Your digital profile for sale, Windows update trouble and a new twist on an old scam
Welcome to Cyber Security Today. It’s Friday April 12th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast, click on the arrow below:
You might think from headlines that the only things criminals are buying and selling are passwords and stolen credit card numbers. You’re wrong. According to security vendor Kaspersky what’s equally valuable is your digital fingerprint. That’s a collection of information about your computer, like its IP address, operating system version and other things along with your passwords and credit card information. Why? Because increasingly retailers, banks and other companies can legitimately see this data and are using it to verify it’s you trying to log in. If the person with this password has been using the same computer to log in before, it’s likely the right person. So criminals infect computers and scoop out little details they can use to better impersonate you online. Where can criminals buy digital fingerprints? At the Genesis Store. It’s an invitation-only site offering more than 60,000 stolen profiles. Prices range from five to 200 dollars per profile. With a stolen profile an attacker does have to connect to a target company with an Internet address from the victim’s general location, but armed with your device profile as well as your password it might be enough to get past the anti-fraud protection of a company.
How can you protect yourself? First, make sure your computer, tablet and smart phone have the latest security patches so its harder for malware to be installed. Be careful of what you click on in email. And where possible use two-factor authentication when using a credit or debit card online.
This week Microsoft released its April patches for Windows 7, 8 and 10. However, some users of Sophos and Avast protection products are reporting their computers freeze after installing the update. Bleeping Computer reports that Microsoft is blocking the updates for those who have Sophos Endpoint until a solution is found. Meanwhile Avast says users who have a problem should boot into safe mode and then uninstall three updates. Full instructions are in a link in the text version of this podcast at ITWorldCanada.com.
There’s a new twist on an old scam of criminals calling you and claiming to be from Microsoft Support. According to telecommunications consultant Mark Goldberg, messages going out sound like this: “This is the Windows Security Alert Team. Your Windows Defender software no longer works. Call back for your refund to be processed.” Well, Windows Defender comes free with Windows. You can’t get a refund. Don’t fall for this scam.
Attention Android users: If you have an app called Peel Smart Remote, which lets you use a phone as a TV remote control, make sure you update to the latest version. According to security vendor Pradeo, an older version collects pictures and videos from your device and sends them to somebody’s server. The safer version is 10.7.4.2.
Google has become the first email provider to support two new technical standards that will help improve security of Gmail. These capabilities allow email providers to establish more secure connections between each other so attackers can’t intercept and read your mail. According to ZDNet, Microsoft, Comcast and Yahoo worked with Google to create these new standards, so expect them to add these security features to their services. Hopefully, a lot of other email providers will pick them up as well.
Finally, I’m flattered that Feedspot has listed Cyber Security Today as one of the Top 10 cyber security podcasts on the web. A lot of the credit goes to sound engineer Don Naylor, who covers up my fumbles, and to my editor Brian Jackson for encouragement. And thank you for listening and mentioning the podcast to your friends.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.