Information and Cyber Security round up 22 February

Let’s start with the good news.  Instagram are adding ‘two-step authentication’, which makes it more difficult for people to break into an account. Most of the other cloud services (Gmail, Facebook, Twitter, etc.) already have this, and it should be used by everyone to provide an extra level of security to stop your account being taken over.  http://thehackernews.com/2016/02/hack-instagram-account.html.

HSBC are offering voice and fingerprint ID system, which will mean there is no need to remember a complex password. http://www.theguardian.com/business/2016/feb/19/hsbc-rolls-out-voice-touch-id-security-bank-customers. This should be more secure than using a password, but does this mean that criminals will be using physical force to get you to login and transfer money rather than stealing your password electronically? There is an article about the security of this approach at http://www.theguardian.com/technology/2016/feb/19/how-safe-is-voice-recognition-fingerprint-id-hsbc.

Apple backed down on the ‘Error 53’ issue that locked some phones repaired by someone other than Apple. http://www.theguardian.com/technology/2016/feb/19/error-53-apple-issues-fix-bricked-iphones. A flaw in the fingerprint security on LG V10 Android phones was found, but this is only an issue if someone gets access to your phone will it is unlocked and has time to change the fingerprint that will unlock it in the future. http://www.welivesecurity.com/2016/02/16/lg-v10-security-bypass/. If you are using the AirDroid app you may want to remove it for now, see http://blog.checkpoint.com/2016/02/17/millions-of-airdroid-users-exposed-to-severe-vulnerability/ for what could happen.

The ‘bad guys’ have tricked some online stores into installing a fake security patch for the Magento ecommerce platform, allowing them to compromise the site. If you use Magento, check that you don’t have this installed. https://heatsoftware.com/security-blog/10819/10819/

Infected Word files are being sent out, and have been getting past some spam filters and anti-virus programs. This can result in ‘ransomware’ being installed and your files being encrypted. Only open files that come from a reputable source, and you are expecting them. http://www.scmagazine.com/dridex-actors-likely-behind-vicious-locky-ransomware-strain/article/475420/. A hospital in California got hit by ransomware. After a week of with no computers, they paid the £12,000 ransom http://www.computerweekly.com/news/4500273343/US-hospital-pays-12000-to-ransomware-attackers.

A security system used in more than 200,000 homes has an unfixable flaw that allows tech-savvy burglars to disarm the alarm from as far away as a few hundred feet. This is mainly sold in the US, but someone people may be using it in the UK. http://arstechnica.co.uk/security/2016/02/hopelessly-broken-wireless-burglar-alarm-lets-intruders-go-undetected/

Personal details about hundreds of students at the University of Greenwich were posted online and they could be fined. http://www.bbc.co.uk/news/technology-35587529.

An issue with Adobe’s Creative Cloud for Mac removed the first folder in alphabetical order without permission, even if it had nothing to do with Adobe. This problem has now been resolved, but some people could have lost data. If you use this product check that nothing has been deleted and use your backups (you do backup everything don’t you?) to restore anything that was removed. http://www.theguardian.com/technology/2016/feb/15/adobe-pulls-creative-cloud-for-mac-update-deleted-unrelated-files-computers

And finally, people are using Streetlife to report rogue phone calls from ‘BT technical support’ to say there is a problem with the internet connection. If they don’t get access to the PC or Mac they say the internet connection will be closed. It looks likes this is mainly aimed at consumers but no doubt businesses will be getting these calls as well. Don’t give people remote access to your computer, or follow their instructions to go to websites that could download malware.