Cyber Security Today: Watch what you download, Facebook removes app, an Irish telco embarrassed

Verify the sites you download apps from, Facebook and Apple fight over an app and an Irish telco embarrassed after laptop theft.

Welcome to Cyber Security Today. It’s Friday August 24th. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

Here’s another warning about downloading desktop or mobile apps. Bleeping Computer has been told by Kaspersky Labs that an Asian cryptocurrency platform was hacked after an employee downloaded an app from a legitimate-looking website. The site claimed to be a company that develops cryptocurrency trading software. But the app was fake and loaded with malware. What’s interesting is there is a Windows and a Mac version of the malware. Just as bad is that somehow the app included a valid digital security certificate, a piece of code that supposed to verify the authenticity of the software. With a legitimate certificate the software would get past security software scans. So it seems the gang behind this created a phony software company as well as phony software. Kaspersky believes the North Korean-based Lazarus Group is behind this scam. My guess is people interested in the hotly-popular crypto currency craze are likely to download anything dealing with digital money. They need to be careful. For the rest of us, an important lesson here is to beware of downloading or buying anything on the Internet unless you know the source. It costs nothing for an attacker to set up a neat looking web site. But looks can be deceiving.

Facebook has removed its Onavo Protect application from Apple’s App Store after Apple concluded the mobile app violated its guidelines on data collection. The Wall Street Journal said Onavo Protect allegedly didn’t comply with Apple’s new rules implemented in June restricting app developers from collecting data from user information and selling it to third parties. Onavo Protect is a virtual private network, or VPN. A VPN creates encrypted tunnels for private communications. But like any app it can also collects user data. Facebook says it has always been upfront about what Onavo does, saying it analyzes your use of websites you go to, apps you use and data to improve Facebook products and services. According to the Hacker News, those Apple users who have Onavo can still use it, but they won’t get updates. There’s also Onavo for Android. Between the Apple and Android versions there have been 33 million downloads of Onavo. This is a reminder to everyone downloading or buying software: Ask if it collects data, how much and what it’s used for.

Finally, it’s not uncommon for people to take work home or on the road on a laptop. When you do, it’s vital your laptop be password protected AND encrypted if it has sensitive data, like personal information on customers or company intellectual property. But the Irish telecom provider Eir was embarrassed this month to discover that an employee’s stolen laptop that had the right protection could be compromised. Why? It said a faulty security update downloaded the day before the theft decrypted the data on 37,000 customer files. Those files included customer name; email address; their account number and a contact phone number. Security reporter Graham Cluley, who wrote about this on a blog for Tripwire, says blaming the fault on a software update is baffling. Be that as it may, the lesson here for companies is rather than let staff put sensitive data on a laptop, keep the data in-house and make remote users login to a main server with really strong credentials like multi-factor authentication. Think about a fingerprint or iris scanner or a specialized USB key. But anything more than just a password and username.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now