Cyber Security Today: Dec. 3, 2018 –Lock down those databases, watch for updates from Sennheiser and Zoom

Lock down those databases, watch for updates from Sennheiser and Zoom

Welcome to Cyber Security Today. It’s Monday December 3rd. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

On Friday Marriott Hotels admitted that for four years someone had access to the customer database of many of its Starwood brands, including Sheraton and W Hotels, and copied personal information on 500 million customers. If you’ve stayed at one of these hotels by now you should have got an email notice and are watching your credit card statements.

But thieves don’t always have to break into a company to steal data. Sometimes it’s sitting on the Internet in plain view because it hasn’t been protected. Another example was discovered last week when security researchers at HackenProof found a company’s database of more than 56 million U.S. citizens listing their names, employers, job title, email, address, phone number and Internet address. They did it by searching the Internet for open servers. This particular database had been assembled using a tool called ElasticSearch, which companies use to search through their data. However, the resulting file or files have to be locked down or anyone can find them if the server they’re on is open to the Internet. That means IT staff need to train employees using ElasticSearch on security principles, and the server has to be password protected. As this example shows, sometimes the message doesn’t get through.

Here’s another example: Also last week, a security researcher discovered another ElasticSearch database open, this one owned by a British company called Urban Massage, whose app is used to book massage appointments. Left exposed were about 300,000 user and therapist records and comments, including serious allegations of impropriety. Again, some staffer didn’t get the message about security.

Sennheiser is one of the most respected makers of headphones, but there’s a problem with the HeadSetup software used with its computer-connected headphone and speakerphones. Quite simply, one of the security features was poorly implemented. According to the security company Secorvo, which found the problem, the bug could allow an attacker to get into a user’s computer. Sennheiser said a fix would be available by the end of November.

Finally, if you use the Zoom desktop conferencing application make sure you’ve installed the latest update. A bug has been found that allows an attacker to hijack screen controls, spoof chat messages or kick and lock attendees out of meetings. The upade is available for Windows and MacOS.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast