Install these security updates, and beware of phony QR codes.
Welcome to Cyber Security Today. It’s Wednesday, January 12th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
This might be called the security updates edition, because it’s a common theme in several stories.
Internet routers used by millions of small businesses and home owners could be at risk of being hacked because of a new vulnerability found in the devices. That’s the conclusion of researchers at a security firm called SentinelOne. They discovered a high severity flaw in a module many router manufacturers buy and include in their device. The module lets users plug in USB-connected devices, like printers. The vulnerability could allow an attacker to take control of the router. SentinelOne says manufacturers that use the troubled module include Netgear, TP-Link, DLink, Western Digital, Tenda and EdiMax. A security patch has been available to these companies since October. If your firm uses devices from these manufacturers check to see if an update is available.
SonicWall’s Secure Mobile Access 100 devices need to be updated. That’s because five vulnerabilities have been found. The most serious can allow an attacker to remotely take over these network access control devices. Patches were issued early in December. Researchers at Rapid7, who discovered the bugs and warned the manufacturer, this week published a detailed report on the vulnerabilities.
And a reminder: Microsoft issued a slew of fixes yesterday as part of its monthly Patch Tuesday. Adobe and SAP also issued patches for their products yesterday.
If you think your organization has been seeing more cyberattacks than ever, you’re probably right. Check Point Software says companies using its protection saw as many as 925 attempted intrusions a week in December, a record number. Too often, the report adds, attacks successfully penetrate networks by leveraging known vulnerabilities that have a patch that has not been applied. That’s why rigorous patch management is so important.
On Monday I reminded listeners to beware of receiving unexpected USB keys in the mail or by courier. These memory sticks can be used for transferring malware to your computer. Here’s another thing you should be careful of: Scanning QR codes just because they’re available. Scammers can easily create infected QR codes and paste them on bus stops, telephone poles or on top of legitimate QR codes in magazines, restaurant menus or store windows. In the latest tactic someone in Texas is pasting fake QR codes on public parking meters. The goal is to fool drivers into thinking they can pay for parking by scanning the codes. If a QR code looks like it has been stuck onto something, it may be a scam.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.