Cyber Security Today: A new way to spread malware and problems with a programmable credit card

 A new way to use Microsoft Office to spread malware, hackers move fast to leverage another Adobe Flash exploit, and problems with a programmable credit card.

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

Criminals often try to trick users into infecting themselves by opening a zipped Microsoft Office document attached to an email. The document has a link to a malicious website. Barracuda Networks said this week the latest scam is to disguise that link so it fetches the website not through a web browser but through a communications protocol called Samba. Then malicious code is downloaded. Often it starts with victims get a message with something like ‘Your bill is attached.’

One thing you can do it beware of web page links in messages that start with “file://” rather than the expected “http://”

Barracuda says employees also should be regularly trained and tested to increase their security awareness.

Adobe Flash has long been a favoured way for attackers to get malware onto your computer. You download what’s supposed to be a Flash update or a Flash-based presentation, and instead you’re infected. A new hole was just discovered and patched by Adobe. However, Security Affairs reports that a researcher has discovered the popular ThreadKit exploit kit used by hackers is already now trying to use that exploit.

What can you do? A lot of these exploits are spread through email, so you’ve got to be wary of opening messages with attachments. Savvy criminals may target you, so don’t assume that because a message is from your boss, a friend or a relative that it’s valid. Many people disable Flash as a precaution. Those who don’t make sure their Flash is updated from a reputable site.

Finally, a California company named BrilliantTS has a problem with its Fuze Card, a smart card with a programmable security chip that looks like a credit card. The idea is you program the chip with data from several of your credit cards so you only carry the Fuze Card. However, Ars Technica reports two researchers have discovered a way that uses Bluetooth to impersonate the Android app that loads credit card data onto the smart cards. BrilliantTS says a fix will be released April 19th.

The Fuze programmable card can be used in bank machines and POS devices

 

I don’t know if the card can be used in Canada. Your local bank or organization behind credit and debit cards has to approve its use for their processes. But it’s another lesson that there’s no quick fix for any problem in your wallet.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, your Alexa Flash Briefing or wherever else you listen to podcasts. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast