Hackers steal driver’s licence numbers, an energy company drained of customer account data and be careful of this Wi-Fi air fryer.
Welcome to Cyber Security Today. It’s Wednesday, April 21. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Insurance company Geico is alerting customers that hackers got into its system and stole drivers’ licence numbers. Sometime between January 21st and March 1st the hackers used information about customers they got from other places to log into Geico’s online sales website. Combined with a person’s name and address, a driver’s licence number could be used for verification of identity when fraudulently applying for unemployment benefits. Geico is warning customers to alert their state unemployment agency if they get any mailings about benefits that weren’t applied for.
Here’s another one of those ‘oopsy’ moments: A New England power provider called Eversource Energy has admitted someone misconfigured a cloud storage server, exposing customers’ personal information. According to the Bleeping Computer news service, the names, addresses, social security numbers, phone numbers and account numbers of 11,000 customers could have been copied if someone knew where to look. Companies have got to limit the number of people allowed to store sensitive information in the cloud. They also need online monitoring to make sure those who do follow security procedures.
As I’ve said before, anything you connect at home to the internet could be used as an entry point to hack your computer if it has vulnerabilities. According to researchers at Cisco Systems, the latest example is the Cosori Smart 5.8-Quart Air Fryer. You can cook a variety of foods with this device. Connect it to the Wi-Fi in your home and a smartphone app can remotely control and monitor the device. However, researchers say during setup and registration of the device’s wireless capability a nearby hacker could get into the device, and from there into anything else on the home network. Cisco gave Cosori 90 days to reply and fix the vulnerability before publicly disclosing it. As of Monday it was still unpatched.
When buying a so-called smart home device – that includes, light bulbs, baby monitors, refrigerators and air fryers — think about whether it really needs to be connected to the internet. Some manufacturers aren’t experts in cybersecurity and don’t issue software or hardware updates.
Eleven teams of students from Canadian high schools and middle schools are in the finals for next month’s annual Cyber Titan national cybersecurity competition. Three teams are from Toronto, three from Winnipeg, two from Edmonton, two from Fergus, Ontario, and one from Fredericton, New Brunswick. One is a wildcard team, which, for the third year in a row, is an all-women squad. During the three-day test that starts May 17th, the teams will have to stop a cyber attack that threatens rail movements nation-wide. It’s based on a real incident.
A lot of makers of important corporate products this week released security patches that need to be installed as soon as possible. Here are a few of them:
SonicWall is urging administrators of its on-premise Email Security appliances to apply the latest patches. They fix zero-day vulnerabilities.
Since people started to work from home due to the pandemic virtual private network appliances have been under attack. One of them is made by Pulse Secure. This week it issued another patch, this one for the Pulse Connect Secure server. The vulnerability is rated as 10 out of 10.
A bunch of other security patches have been released. These are for the Firefox browser and Thunderbird email client. In addition, IBM has issued a number of security updates for enterprise products. These include WebSphere Transformation Extender, IBM Operations Analytics and IBM Transformation Extender, Watson OpenScale, Rational Service Tester and Performance Tester.
UPDATE: Google has just issued a security update for its Chrome browser.
That’s it for today. Links to details about podcast stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.