Cyber Security Today – Security advice for students; Two open databases full private date found; Six bad Android apps discovered

Security advice for students, two open databases full of personal information found and six bad Android apps discovered.

Welcome to Cyber Security Today. It’s Friday September 4th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Students are heading back to school this month, but because of COVID a lot of them will still be learning online — either full or part-time. Dave Masson, director of enterprise security at Darktrace, reminds students that crooks are still trying to take advantage of people’s fears about the pandemic, sending emails with offers to sell pandemic-related supplies like masks. What they really want with these and other pitches is to steal passwords. In an interview he urged students and parents to take basic precautions with their home computer systems to prevent being taken advantage of. That includes making sure the default password on home internet and WiFi routers are replaced with secure passwords. In some cases — for example, a parent working from home on sensitive material — it might be safe to have separate Internet providers for youngsters and adults. Just as important is to ensure everyone in the family uses a password manager and strong and different passwords for every site they log into. Finally, it may be necessary for students to use a virtual private network for added privacy when logging into a school network. They should check first with their school board because a VPN may interfere with video conferencing. But certainly a VPN should be used when connecting devices to public WiFi networks in malls and restaurants.

Another clumsy employee apparently left a huge pile of personal records left open on Amazon storage. The news site CyberNews discovered the unsecured database of 23 million Americans held by an online marketing company called View Media. This data included peoples’ names, addresses, email addresses and phone numbers to be used for marketing campaigns by customers. There were also business documents. Companies use Amazon compute and storage services to run their businesses or for extra computing and storage power. Either way, data stored has to be strongly password-protected. It isn’t known if this open database had been found and copied by criminals and then used for spam and identity theft.

More serious is word that a U.S. cellphone carried called Assist Wireless left tens of thousands of customer documents open on the Internet. Found by a security researcher and reported to the TechCrunch news site, the documents included images of drivers’ licences, passports and Social Security cards. Customers would have submitted them to sign up for services. Assist Wireless provides free government-subsidized cellphones to low-income Americans. The carrier told the news service the problem was with a plug-in to its IT system for optimizing images. By default the plugin backs up images in a separate folder. But this backup folder was open for anyone to see if they knew how because it wasn’t secured.

Another plugin problem has been discovered. Again it affects the WordPress content management platform that a number of web sites use to put things online like news and blogs. A security company called Wordfence warned this week of a vulnerability in a plugin called File Manager for WordPress. It could allow a hacker to infiltrate a WordPress site and wreak havoc. This plugin has been installed in over 700,000 sites, so administrators should install it fast.

A 26-year old Colorado man was sentenced this week to 11 years in prison for being a moderator of the AlphaBay online criminal marketplace. It sold stolen identity information, credit card numbers, guns, drugs and other illegal material. As a moderator Brian Herrell settled disputes between buyers and sellers. He also watched for attempts to defraud marketplace users. In 2017 a Canadian living in Thailand and believed to be the founder and overall administrator of the marketplace was arrested. Not long after he was found dead in his cell. Police said he committed suicide.

Researchers at security company Pradeo are urging Android users to delete six apps discovered to have malware. These apps trick users into paying for unwanted premium services. These apps are called Safety AppLock, Convenient Scanner 2, Push Message-Texting &SMS, Emoji Wallpaper, Separate Doc Scanner and Fingertip GameBox. This is a reminder to those loving mobile apps: Just because an app is in a reputable store doesn’t mean it’s safe. Some bad ones slip through. As always, read reviews carefully. It helps to get an opinion from someone you know who has already downloaded an app.

Finally, because Monday is the Labour Day holiday in Canada and the U.S., my next podcast will be on Tuesday. Until then, have a great long weekend.

Remember links to details about many stories can be found in the text version of each podcast at ITWorldCanada.com. Subscribe to this podcast on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now