Cyber Security Today: More weak passwords, a key to security and compromised web sites

More weak passwords, a key to security and compromised web sites

Welcome to Cyber Security Today. It’s Monday April 15th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast click on the arrow below:

 

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Trend Micro has discovered a new piece of malware that tries to install a hidden program on your computer to mine for cryptocurrency. So it secretly uses your computing power to benefit a criminal. The best ways for you to avoid being infected are to make sure all your software is regularly updated, be careful about the links you click on in email, the web sites you go to, and use strong, original passwords for logins. What I want to point out is the attack starts with the malware automatically trying to log in to your computer using a list of common, weak passwords. Here’s a few on the list, passwords you must avoid: 123456; password; football; welcome; login; hello; admin; abc123 and keyboard letters in a row, like qwerty. Now, if trying these and other commonly-used stolen passwords don’t work the malware tries more sophisticated login techniques. But if you make it easy for criminals they’ll take advantage of you. So instead of passwords create easier to remember passphrases. As I’ve said before, use a password manager and, where possible, two-factor authentication.

One way to increase protection is to use a security key fob for two-factor authentication. You insert the key into a USB port in your computer and it completes and verifies the login. The security is the key can’t be tampered with or copied. You can get keys like this from a number of suppliers. Or you’ll soon be able to use an Android phone. This week Google started a beta test letting smart phones running Android version 7 and up to be used as security keys for logging into Google services, like Gmail. However, it only works if the computer you have has Bluetooth. That’s because the confirmation signal travels from the phone wirelessly to the device. So if you have a desktop computer this isn’t a solution unless you add a Bluetooth dongle. Otherwise consider a key from Yubiki or Google’s Titan key. Here’s a link to an article on keys from The Verge that explains more.

Criminals have found infecting web sites is a good way to spread malware. Last week security vendor Doctor Web said it discovered the official web site of the free video editing software VSDC had been compromised. The result is people downloaded malware that could steal their bank login. Worse, after the company fixed the problem attackers found a different way to compromise the VSDC web site to spread the malware. Apparently everything has been fixed now, but listeners who have VSDC software should use good anti-malware software to scan their systems.

Here’s another recent example: According to Bleeping Computer, a security researcher discovered one of the websites of electronic products manufacturer Uniden had been hacked. The attacker deposited a malicious Microsoft Word file on the page. Anyone visiting the page could have been infected. If it was an infected Word file, victims might have seen a message asking them to turn on “Enable Content.” Unless you are absolutely certain where the file comes from refuse to do that. Then scan your computer with a good anti-malware software. Meanwhile, companies have to do a better job of locking down access to their web sites so they aren’t unwittingly spreading malware.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast