Advice to online retailers for the holiday season, lengthy prison terms for cybercrooks and watch for Android updates
Welcome to Cyber Security Today. It’s Friday November 26th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
This is the Thanksgiving long weekend in the U.S. If you’re tuning in on this holiday, thanks.
Today is Black Friday and the official start of the holiday sales season, which will really kick into gear on Cyber Monday. And while IT departments at online retailers should have been preparing weeks ago, cybersecurity firm Darktrace says there are three things they can do at the last minute to keep their firms safer from would-be hackers and fraudsters:
–Understand your cybersecurity posture. That includes knowing where the most sensitive data is stored and limiting who can access it. Despite the tight timeline don’t put off application updates or patches. Attackers pounce fast when vulnerabilities are known;
–Pay attention to backup systems. Make sure your staff is familiar with your recovery plan;
–Make sure the IT team understands what has to be done to safely lock systems down should it be necessary.
Two Nigerians involved in a business email scam were sentenced this week by a U.S. judge to prison terms of at least 10 years. They were also ordered to pay millions in restitution. The two pleaded guilty last year to committing wire fraud, money laundering and other criminal charges. The scheme involved spoofing the email addresses of the supervisors or business contacts of employees and convincing them to transfer money from their personal bank accounts or corporate bank accounts. The money was sent to bank accounts the two convicts had opened with fraudulent passports. A third member of the gang was sentenced in July to just over three years in prison.
Five members of the Phoenix hacking group that specialized in hacking smartphones have been arrested by Ukraine’s Security Service. All of the accused are citizens of that country. The gang created fake versions of Apple, Samsung and other mobile app sites. Once compromised apps were downloaded the gang got password access of victims and were able to copy data from their phones, including bank logins. Then they stole money from their bank accounts, and sold personal information to other hackers. This went on for more than two years. Several hundred people were victimized. Smartphone users have to be careful where they download mobile apps from, as being careful of what apps to trust.
Android device users should be on the lookout for security patches from their carriers or device makers. This comes after MediaTek, which makes chips used in many smartphones, released a security update. This follows an investigation by researchers at Check Point Software. They discovered a flaw in the MediaTek audio digital signal processor that could allow a hacker to listen to people’s conversations or upload malware. Unfortunately, some Android mobile device makers only offer two or three years of security updates for their hardware. If you have an older device it may not get this, or other, device updates. It’s one reason why you should consider adding antivirus protection.
Finally, remember that later today the Week in Review edition will be available. A guest commentator and I will talk about the GoDaddy hack, honeypots and safe online shopping
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.