Password warning for network-attached storage devices, more ransomware victims and the connection between police and Ring home surveillance cameras.
Welcome to Cyber Security Today. It’s Monday July 29th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
Do you have a network-attached storage device? If so, make sure your passwords are strong. According to news reports NAS devices are increasingly being hacked. Network-attached storage devices are boxes with several hard drives that expand the data storage for home users and small businesses beyond what a single computer holds. Earlier this month there was a report of a particular strain of ransomware going after NAS devices made by a company called QNAP. More recently a manufacturer called Synology is warning customers to strengthen passwords on their network storage devices. This comes after the discovery of what are called brute force attacks on NAS devices. This technique uses tens of thousands of hijacked computing devices to bombard a target login page with lists of stolen passwords until one works. The attacker is hoping you use a password they’ve stolen for more than one device, or use an insecure password. So if your storage device allows, block attempts to log in after several failed login attempts, disable the default administrator account and most importantly make sure you have a strong, unique password.
Another oopsy moment: The stock trading site Robinhood Financial has admitted some customer passwords were temporarily stored in an unscrambled format. If hackers had seen them the passwords could be read. Robinhood is urging all subscribers to reset their passwords. And if you haven’t done so already, enable two-factor authentication as extra protection.
Communities around the world are still unprepared for the possibility of being hit by ransomware. Last week the governor of Louisiana declared a state of emergency after four school districts were victimized. The declaration allows the state to devote resources to help school boards. A hospital and a steel plant in Alabama were hit last week. Meanwhile, in South Africa the city of Johannesburg is recovering from a ransomware attack that prevented as many as 250,000 customers from buying electricity using prepaid vending machines. And the mayor of the city of Baltimore, which is still recovering from an attack in May, posted a question and answer page on the incident which said so far it has spent $5 million on equipment and consulting services.
Experts say the best defence against ransomware is to have backup systems.
Ever have a policeman recommend you get an Amazon Ring home surveillance camera? There may be a reason the officer suggested that particular brand: The force may have quietly struck an agreement with Amazon to promote the product. The news site Vice.com says dozens of police departments in the U.S. have partnered with Ring. However, until now details of the deals have been secret. Vice got hold of an agreement with a Florida city and found one of the terms is the force has to “engage” the community with outreach efforts on the platform to encourage adoption of the platform and its Neighbors app. The police department also gets a number of Ring devices to give away. For every person who downloads the app, the police force gets more free Ring cameras. The force also gets to create a portal where people can upload their Ring surveillance footage to police. Ring says the goal is to make communities safer. One law professor interviewed says the goal is to create a community of surveillance and fear.
Finally, if you use Comodo Antivirus software, the company is expected to release a bunch of security updates today to fix a number of serious vulnerabilities. Watch out for these updates.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.