Watch those smartwatch trackers, warnings to eToro and Win7 users and Amazon tells staff not to use TikTok mobile app.
Welcome to Cyber Security Today. It’s Monday July 13th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Internet-connected smart watch trackers can be useful devices for keeping tabs on the elderly, children and even pets. But a cybersecurity company called Pen Test Partners warns many have disastrous security flaws. One model they recently tested could send a simple but dangerous text message to users: “Take pills.” If it’s a vitamin pill there’s probably little damage. But if the user has dementia and takes an overdose of medication it could kill. Fortunately, the manufacturer responded properly when warned and fixed the flaw within a few days. But the experience should act as a caution to buyers think about who these devices are for and if they can understand if it’s hacked and sends inappropriate messages. Think before buying a cheap device. It may come with a weak password that can’t be changed, making it easy to be hacked. If it does have a password make sure the user or their family changes it to something strong. Remember poorly designed devices can not only send the wrong message, they could also be used to track users or make phone calls. Location trackers can also be found in cars and motorcycles and could be used by a hacker to remotely turn the engines off. The security company believes the application it looked at has been downloaded at least 1 million times in western Europe alone.
I’ve talked before about the need to make sure crooks can’t take control of your smartphone by hijacking your phone. Usually they do it by impersonating a victim and singing a sob story to get their carrier to swap the victim’s mobile phone number to another handset. If the victim doesn’t have a tough password or fingerprint scanner on the device the crooks will be able to see all their email and possibly get into a bank account if the victim does mobile banking. Verizon customers now have a way to prevent account takeovers through a feature called Number Lock. It’s in the account section of the phone’s settings. Turn it on and your phone number can’t be ported to another device without permission. For those who aren’t Verizon customers, you can get the same protection by putting a PIN number on your account. No one can change your account unless they have the PIN number. Just make sure your PIN number is different from your phone’s password.
Users of the eToro financial trading platform are being warned to change their passwords and watch their accounts for suspicious behavior. This after news service Bleeping Computer reported that a person or group using the alias “Sheriff” is auctioning off 62,000 active eToro accounts with passwords, phone numbers addresses and balances on a cybercrime forum.
Coincidentally, the threat actor known as “Sheriff” was mentioned in a report last week by a security firm called Advanced Intelligence describing the workings of a ransomware gang called REvil. Usually organizations fall victim to ransomware when an employee clicks on a malicious email attachment, starting a chain of infections that results in the installation of ransomware. But according to the report, REvil works differently: This gang buys access to computer networks that other criminal hackers have broken into. One of those hackers is “Sheriff.”
By the way for all you network and security administrators listening, a favourite strategy of “Sheriff” and other hackers REvil deals with is to break into companies that use remote desktop access like Citrix and Windows RDP. Make sure these systems are patched and users are protected with two-factor authentication.
Windows users should have abandoned version 7 in January because Microsoft has stopped issuing security fixes. Here’s another reason why: A security researcher has discovered a bug in the Zoom videoconferencing software that could allow a hacker to get into Windows 7 and older systems. Zoom has patched the hole, but it’s another reason why you shouldn’t be using an old operating system
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.