Open database on eight million Americans discovered, advice to Asus computer owners on security incident and news on hactivists.
Welcome to Cyber Security Today. It’s Monday May 19th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. It’s a civic holiday in Canada today, so thanks for listening.
Another one of those darn unsecured databases full of personal information has been found on the Internet. This time it apparently has data on eight million people in the U.S. who participated in online surveys, sweepstakes and requests for free product samples. You fill in your name, address, phone number and email address, and you may get something. But according to the news site Bleeping Computer, the database a security researcher came across also had sensitive data like dates of birth and gender. The database belonged to a marketing company called Ifficent that was collecting and processing the information. You and I might think this is sensitive information. Not this company. Why? Because, the company said, it didn’t have social security numbers, credit card numbers or state ID numbers. Still, it was notifying affected people where U.S. state law requires. Meanwhile, companies have to get tougher on clumsy employees.
Do you have an Asus computer? Do you use the Asus update service or its WebStorage cloud service? If so, you should run an anti-virus or anti-malware scan on your machine. The company has acknowledged that last month it discovered a security incident involving its WebStorage update server. This came after security vendor Eset said it found malware on some customer computers that had been delivered through Asus WebStorage. There was no explanation from Asus of how it was victimized, but make sure you do a scan.
People who launch cyber attacks against organizations for social causes are called hactivists. Usually, their goal is to shame or harass, not to steal. One of the biggest groups doing this was called Anonymous. However, a new report from IBM’s X-Force threat intelligence service says hactivism activity has plunged since 2016, when Anonymous split apart, and a number of hactivists were arrested. One became an FBI informant. Still, IBM is reluctant to say hactivism is over. More likely, it says, this is just a lull. And there is the question of whether some things seen today, like attacks on news or government web sites, are from social activists or part of low-level cyber war by a country.
Finally, IT security pros whose companies use the Slack collaboration tool should make sure the latest version has been installed. A security company called Tenable discovered a bug that could allow an attacker to steal or manipulate documents. The patch was released last month. And IT should also be on the lookout for patches from Intel, Apple, Linux distributors and Microsoft to fix bugs in Intel processors.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon