Patch Chrome browser now, Marriott supplier hacked, warning for QNAP NAS users and why patching is vital.
Welcome to Cyber Security Today. It’s Monday November 4th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
To start, those of you using the Google Chrome browser need to immediately do an update. A new version was issued Friday to fix two serious bugs. Click on the three dots in the upper right corner of the browser, go to Help, and then About Chrome.
Organizations use a lot of partners and suppliers for various services. So it’s important that these suppliers have top-notch security because if they’re hacked the sensitive information they hold can be copied. Well, Marriott Internation, parent of the hotel chain, admitted last week that’s what happened. In September someone hacked a company Marriott used for receiving official documents like subpoenas and court orders. As a result, the attacker got personal information on just over 1,550 peoples including names, addresses and Social Insurance numbers. Marriott calls these victims associates, which doesn’t make it clear if they are employees or people who had dealings with the company. As a result of the incident Marriott says it no longer works with the supplier. As for the victims, they are being offered one year of identity protection from a credit-reporting agency.
Owners of QNAP network-attached storage devices, which are units that hold multiple hard drives, are being warned of a targeted infection. Malware is spreading that can steal the usernames and passwords of those using QNAP storage devices. According to the news site Bleeping Computer, security researchers have seen infected machines in Germany and Finland. It’s not clear yet how the machines are infected with the malware, dubbed QSnatch. Apparently infected machines can be cleaned by doing a full factory reset that will unfortunately also completely erase the data stored on the compromised device. Once the malware is removed, all user passwords need to be reset, access should be limited and all unknown user accounts should be deleted. In addition, all QNAP NAS firmware should be updated.
It’s a pain for companies to keep track of and update all the Internet-connected computers, servers, routers, storage devices and more that they control. But hackers hunt for devices that are behind in security updates because they’re great ways to break into systems of organizations, and computers of individuals. Here’s an example: A Utah renewable energy provider was knocked off the electric grid earlier this year when a hacker crashed an unpatched firewall. Last week an energy industry news site called E&E News identified the victim company as sPower, which provides solar and wind electricity. According to news reports, the guess is stopping the generation of power wasn’t the goal of the attacker because after the firewall crashed the attack stopped. Regardless, it’s another lesson to organizations that patching as soon as possible is vital. That’s if you didn’t get the lesson last year from the huge data theft at credit reporting agency Equifax, where an unpatched server was how the breach started.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon