmas-themed email they hope will trick you into opening poisoned attachments. A security company called Cofense is urging people to be wary of messages with subject lines like “Christmas Party,” “Christmas Party next week,” “Holiday schedule” or similar. The message may look legit because it’s been sent from an email address of someone you know. Don’t be fooled: The attackers may have cracked someone’s email and are sending these dangerous messages to everyone on the contact list. The attachment promises to be things like a menu for the Christmas party. It really contains malware. One other clue: Some messages also urge recipients to wear their tackiest or ugliest Christmas sweater. If in doubt, speak — don’t email — to someone to confirm the message is real.
Last week I warned there are websites selling counterfeit or non-existent running shoes with deceptively low prices. Today I want to tell you how criminals buy up valuable sneakers online before most consumers so they can resell them with inflated prices. According to a report released Tuesday by a company that sells corporate security solutions called PerimeterX, criminals do it with technology. Automated software lets them buy up large numbers of sneakers from big brands like Nike and Adidas. This has been going on for years because sneakers are very popular consumer goods. Criminals know lots of people are willing to pay almost anything to impress friends with desired footwear, especially if it’s a limited edition. So they assemble or buy tools, infect people’s computers and use them chained together to in effect create a massive computer or bot. These sneaker bots can bombard manufacturers’ or retailers’ websites to automatically buy up stock for resale on sites controlled by criminals. The result? Those running shoes you want are hundreds of dollars more than the list price on those sites. Retailers can buy technology to fight bots — and that’s the point of this company’s research, because it sells those products. Meanwhile, consumers can fight back too by refusing to pay inflated prices for products. Buy only from brand-name and trusted websites.
Finally, several companies have recently issued security updates for products. Here’s a few to watch out for:
–Users of WhatsApp for texting should make sure they’re running the latest version. A problem has been corrected that could allow an attacker to obstruct access to a group of users.
–Network administrators who use the PRTG Network Monitor software should immediately get the latest version. It closes a password-related vulnerability.
–TP-Link, which makes Wi-Fi routers, has issued security patches to close a serious vulnerability in the device’s firmware. Those models affected are the Archer C5, the MR200, the MR400 and the MR6400. To update you’ll have to go into the device’s administration panel. Check the instruction manual to learn how to do it. And a reminder to all router and modem owners: From time to time go to the web site of the manufacturer of your device and check if there any updates. If your router or modem is a few years old and the manufacturer no longer supports it, consider buying a new one. This is the holiday season and there are sales.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon