Cyber Security Today: Dec. 17, 2018 — Attack on 2FA, new tool for hackers, watch those memes

Attack on two-factor authentication is discovered, a new tool for hackers is being sold on the dark web and watch those memes.

Welcome to Cyber Security Today. It’s Monday December 17th. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Two-factor authentication – that is, getting a second passcode from a smartphone or telephone to log into an account – is a good way to protect yourself. However, a report out last week is a reminder 2FA can be defeated if people fall for a scam. The report from a security company called Certfa says hackers have been able to compromise the Gmail and Yahoo mail accounts of people by sending fake alerts asking then to click on a link and re-enter their passwords and their second factor number. These messages look like they’re from Google or Yahoo. This scam also includes the ability for hackers to see in real time when victims open the message, so if they have two-factor authentication enabled that number gets stolen as well. One of the lessons for two-factor authentication users is don’t have the second factor sent to you as an SMS message, which can be intercepted. Instead, use an app like Google Authenticator or Authy for getting the second code. They can’t be intercepted. If you are worried and think you have to change your password, instead of clicking on a link go directly to your application settings and make the change there. And on a mobile device don’t use a one-tap verification.

A new multipurpose tool for breaking into Windows is now being sold in underground forums. Ensilo, the security vendor that made the discovery, has dubbed this tool Lordix. It has a number of capabilities including installing a secret code to use a computer for cryptomining, the ability to steal digital wallets that contain cryptocurrencies and the ability to avoid detection from anti-malware protection. If you’re a member of a security team take a look at Ensilo’s blog to get an idea of the signs to look for to prevent being victimized.

Finally, criminals use lots of ways to infect computers. An attachments in email is one. Infecting what’s called a meme, which is an image, a picture, a logo or smiley face, is another. Trend Micro is warning that it has seen two recent tweets on Twitter with malicious memes that take advantage of computers that have already been hit by malware. Each tweet had an unseen embedded command that could be used to take screenshots, collect information and steal filenames of an infected computer. Your best defence is good antimalware software.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast