Data breach at Animal Jam, warnings to Minecraft users and Oracle point of sale directors and login advice from Microsoft
Welcome to Cyber Security Today for Friday November thirteenth. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Stolen information together with e mail addresses of hundreds of thousands of youngsters or dad and mom registered on the net youngsters recreation Animal Jam are being given away by a hacker after the guardian firm WildWorks suffered an information breach. According to the Bleeping Computer information service hackers accessed firm databases with 46 million participant usernames, though these aren’t the true names of youngsters. Also within the databases had been hundreds of thousands of encrypted passwords to the sport. As a precaution all users now have to select new passwords. But the databases additionally included 7 million e mail addresses of dad and mom who registered their youngsters for the platform. Those addresses could possibly be used to distribute spam. Just over 100 of the data additionally included a guardian’s title and billing deal with. The firm thinks the info was stolen round October eleventh. It believes the hacker obtained in by penetrating the server of an organization WildWorks makes use of for worker collaboration.
Speaking of video games, do you play Minecraft on the Android platform? If you do, watch out of apps within the Google Play retailer that promise to improve the sport. According to a report from safety agency Avast, seven of these apps are “fleeceware” — apps that fleece you of cash by hiding inflated costs for skins, wallpapers or recreation mods. Some victims get charged $30 a month after putting in apps with free trial intervals.
Microsoft has turn out to be the most recent tech firm to urge folks utilizing multi-factor authentication to cease getting safety codes by way of textual content or voice messages on smartphones. Two-factor or multifactor authentication provides a one-time six-digit safety code on high of a username and password as additional safety for logins. There are a number of methods of getting a code on a cellular system, together with by textual content message and a recorded voice name. But textual content messages might be intercepted by crooks. And if a criminal takes over your smartphone by convincing your provider to port your telephone quantity to a telephone they’ve, they will get any code despatched by voice. Better is utilizing an encrypted code-generating app like Google Authenticator, Microsoft Authenticator or Authy. These apps are locked to your smartphone so it doesn’t matter if the telephone is illegally ported to one other. And they’re onerous to intercept.
Two weeks in the past I advised you that workplace furnishings producer Steelcase suffered a cyber-attack suspected of being ransomware. This week the corporate advised the U.S. securities regulator that it had to shut operations for 2 weeks as a result of of the incident whereas it cleaned up laptop techniques. It additionally mentioned there was no proof delicate buyer or company data was copied.
Companies operating Oracle’s Micros Restaurant Series 3700 point of sale software program are being warned to set up the most recent model of the software program. That’s as a result of safety vendor ESET has found a brand new piece of malware that may give attackers a method of getting inside the businesses by exploiting a gap within the utility. The malware is ready to steal database passwords. If the databases aren’t encrypted their information will probably be stolen.
Finally, later this afternoon obtain the Week In Review version of Cyber Security Today. I’ll be speaking with Dinah Davis of Arctic Wolf about how to keep away from being scammed on-line throughout the vacation procuring interval.
Listen in your method residence or on the weekend.
That’s it for now. Links to particulars about these tales are within the textual content model of every podcast at ITWorldCanada.com. That’s the place you’ll additionally discover my information tales aimed at companies and cybersecurity professionals.
Cyber Security Today might be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing in your sensible speaker. Thanks for listening.
Would you suggest this text?
We’d love to hear your opinion about this or every other story you learn in our publication. Klicken Sie auf diesen Link, um mir eine Notiz zu senden →
Jim Love, Chief Content Officer von IT World Canada
Cybersecurity-Gespräche zusammen mit Ihrem Board - Ein Überlebensleitfaden
EIN ÜBERLEBENSHANDBUCH VON CLAUDIO SILVESTRI, VIZEPRÄSIDENT UND CIO, NAV CANADA