Cyber Security Today: Oct. 17, 2018 –Fake Adobe Flash update, phony digital mining app, protect against support scams

A new spin on fake Adobe Flash updates, watch for phony digital mining apps and protection against support scams

Welcome to Cyber Security Today. It’s Wednesday October 17th. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

I’ve warned about your computer being hijacked by attackers and used to secretly mine cryptocurrency for their benefit. Security vendor Palo Alto Networks has found a new way this is being done: By using an update to Adobe Flash to secretly implant the cryptocurrency mining software on your computer. No kidding: It really does update Flash, but it also installs bad software. Adobe Flash for running multimedia has long been used by criminals as a lure to downloading malware, and it regularly needs security updates. This latest scam is another version of the trick. The safest way to update Flash is to go to the Adobe web site and find the update page. If you’re using good anti-malware or anti-virus software it should detect phony Flash updates. But remember, when installing anything you download it should verify the publisher in a popup message. If it says the publisher is unknown, say No to the installation.

Sometimes people are willing to use their computers for crypto mining and willingly download mining apps. That, too, can be risky. This week security vendor Fortinet drew attention to suspicious apps in the Google Play Store claiming they can be used to mine Ripple, Cardano, and Tether digital currencies. That’s a lie: You can’t mine those currencies. What the apps really do is push ads to your smart phone or tablet, which could be malicious. Before downloading a mining app, look for reviews to make sure it’s legit.

Tech support scams are another common way hackers get you. For example, they phone and claim to be Microsoft and have found a security problem on your computer. Or they make a fake error message pop up when you visit a web site to trick you into calling a support number. As part of Cyber Security Awareness Month, this week Microsoft released numbers on the problem. Sixty-seven per cent of Canadians surveyed have received a phony tech support pitch. As many as three per cent of them fell for it and lost money.

Here’s how to protect yourself:

–Be wary of any unsolicited pop-up message on your device; don’t click on it and don’t call the number.

–Microsoft will never call you out of the blue

–Never give control of your computer to a third-party unless you can confirm that it is a legitimate representative of a computer support team of whom you are already a customer.

Finally, are you an online subscriber to Western Union, Shopify, Yelp, Tinder or Imgur? Then you should consider changing your password. That’s because a security rating site called vpnMentor discovered a bug in a third party application that these and other companies use. Perhaps as many as 600 million people around the world subscribe to these sites and could be affected by the vulnerability.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast