Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
2:00
all of its IT systems. Meanwhile,
2:02
it's helping partners with alternate ways
2:04
of doing business. CDK
2:07
Global is part of Canadian
2:10
headquartered Brookfield Asset Management, part
2:12
of Brookfield Corp. IT
2:16
administrators that haven't patched their
2:18
SolarWinds serve you file transfer
2:21
applications are in trouble. Hackers
2:24
are already looking for unpatched
2:26
Windows and Linux versions after
2:28
word of a vulnerability was
2:30
publicized early this month. That's
2:33
according to researchers at Grey
2:35
Noise Labs. The
2:37
vulnerability allows an unauthenticated attacker
2:39
to access any file from
2:41
the file system. The
2:44
researchers know this application is under attack
2:46
because they deployed a honeypot to see
2:49
how much action it attracts. Many
2:53
threat actors are using a
2:55
remote access trojan called Raffle
2:57
for compromising Android devices of
3:00
corporate employees. Now
3:02
cyber defenders can read background research
3:04
on how Raffle works and what
3:06
to look for. The research
3:09
was put out by Checkpoint Software which
3:11
notes most targets have been in the
3:13
US, China and
3:15
Indonesia, but victims have
3:17
also been seen in France, Russia,
3:20
Italy, Germany and India. The
3:23
danger is that employees' contact
3:25
lists could be leaked as
3:27
well as two-factor login authentication
3:29
codes. IT and
3:32
telecom administrators should note that
3:34
mobile devices with older versions
3:36
of Android, that is
3:38
versions 11 and lower,
3:40
are the most commonly exploited.
3:43
In fact, devices running Android's version 11,
3:45
10, 9 and 8 account for more
3:47
than 50% of infections. Lesson
3:54
to IT leaders and employees.
3:57
Continuing to use old Android devices.
3:59
that can't get security updates is
4:02
a big security risk. IT
4:05
and security leaders should also
4:07
have policies forbidding employees from
4:09
downloading applications from anywhere except
4:12
approved app sites. Nowhere
4:15
for mobile devices is often distributed
4:17
through apps that pretend to be
4:19
legitimate and are spread
4:21
through sites, including Instagram and
4:23
WhatsApp. Financial
4:26
Business and Consumer Solutions, an
4:28
American collection agency, has updated
4:31
the number of people affected
4:33
in a February data breach.
4:36
Initially it said just over 1.9
4:38
million people were affected. In
4:41
the latest filing with Maine's Attorney General's
4:43
office, it now says just over 3.4
4:45
million were affected. Medical
4:50
device manufacturer Liva Nova is
4:52
notifying over 129,000 Americans of
4:56
an October 2023 cyber
4:59
incident, which resulted in the
5:01
theft of personal information that
5:03
included names, phone numbers, email
5:06
addresses, social security numbers, dates
5:09
of birth and medical information. Jeans
5:12
manufacturer Levi Strauss is notifying
5:14
over 72,000 people who
5:18
bought products on its website of a
5:20
possible data breach. On
5:22
June 13th, a hacker launched a
5:24
credential stuffing attack on the Levi
5:26
website, and that attacker may
5:28
have seen information of customers who opened
5:31
an online account. That
5:33
included their names, email addresses,
5:35
physical addresses, and partial credit
5:37
card information if the buyer
5:39
saved the payment method. Social
6:00
Security Numbers, and Financial Account
6:02
Information. And
6:05
finally, people doing online searches
6:07
for the Oculus Virtual Reality
6:10
software are being tricked into
6:12
downloading malware. Researchers
6:14
at E-Centire say victims who aren't
6:17
careful are getting a fake Oculus
6:19
installer that takes screenshots of their
6:22
devices for capturing passwords or other
6:24
sensitive information. The
6:26
malware also automatically clicks through
6:29
ads, generating revenue for
6:31
crooks. Oculus, now
6:33
called MetaQuest, can only be
6:36
obtained from Meta. There's
6:38
no free version of the software. That's
6:44
it for now. Links to
6:46
details about news mentioned in this
6:48
podcast episode are in the text
6:51
version at technewsday.com. Social
6:54
cybersecurity today on Apple
6:56
Podcasts, Spotify, or add
6:58
us to your flash briefing on your
7:00
smart speaker. Thanks
7:03
for listening. From
7:05
Toronto, I'm Howard Solomon.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More