Cyber Security Today – NAS passwords, ransomware and why police are ringing

Password warning for network-attached storage devices, more ransomware victims and the connection between police and Ring home surveillance cameras.

Welcome to Cyber Security Today. It’s Monday July 29th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.

 

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 Do you have a network-attached storage device? If so, make sure your passwords are strong. According to news reports NAS devices are increasingly being hacked. Network-attached storage devices are boxes with several hard drives that expand the data storage for home users and small businesses beyond what a single computer holds. Earlier this month there was a report of a particular strain of ransomware going after NAS devices made by a company called QNAP. More recently a manufacturer called Synology is warning customers to strengthen passwords on their network storage devices. This comes after the discovery of what are called brute force attacks on NAS devices. This technique uses tens of thousands of hijacked computing devices to bombard a target login page with lists of stolen passwords until one works. The attacker is hoping you use a password they’ve stolen for more than one device, or use an insecure password. So if your storage device allows, block attempts to log in after several failed login attempts, disable the default administrator account and most importantly make sure you have a strong, unique password.

Another oopsy moment: The stock trading site Robinhood Financial has admitted some customer passwords were temporarily stored in an unscrambled format. If hackers had seen them the passwords could be read. Robinhood is urging all subscribers to reset their passwords. And if you haven’t done so already, enable two-factor authentication as extra protection.

Communities around the world are still unprepared for the possibility of being hit by ransomware. Last week the governor of Louisiana declared a state of emergency after four school districts were victimized. The declaration allows the state to devote resources to help school boards. A hospital and a steel plant in Alabama were hit last week. Meanwhile, in South Africa the city of Johannesburg is recovering from a ransomware attack that prevented as many as 250,000 customers from buying electricity using prepaid vending machines. And the mayor of the city of Baltimore, which is still recovering from an attack in May, posted a question and answer page on the incident which said so far it has spent $5 million on equipment and consulting services.

Experts say the best defence against ransomware is to have backup systems.

Ever have a policeman recommend you get an Amazon Ring home surveillance camera? There may be a reason the officer suggested that particular brand: The force may have quietly struck an agreement with Amazon to promote the product. The news site Vice.com says dozens of police departments in the U.S. have partnered with Ring. However, until now details of the deals have been secret. Vice got hold of an agreement with a Florida city and found one of the terms is the force has to “engage” the community with outreach efforts on the platform to encourage adoption of the platform and its Neighbors app. The police department also gets a number of Ring devices to give away. For every person who downloads the app, the police force gets more free Ring cameras. The force also gets to create a portal where people can upload their Ring surveillance footage to police. Ring says the goal is to make communities safer. One law professor interviewed says the goal is to create a community of surveillance and fear.

Finally, if you use Comodo Antivirus software, the company is expected to release a bunch of security updates today to fix a number of serious vulnerabilities. Watch out for these updates.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast