2:00

all of its IT systems. Meanwhile,

2:02

it's helping partners with alternate ways

2:04

of doing business. CDK

2:07

Global is part of Canadian

2:10

headquartered Brookfield Asset Management, part

2:12

of Brookfield Corp. IT

2:16

administrators that haven't patched their

2:18

SolarWinds serve you file transfer

2:21

applications are in trouble. Hackers

2:24

are already looking for unpatched

2:26

Windows and Linux versions after

2:28

word of a vulnerability was

2:30

publicized early this month. That's

2:33

according to researchers at Grey

2:35

Noise Labs. The

2:37

vulnerability allows an unauthenticated attacker

2:39

to access any file from

2:41

the file system. The

2:44

researchers know this application is under attack

2:46

because they deployed a honeypot to see

2:49

how much action it attracts. Many

2:53

threat actors are using a

2:55

remote access trojan called Raffle

2:57

for compromising Android devices of

3:00

corporate employees. Now

3:02

cyber defenders can read background research

3:04

on how Raffle works and what

3:06

to look for. The research

3:09

was put out by Checkpoint Software which

3:11

notes most targets have been in the

3:13

US, China and

3:15

Indonesia, but victims have

3:17

also been seen in France, Russia,

3:20

Italy, Germany and India. The

3:23

danger is that employees' contact

3:25

lists could be leaked as

3:27

well as two-factor login authentication

3:29

codes. IT and

3:32

telecom administrators should note that

3:34

mobile devices with older versions

3:36

of Android, that is

3:38

versions 11 and lower,

3:40

are the most commonly exploited.

3:43

In fact, devices running Android's version 11,

3:45

10, 9 and 8 account for more

3:47

than 50% of infections. Lesson

3:54

to IT leaders and employees.

3:57

Continuing to use old Android devices.

3:59

that can't get security updates is

4:02

a big security risk. IT

4:05

and security leaders should also

4:07

have policies forbidding employees from

4:09

downloading applications from anywhere except

4:12

approved app sites. Nowhere

4:15

for mobile devices is often distributed

4:17

through apps that pretend to be

4:19

legitimate and are spread

4:21

through sites, including Instagram and

4:23

WhatsApp. Financial

4:26

Business and Consumer Solutions, an

4:28

American collection agency, has updated

4:31

the number of people affected

4:33

in a February data breach.

4:36

Initially it said just over 1.9

4:38

million people were affected. In

4:41

the latest filing with Maine's Attorney General's

4:43

office, it now says just over 3.4

4:45

million were affected. Medical

4:50

device manufacturer Liva Nova is

4:52

notifying over 129,000 Americans of

4:56

an October 2023 cyber

4:59

incident, which resulted in the

5:01

theft of personal information that

5:03

included names, phone numbers, email

5:06

addresses, social security numbers, dates

5:09

of birth and medical information. Jeans

5:12

manufacturer Levi Strauss is notifying

5:14

over 72,000 people who

5:18

bought products on its website of a

5:20

possible data breach. On

5:22

June 13th, a hacker launched a

5:24

credential stuffing attack on the Levi

5:26

website, and that attacker may

5:28

have seen information of customers who opened

5:31

an online account. That

5:33

included their names, email addresses,

5:35

physical addresses, and partial credit

5:37

card information if the buyer

5:39

saved the payment method. Social

6:00

Security Numbers, and Financial Account

6:02

Information. And

6:05

finally, people doing online searches

6:07

for the Oculus Virtual Reality

6:10

software are being tricked into

6:12

downloading malware. Researchers

6:14

at E-Centire say victims who aren't

6:17

careful are getting a fake Oculus

6:19

installer that takes screenshots of their

6:22

devices for capturing passwords or other

6:24

sensitive information. The

6:26

malware also automatically clicks through

6:29

ads, generating revenue for

6:31

crooks. Oculus, now

6:33

called MetaQuest, can only be

6:36

obtained from Meta. There's

6:38

no free version of the software. That's

6:44

it for now. Links to

6:46

details about news mentioned in this

6:48

podcast episode are in the text

6:51

version at technewsday.com. Social

6:54

cybersecurity today on Apple

6:56

Podcasts, Spotify, or add

6:58

us to your flash briefing on your

7:00

smart speaker. Thanks

7:03

for listening. From

7:05

Toronto, I'm Howard Solomon.