Data Privacy Week tips, terrible patch stats and more

Welcome to Cyber ​​Security Today. Today is Wednesday, January 25, 2023. I’m Howard Solomon, Contributing Cybersecurity Reporter for ITWorldCanada.com and TechNewsday.com in the United States.

It’s Data Privacy Week. My stories with tips for business are published on ITWorldCanada.com. For people who want to improve their privacy online, here are some tips: Talk about yourself as little as possible on social media. No one online needs to know your date of birth or whether you bought a new house, car or jewelry. When you sign up for an internet service or buy anything online, find out how much personal data is collected. Is it really necessary for the transaction? What will the website do with your personal data? When you get a mobile application for your smartphone, before installing it, pay attention to what it accesses. Does he need access to your contact list, camera or phone microphone? When you visit certain websites, they offer advertisements. Can you disable ads? You must be informed when website data collection cookies are used and have the choice not to allow them. Finally, privacy is tied to your cybersecurity practices. So create secure passwords. Use a different password on each site. Use a password manager to keep track of them. And keep the operating systems of your computers and smartphones up to date by installing the latest patches. Don’t forget to patch your home Wi-Fi router. For more information, visit StaySafeOnline.org and the Office of the Privacy Commissioner of Canada.

Encrypted backups made by users of GoTo Central, GoTo Pro, Hamachi and RemotelyAnywhere were stolen by a hacker in an incident last November, GoTo admitted. Even worse, the hacker got an encryption key for some of the encrypted backups. The scrambled backups were stolen from a third-party cloud storage service used by GoTo. The information involved, which varies by product, may include account usernames, salted and hashed passwords, part of multi-factor authentication settings, as well as certain product settings and licensing information. Additionally, while the GoTo Rescue and GoToMyPC encrypted databases were not copied, the multi-factor settings of a small subset of their customers were. GoTo resets affected users’ passwords and re-authorizes multi-factor authentication settings, if applicable.

Hackers love to exploit unpatched vulnerabilities. One of the reasons is that companies are slow to install patches. How slow? According to Orange Cyberdefense, a division of the European mobile provider called Orange, only 20% of its customers install security patches within 30 days or less after the patches are released. Even some critical vulnerabilities are only patched six months after a patch is released. And some vulnerabilities are not discovered or patched at all. The report, given to The Hacker News, does not explain why some holes can take so long to fix.

Two vulnerabilities in Samsung’s Galaxy App Store were discovered by researchers at NCC Group. A hacker could have been allowed to automatically install a malicious application on a device without the knowledge of the owner. This issue only affects devices running Android 12 or earlier. The other issue could have allowed an App Store user to access a domain controlled by an attacker. Samsung has released a new version of the Galaxy App Store. All Samsung mobile device users should open the app store on their devices and, if prompted, download the latest version of the store.

Warning users of Dashlane, Bitwarden and Safari browser password managers. Make sure you are using the latest versions. Google says it has discovered a vulnerability that allows usernames and passwords to be automatically filled into untrusted web pages without the user having to enter their master password and launch the password manager. pass.

At last, users of the WordPress educational plugin called LearnPress are warned to update to the latest version. This comes after Patchstack researchers discovered several critical vulnerabilities. This plugin allows WordPress customers to create and sell online courses. The patch was released in December, but many users may not have heard of it.

Follow Cyber ​​Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.



Source link

Leave A Reply