NordVPN hacked, Alexa and Google Home vulnerabilities, and update these antivirus apps.
Welcome to Cyber Security Today. It’s Wednesday October 23rd, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To play the podcast click on the arrow below:
People worried about the security of public Wi-Fi hotspots in restraurants, hotels, airports and the like may turn to an app called a virtual private network, or VPN, for protection. It creates an encrypted channel through which your Wi-Fi communications goes. Well, on Monday one of the biggest providers, NordVPN, admitted it was hacked. The incident took place over a year ago, in March 2018. It isn’t clear what the attacker got. The company says it doesn’t collect any user data. It told the news site TechCrunch that the particular server that was hacked didn’t have usernames or passwords. Nor, the company says, could the attacker have broken into VPN traffic on another server.
Assistants like Amazon Alexa and Google Home can be fun and useful. But if they’re not monitored they can also be privacy threats. German security researchers proved this by creating apps for these smart speakers which either eavesdrop on users. Or they can be used to steal your passwords with a phony request for a password to install an update. So you’ve got to be smarter than your smart speaker. Security vendor Tripwire recommends Google Home users enable accessibility tones. With this setting a Google Home device will always play a chime to let you know it is listening and then another chime to let you know it has stopped listening. Meanwhile Amazon and Google told the news site Ars Technica that they are now carefully watching apps they approve to make sure these types of attacks can’t happen.
What you post on social media may come back to bite you if criminals use things mentioned to impersonate you to a bank or utility. Wired.com has a good article on securing four of the most popular sites — Facebook, Instagram, Twitter and Snapchat. For example, on Facebook you can set up a list of specific friends who can see posts. Check it out at Wired.com.
If you use Avira, Avast or AVG Antivirus products make sure you’re running the latest versions. Security vendor SafeBreach says it has discovered vulnerabilities in both of these applications.
Finally, for the past two days I’ve been covering the annual security conference of the Municipal Information Systems Association of Ontario. MISA represents IT workers employed by cities and towns. You’ll find my conference stories today and tomorrow on ITWorldCanada.com. And I’ll have a few highlights on Friday’s podcast.
That’s it for today’s podcast. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon