Google issues its monthly security updates for Android devices, Chrome browser plugin offes protection for passwords and a sneaky email scam.
Welcome to Cyber Security Today. It’s Friday February 8th. To hear the podcast click on the arrow below:
It’s update your Android device time. This week Google announced its monthly security fixes have been sent to device manufacturers and phone companies to pass on to you. The worst problem could allow an attacker to get into a device if a user comes across a specially crafted PNG photo image under certain circumstances. As always, Google-branded phones get security updates fast but Android phones from other manufacturers may take longer to send updates to cellphone companies. In turn they often want to test the updates before releasing them to users. So it may be a few days before the update for your device is available.
One more thing: Updates are only available for recent versions of Android. Go into your settings and find the About section and check to see when the last time your device was updated. If you can’t update it’s time think about getting a new device.
Also this week Google announced a plugin to its Chrome browser that will give an alert if you try to log into a site with a stolen username and password. If it finds a match it prompts you to change the password. The plugin, called Password Checkup, automatically compares the credentials to an encrypted database that contains over 4 billion stolen usernames and passwords. Its available for download from the Google Chrome store here.
Finally, here’s another example of why you have to be careful with email on any device: A staff member at an Internet company called Akamai got a warning email on his smartphone that his Google account had been accessed from a new Windows device. Some services do that if they detect a person trying to login from an unfamiliar computer, phone or tablet. Suspicious because he had not done that, the employee looked at the email on a computer, which has a larger screen than a smartphone and can better display things like where the message came from. Sure enough, it was fake. The goal, of course, was to get him to click on a link that would have led him to a login page that looked like it was from Google. Then the attacker could steal his password.
Interestingly, that link went to a Google Translate page. Somehow the attacker was able to hide his scam through a real Google web site. This likely will fool people on a smartphone, but the real malicious address would show up on an easier to read bigger screen. By the way, not only does this attack try to get a sucker to log into Google, there’s also an attempt to get the victim who falls for it to log into a phony Facebook page.
So take your time and examine messages fully before taking any actions the sender asks, particularly logins and sending money. Does the message create a sense of urgency or fear? If so, be suspicious.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.
Sponsor: Micro Focus
How GDPR can be a strategic driver for your business