Today’s edition of my podcast focuses on updates: Fixes for a car app, Windows, Adobe and TP-Link routers are now available for you to look into
Welcome to Cyber Security Today. It’s Wednesday, April 10th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast, click on the arrow below:
Do you have a mobile app called MyCar for remotely locking, unlocking and starting your car? Well, make sure you’re running the latest version. According to the Carnegie Mellon University computer response centre, the old versions of the Android and Apple iOS apps had a bug that could allow someone to bypass your security password and get access to the vehicle. MyCar is a third party telematics system sold by Quebec-based Automobility Distribution. The security update was released in February.
Customers of a company called AeroGrow International, which makes so-called smart indoor home gardens for growing herbs, vegetables and flowers indoors, has been hit by a credit card data breach. The company said it discovered payment card information that customers entered online when buying products had been compromised. The hack may have started as far back as October 29 of last year. What crooks may have got was payment card numbers, expiration dates, and the CVV number on the back of credit or debit cards. The company is offering possible victims one year of identity protection services.
Attention owners of TP-Link Wi-Fi routers. If you have a TL-WR940N version 3 or TL-WR941ND version 6 make sure it’s got the latest security patch. Researchers at IBM have discovered a serious bug. These routers are no longer being made, but TP-Link has issued fixes. This is a good time to remind listeners that routers have firmware that may need to be updated, so regularly check the web site of the company that makes your router to see if a fix has recently been released. Find your instruction manual — or download it from the company site — for full instructions on how to check your device’s status. And while you’re at it make sure the access passwords are strong.
I’ve reported before on malware called Mirai, which is used to a botnet of thousands of unsuspecting Internet-connected computing devices for distributing malicious software. Mirai botnets can also be used to overwhelm home or business computers in what is called a denial of service attack. Well, in a report this week Palo Alto Networks says those behind Mirai have expanded the number devices it can infect. These devices include surveillance cameras, door locks, smart televisions but also industrial devices. Companies should make sure their IT systems can detect possible infections. Both companies and consumers should make sure their devices have the latest security patches and that — if possible — the access passwords on devices are strong to prevent them from being taken over.
Finally, yesterday Microsoft released a group of fixes as part of its monthly Patch Tuesday effort. These include fixes for 74 vulnerabilities in Windows and other products. Thirteen of these bugs are rated critical. If you have Windows Update set to automatically download patches, that will be done. Otherwise, open Windows Update and do it yourself. And Adobe released its monthly security updates to address 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. Check to make sure each of these applications are updated.\
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.