Samsung pushes out patches to handsets, update your Signal messaging software, cloud security still wanting and a warning on shadow IT
We’re bringing you the latest cyber security news Welcome to Cyber Security Today. It’s Wednesday, May 16th. To hear the podcast, click play below:
 |
 |
 |
Last week I told you about bug fixes announced by Android as part of its May security bulletin. Well, over the weekend Samsung began releasing fixes for 27 vulnerabilities. Twenty-one of those are labeled as high severity. Handsets affected are the S9, Note 8 and S8 phones. Make sure you get them installed.
Those of you who use the desktop version of the Signal Messaging App should apply the latest patch. It fixes a bug in the Windows and Linux versions that could allow an attacker to get at messages. Meanwhile, a security researcher warns of a potential problem with the macOS version. Apparently it doesn’t totally delete messages.
According to a new report from cloud security vendor RedLock, there’s good news-bad news on the cyber security front. The good news is more organizations are implementing best practices to avert cloud account compromises. The bad news is staff are still doing stupid things, like putting sensitive company information on Web sites like the GibHub online developers forum. They also click on attachments that allow cryptomining software to be installed, slowing down everyone’s computer. There are a number of things the cyber security team should be doing. These include mandating two-factor authentication for those who need administrative access, and more closely monitoring outbound network traffic. RedLock also reminds administrators that patching PCs and servers is vital.
There are shadows lurking in every organization. Not areas without light, but so-called shadow IT – people who bring their own laptops, cellphones, tablets and sometimes WiFi routers and connect them to the corporate network. And their owners like using them for connecting to risky places infected with malware like social media sites, unofficial app stores and illegal movie sites. With that malware, hackers can jump from the personal device to the company network. According to a report released this week by Infoblox, 82 per cent of organizations surveyed have security policies detailing proper online behavior to deal with this threat. But a good chunk of employees admit they don’t know if their company has a cyber security policy. Many admit they don’t follow it. So Infoblox advises companies to deploy security software that restricts staff from going to certain Web sites. As for what you can do, check with your IT leader about what the company expects from you.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.