Cyber Security Today: LoJack can be highjacked, why fast patching is vital and free cyber awareness training

The LoJack mobile device location software can be hijacked, an example of why fast patching is vital and ESET updates its free cyber awareness training module.

We’re bringing you the latest cyber security news. Welcome to Cyber Security Today. It’s Friday May 4th. To play the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

 

Some laptop and tablet owners and companies use software called LoJack for tracking and recovering stolen mobile devices. However, this week Arbor Networks said it has discovered a sneaky way the software has been compromised: By using special agents that hijack the communication used between a device and LoJack’s parent company. That could give attackers backdoor access to machines running the software. With backdoor access, files could be copied or deleted. There are signs pointing to command and control domains suspected of being run by a group called Fancy Bear. Some researchers say Fancy Bear has ties to the Russian government.

After being warned, anti-virus software now scans for and identifies these malicious agents

Security experts regularly warn organizations and individuals about the importance of applying patches and security updates to software. That’s because one a bug is spotted by an attacker, an exploit is quickly created. I’ll give you a recent example of how fast: According to the SANS Institute, a security training organization, on April 17, 2018, Oracle patched a vulnerability in its WebLogic application server. Once word of that got out, it was only a few hours later that the first victim was compromised. The next day, technical aspects of the vulnerability were explained in a Chinese language blog post. And on April 19 a proof of concept exploit was released on the GitHub developers web site.

It isn’t easy for an organization to patch everything as soon as an update is released. Tough choices have to be made, and in some cases the patch has to be tested against other software used before being applied. But as a SANS Institute blogger noted, the time window between vulnerability disclosure and an exploit being released is shrinking more and more.

Making employees security-aware – not technology – is the heart of any cyber security strategy. But apart from lectures, how can an organization get the eye of staff? There are a number of resources online, including a free on-demand training program from security vendor ESET. The company said this week it has updated the course. New is a game-playing module that helps staff understand concepts and improve memory retention. The game challenges users to become a secret spy to protect a city from attack, while learning safe habits and channeling security assumptions. Registration is required.

Other free training courses come from Cybrary and Cofense to name a few. And the SANS Institue has free resources IT leaders can use to shape a course of their own.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast