Guide for Canadian small business, new Android bank malware and a new tool to help track trouble
Welcome to Cyber Security Today. It’s Friday March 29th. I’m Howard Solomon, contributing reporter on cyber security and privacy for ITWorldCanda.com
Big companies have big resources for tackling cyber security. So what can small and medium-sized businesses do? For starters, read the Canadian Centre for Cyber Security’s guide to baseline security controls. These are things your firm should be looking at to improve security. Released this week, it’s not a comprehensive list of what should be done — maybe your firm is too small to do them all. However, it’s worth reading to get an idea of what companies with fewer than 500 employees can do to lower the odds of being hit. Briefly, that includes making an inventory of all the hardware, software and data the company has, establishing the value of the data, developing a plan for detecting, monitoring and responding to incidents, and ensuring staff are trained on security. Good cyber security needs to be done in a methodical way. This guide will get you going.
You can find it here. The Canadian Centre for Cyber Security is the government’s one-stop place for cyber information.
Think that text message on your Android phone is from your bank? Think again. A Russian-based security vendor called Group-IB says it has discovered new malware that tries to convince users of Android phones they’re being sent messages from their bank or a cypto system like Bitcoin Wallet. Whoever is behind this is not only going after money in your account, they’re also looking for cryptocurrency. Perhaps as many as 27 American banks are being targeted, including Bank of America, JP Morgan, Wells Fargo, Capital One and TD Bank. When victims click on a link in the text message the malware is downloaded. Ultimately it tries to trick you into thinking you’ve connected with your bank. The malware can automatically fill in the password fields from data already stored on your phone. It also has techniques to bypass security. This is one dangerous piece of code. So not only do banks have to improve their apps, you have to be careful on what you’re clicking on when you get a text or an email.
Shodan is a search engine you might not have heard of. It indexes any device that’s connected to the Internet, from surveillance cameras to servers. It can tell smart users which devices aren’t secured, which can be handy for hackers. This week the company announced an extension of its paid service for businesses called Monitor. IT staff can use it to watch what’s being connected to the Internet from their company they might not know about. It could be handy for detecting unsecured databases and servers.
Attention network administrators: Cisco Systems this week released 24 security updates for products running its IOS XE operating system. Make sure your devices are patched. However, Cisco also warned of different vulnerabilities with two small business VPN routers, the RV320 and RV325. The company is still working on fixes.
Do you buy and manage video games through the GOG Galaxy Games platform? If so you need to update to the latest version as soon as possible. There are serious vulnerabilities that an attacker can use against your computer.
Finally, businesses should note vulnerabilities have also been found in Pydio 8, an open source file sharing and synchronization platform. Users need to update to the latest version.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.