Cyber Security Today: Sept. 28, 2018 — Canadian government data breaches, kill that Android app, Web site woes for US government

Report on Canadian government data breaches, kill that recorder Android app and Web site woes for U.S. government

Welcome to Cyber Security Today. It’s Friday Sept. 28th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Do Canadian federal employees take privacy problems seriously? Maybe not, if the latest annual report from the country’s privacy commissioner is any guide. The report notes that officially it received 286 data breach reports in the last fiscal year. However, the government told Parliament it had suffered many more. It is obvious that some material breaches go unreported and, more importantly, others likely go entirely unnoticed in many institutions, said the report filed Thursday. The privacy commissioner did a survey of a few departments. Many admitted that their employees don’t fully grasp what constitutes personal information and their obligations under federal law, said the report. Here’s an example: When asked if they would consider a lost valid passport to be a material privacy breach, some answered: “yes,” some said “no”, and some said “it depends”. The government said it will soon release new rules for employees to make sure they understand their obligations.

Do you have an Android app on your smart phone called QRecorder that allows you to record phone calls? If so delete it, because its malware. Its real purpose is to give hackers the ability to get at your bank password if you do any banking with your phone. It worked even if you had two-factor SMS text authentication. This app has now been removed from the Google Play Store. Although it appeared to mainly target banks in Germany, Poland and the Czech Republic, it could have been used against other banks. It’s another reminder that the fewer apps you have on your smart phones the better.

Stealing personal information through phishing is one of the major ways attackers toy with victims. Playing around with web sites is another. This week it was learned a site of the U.S. Department of Agriculture was hacked, allowing the posting of articles on marijuana, video games, and beauty products. Apparently the way the attacker got in was by compromising a web form on a page, which is how another group of hackers I reported on recently was skimming off credit card numbers as they were being entered for purchases. This month security vendor SiteLock issued a report reminding web site operators they have to follow basic security practices: Make sure all security updates and patches are installed as soon as possible, protect sites with a web application firewall and make it hard for attackers to take over administrators’ accounts by using strong passwords and two-factor authentication.

SiteLock analyzed 6 million web sites recently and found nine per cent had at least one vulnerability.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast