More calls for an end to cyberattacks on healthcare, watch for Android security update and alert to Discord users
Welcome to Cyber Security Today. It’s Wednesday May 27th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast, click on the arrow below:
An international group of leaders including the Red Cross and Microsoft has called on governments to stop cyberattacks on hospitals, clinics and medical research institutions. This comes as the number of online attacks against the healthcare sector has increased since the outbreak of the COVID-19 pandemic. Some of the attacks are blamed on criminals trying to extort money from institutions under the threat of the scrambling or release of patient information. But other attacks are being blamed on government-supported groups trying to steal COVID-19 research. A number of law enforcement and cyber authorities including the FBI and the Canadian Centre for Cyber Security have issued warnings to the healthcare sector to watch for increased threats. Tuesday’s call from the CyberPeace Institute urges nations to commit to making cyberattacks on this critical infrastructure unlawful.
Also yesterday Canada said it is co-leading an international effort to publish ways that governments can fight online threats to democratic processes including elections. The group hopes to publish recommendations by November.
Android users need to look for and install the latest security update after a Norwegian security company called Promon announced it discovered a major bug in the operating system for Android 9 and lower. This one allows an attacker to install malware that would take over any app on a device. It could then listen to you through the microphone, read text messages, steal usernames and passwords and other terrible stuff. Promon let Google know about this a few months ago. A fix will be released this month, so manufacturers and cellphone carriers can start pushing it out soon. In the meantime, as always be careful of apps you download come from a reputable developer.
If you’re a software developer here’s something to think about: Approximately 70 per cent of all serious security bugs in the Google Chrome browser are memory management and safety issues. A year ago Microsoft reported the same for its products. The problem: Developers are still using the C and C++ programming languages. They don’t give programmers full control over how they manage an application’s memory. That leads to vulnerabilities. What developers should be doing, says the ZDNet news report on this, is using better languages.
Finally, those of you on the Discord service for gamers ought to know by now to stay away from links to promised game cheats or hacking tools because they are likely laced with malware. Well, according to a report from the Bleeping Computer news service, there’s a new version of an old troublemaker that infects the Discord client. The new version allows a hacker to steal passwords and spread malware to others you know who use Discord. That won’t increase the number of friends you have.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.