Huge database on American homeowners left exposed, don’t fall for this certificate scam, check your Android version and Linux warning
Welcome to Cyber Security Today. It’s Monday March 9th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Once again someone has been clumsy with security settings on a huge database of personal information sitting open on the Internet. We don’t know who owns this particular database found in January, but it had some 200 million records of American homeowners, their credit ratings, net worth and income. Security researchers tried and failed to determine what company or person left the data open to be copied by anyone who could find it on the Internet. Google was notified because the database was sitting on its servers, and after a month access was closed. It could have been owned by a bank or marketing company. During the time that researchers discovered the database more data was being added, so it was currently important to someone. Researchers at the computer review site Comparitech, who came across the database while searching the Internet, said it could have been a gold mine to cyber criminals, real estate brokers or to those running political campaigns for targeted advertising.
Many Internet users don’t realize that a lot of website and software security goes on with invisible things called certificates. These are little pieces of code your browser uses as proof a website or software update is legitimate. But criminals sometimes get hold of certificates or create phony certificates to spread malware. Security company Kaspersky has found a new version of this scam. An infected a website makes a message pop up saying the ‘Security Certificate is out of date’ and you have to click to download a certificate update. What you really do is download malware. Scammers do this in a way that the web page address stays the same, so you think the warning is real. Legitimate certificate updates don’t work this. way. You shouldn’t have to click on anything to get a security certificate update. That’s the website or software company’s problem.
If you have an Android phone or tablet it’s important to keep it current. Models running old versions of Android don’t get security updates. A British consumer site has figured out more than one billion Android device owners could be in trouble. They’re running Android versions 7 and lower. If you don’t know what version of Android you have go into Settings and look under System. You may have to buy a new device.
Attention Linux and network administrators: There’s a serious vulnerability in almost all Linux-based operating systems that could allow an attacker into a system. As a result, Linux distributions are putting out security updates that must be installed. Note also that certain products that use Linux will also have to be patched, such as switches and routers. Cisco Systems’ Unified Communications Manager is also affected. Watch for alerts from your vendors. There’s a link to more details here.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.