PayPal hit by scam, online businesses ignore threats, how hacking email spreads threats and more.
Welcome to Cyber Security Today. It’s Wednesday February 26th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
If you have a PayPal account linked to Google Pay keep an eye out for fraudulent charges. A few days ago people in Germany began reporting unapproved charges on their PayPal accounts. Some of these charges, which totaled over $1,000, were from payments made at Target stores in the U.S. PayPal has told the ZDNet news service that it has fixed the problem. Google Pay is a digital wallet that allows people to pay for things by taping a card reader with an Android smartphone, tablet or smart watch.
Many e-business companies still aren’t getting the message that they have to do a better job of securing their websites. A blog this week from security researcher Max Kersten lists dozens of companies whose sites have been corrupted by code that skims off credit and debit card numbers for criminals when consumers buy products. A lot of these sites are small or medium-sized businesses that sell clothes, rugs, children’s school supplies, musical instruments, pet food and toys. One big problem is many sites have no way for a person to contact the company to warn them of a website security issue. The other is it takes a long time for some companies to recognize and plug the hole. You can find the full list of companies here.
Not only do companies have to keep an eye open on their web pages for attacks, they also have to keep the lid on email attacks — and not merely because crooks want to read corporate email. Once inside they can use a company’s email to launch deep attacks on the firm. A security company called Cofense recently detailed how. A finance company’s email was hacked, then used to send a message to employees pretending to be from the IT department telling them to login and update their Office 365. The login page was fake. Anyone who fell for this gave away their username and password to the crook. The victim wouldn’t see anything wrong because the email came from a legitimate source. Fortunately the attacker made spelling mistakes so the scam could have been caught. But it’s another example of how the IT team has to constantly be watching for intrusions, and employees have to be watching for suspicious email and texts.
Attention Linux administrators: Security researchers have discovered a critical vulnerability in the OpenSMTPD mail server. If your company uses that mail server, make sure you have the latest security patches.
Finally, if you use Google Chrome browser a new security patch is being issued this week to fix some serious bugs.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon