Malware in comments on websites are spreading World Cup betting sites, don’t get boxed in by cloud storage and more Spectre bugs are found.
Welcome to Cyber Security Today. It’s Friday, the day after July 12th. To play the podcast click on the arrow below:
Criminals take advantage of big events to spread their malware. Soccer’s World Cup is no exception. But attackers are being more cunning, this time. Imperva reports that attackers are spreading malware through the comments sections of blogs and news web sites. The comments have nothing to do with soccer, but if you click on a link in the comment, you get sent to a World Cup betting site. The source is a botnet of 1,200 devices unwittingly being used to spread the comments. The lesson here is malware can not only be spread through email, but also text messages and supposedly innocent comments from people you don’t know. Take care in what you click on.
Cloud storage services like Box and Dropbox are great tools for transferring large files that might clog up email servers. Just upload the file, and let a recipient download it. But these services also make it easy for employees to steal files. The conviction this week of a U.S. electrical contractor accused of stealing secrets from a Navy contractor is another example of the problem. Prosecutors alleged the man uploaded thousands of files to cloud storage just before he moved to another job. The man’s lawyers are demanding a new trial. So what can companies do to prevent sensitive files from being stolen? First, they need a data classification strategy to identify files which shouldn’t be copied to USB keys, uploaded or emailed out of the company. Then they need what’s called data loss prevention software, which monitors and blocks files from going to forbidden places. Some endpoint software also comes with this capability. Behavior analytics may also help. If your organization has sensitive files this is a defensive capability you must have.
Finally, researchers have discovered two more variations of the computer processor bug called Spectre. These take advantage of vulnerabilities in recent processors that take a shortcut when executing a program to make applications go faster. Intel was reportedly grateful enough to the researchers for the discovery that it paid them $100,000. Doing something about Spectre and its related bug called Meltdown is a problem. Windows and Linux have issued some patches that help mitigate the problems, which may slow computers down a little. Google has quietly enabled a security enhancement called Site Isolation into the latest version of its Chrome browser. The feature was an option. Now its turned on by default. Google says it may slow the browser down, particularly if you have a lot of tabs open. But security is improved.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.