Cyber Security Today: Feb 8, 2019 –Update Android devices, Chrome browser protection for passwords, a sneaky email scam

Google issues its monthly security updates for Android devices, Chrome browser plugin offes protection for passwords and a sneaky email scam.

Welcome to Cyber Security Today. It’s Friday February 8th. To hear the podcast click on the arrow below:

 

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

It’s update your Android device time. This week Google announced its monthly security fixes have been sent to device manufacturers and phone companies to pass on to you. The worst problem could allow an attacker to get into a device if a user comes across a specially crafted PNG photo image under certain circumstances. As always, Google-branded phones get security updates fast but Android phones from other manufacturers may take longer to send updates to cellphone companies. In turn they often want to test the updates before releasing them to users. So it may be a few days before the update for your device is available.

One more thing: Updates are only available for recent versions of Android. Go into your settings and find the About section and check to see when the last time your device was updated. If you can’t update it’s time think about getting a new device.

Also this week Google announced a plugin to its Chrome browser that will give an alert if you try to log into a site with a stolen username and password. If it finds a match it prompts you to change the password. The plugin, called Password Checkup, automatically compares the credentials to an encrypted database that contains over 4 billion stolen usernames and passwords. Its available for download from the Google Chrome store here.

Finally, here’s another example of why you have to be careful with email on any device: A staff member at an Internet company called Akamai got a warning email on his smartphone that his Google account had been accessed from a new Windows device. Some services do that if they detect a person trying to login from an unfamiliar computer, phone or tablet. Suspicious because he had not done that, the employee looked at the email on a computer, which has a larger screen than a smartphone and can better display things like where the message came from. Sure enough, it was fake. The goal, of course, was to get him to click on a link that would have led him to a login page that looked like it was from Google. Then the attacker could steal his password.

Interestingly, that link went to a Google Translate page. Somehow the attacker was able to hide his scam through a real Google web site. This likely will fool people on a smartphone, but the real malicious address would show up on an easier to read bigger screen. By the way, not only does this attack try to get a sucker to log into Google, there’s also an attempt to get the victim who falls for it to log into a phony Facebook page.

So take your time and examine messages fully before taking any actions the sender asks, particularly logins and sending money. Does the message create a sense of urgency or fear? If so, be suspicious.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast