Ring security cameras may not help police, VPNs at risk and beware of fake Epic Games launchers.
Welcome to Cyber Security Today. It’s Wednesday February 19th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Amazon’s Ring doorbell security cameras give users a feeling of better home security, but there’s little evidence they make a neighborhood safer. That’s the conclusion of an NBC News survey of municipalities where Ring partners with police departments. To boost sales Ring does deals with police to promote their product. Ring says the cameras can help reduce crime and assist with investigations because subscribers can upload video to police. However, after interviewing 40 law enforcement agencies in eight U.S. states that partner with Ring, NBC found few departments willing to say Ring videos help lower crime rates. Thirteen of the 40 police departments said so far they have made no arrests as a result of Ring videos. Others said they don’t keep statistics and have no idea how effective front door video clips are to their departments. Three said their cops waste time reviewing the video clips of non-criminal things. There is conflicting evidence about whether porch video deter thieves from stealing packages left on a doorstep.
A virtual private network, or VPN, is software that creates a protected tunnel within network connections for safe communications. That’s how you can be safer using public Wi-Fi for checking email and banking. Well, corporations use VPNs so employees can connect back to their offices from outside locations. But according to a new report, companies haven’t been securing their VPNs very well. A security company called ClearSky says attack groups have teamed up to hack into and steal information from dozens of companies around the world for the last three years. The technique for many of the attacks is to exploit unpatched vulnerabilities in the VPN and in remote desktop protocols in most operating systems. In other words, they’re going through a back door. ClearSky suspects this team effort uses groups based in Iran. But it’s a technique that’s also being used by criminal groups. So, companies that use VPNs and remote desktop access, have got to make sure these tools are secure and patched as soon as vulnerabilities are identified.
By the way, if you want to download a personal VPN for your computer make sure it comes from a legitimate website. Security researchers at Kaspersky have discovered a fake website for the ProtonVPN that mimics the real one. People have been going to it after falling for phony online ads for ProtonVPN, then downloading infected software. The news site Bleeping Computer notes criminals have also used this trick to make a fake copy of the NordVPN website.
Exploiting holes in Windows and other Microsoft products to infect computers is a common tactic by attackers. So is going after popular digital games. A report from security vendor Trend Micro warns that hackers have created a fake version of the games launcher for Epic Games. Epic makes games like Fortnite, Borderlands and MechWarrior. The fake installer has an Epic Games logo. What it does is install malware to harvest sensitive data such as passwords as well as cryptocurrency information. Gamers should also note in the past there have been reports about fake installers for Steam games. Make sure the installer you have is from the real Epic or Steam websites.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon