Cyber Security Today – Open server found with peoples’ resumes, Alaska city gets lucky and watch for these updates

Open server found with peoples’ resumes, Alaska city gets lucky and watch for these updates

Welcome to Cyber Security Today. It’s Monday September 9th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

To hear the podcast, click on the arrow below:

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Many people post partial resumes online on sites like LinkedIn or on job sites, making sure some personal information like home addresses and phone numbers are left out. They save really detailed resumes for sites that offer more controlled access. Either way, resumes are a source of important personal information for criminals. So it’s worrying that a security researcher has found an open web server with a huge number of full resumes with personal information sitting unprotected on the Internet. These documents were apparently filed between 2014 and 2017. Some of them came from job site Monster.com. According to the news site TechCrunch, a Monster.com official said the server with the files was owned by a recruitment firm. Monster.com sells resumes to such firms. The spokesman said it is the responsibility of the companies buying that data to secure it — and those companies have the responsibility for notifying victims of a data breach. We can’t tell you who the offending company is, because no one is fessing up.

The Alaskan city of Unalaska has got lucky. The municipality recovered $2.3 million of the $2.9 million it lost after falling for a scam I’ve often mentioned in this podcast: Someone impersonated a company that the city deals with. The attacker sent an email to a city employee saying their firm’s bank account had changed, so please now send money to the new account. It took six weeks for the city to wise up. Then it called the FBI. Fortunately the feds were able to track and retrieve the bulk of the money. Usually criminals whisk the money away fast. The lesson is one worth repeating: Organizations have to put in strict rules for employees paying invoices. One rule should cover the safe way to verify requests when customers ask to change where payments normally go.

Attention software developers: If you use the PHP programming language make sure you update to the latest versions. They fix a number of serious security vulnerabilities.

Attention email administrators: If you use the Exim mail transfer agent there is a critical vulnerability that needs to be plugged. Upgrade to version 4.92.2.

Finally, tomorrow is the monthly Patch Tuesday for Microsoft products. Be on the lookout for updates to Windows and other software.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast