There’s fake Kaspersky security software being spread, make sure your Apple devices have the latest security patches and be careful with mobile apps that control home devices.
We’re bringing you the latest cyber security news on today’s podcast with the help of our sponsor, Trend Micro. Welcome to Cyber Security Today. It’s Wednesday April 4th. I’m Howard Solomon.
The people of ancient Troy learned to beware of Greeks bearing gifts. You need to beware of people offering a USB key to use. It may be infected with malware masquerading as a version of Kaspersky Internet Security 2017, according to researchers at Cybereason. The malware steals passwords and keystrokes. After a computer is infected, the malware spreads to any portable drive that’s plugged in, like a USB key. The malware uses Google Forms to pull passwords out and send them to the attacker’s inbox. Google has been notified and this hole has been closed.
The lesson here is don’t take USB keys from friends, strangers or at computer shows. The only keys to trust are ones you buy at a reputable retailer.
Got an Apple device? Make sure it’s got the just-released security patches that fix bugs in macOS, iOS, watchOS, and tvOS, as well as Windows software. The biggest fixes are part of iOS 11.3 for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. The bugs could allow an attacker to run code on your device or steal data. The fixes for macOS deal with Sierra, High Sierra and El Capitan versions of the operating system. They deal with the possible exposure of passwords, letting an attacker see encrypted email and letting an attacker gain account privileges. If you haven’t already done so make sure your device has the latest patches.
Finally, security vendor Pradeo is cautioning smartphone users to be careful downloading mobile apps that control personal connected devices like home heating and air conditioning, lights, door locks, baby monitors and security cameras. The company recently tested 100 of these Apple and Android apps and found 80 per cent had software flaws. Fifteen per cent of those tested could lead to a remote takeover of the device. Some capture user data and send it to uncertified servers. These are apps that came from the Google and Apple App stores. Usually apps from these sources don’t have malware, but that doesn’t mean they don’t have vulnerabilities. Preadeo has warned these app vendors of the flaws. Meanwhile, users should check with app makers about what data the app collects and transmits.
Cyber Security Today is produced by IT World Canada. This episode was brought to you by Trend Micro – Smart, optimized connected security solutions for your connected world. Learn more at trendmicro.com. Subscribe to our program on Apple Podcasts, Google Play, or wherever else you listen to podcasts. Thanks for listening.