{"id":34585,"date":"2023-01-25T07:40:57","date_gmt":"2023-01-25T12:40:57","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=523712"},"modified":"2023-01-25T09:24:43","modified_gmt":"2023-01-25T14:24:43","slug":"cyber-security-today-jan-25-2023-data-privacy-week-advice-terrible-patching-statistics-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-jan-25-2023-data-privacy-week-advice-terrible-patching-statistics-and-more\/","title":{"rendered":"Cyber Security Today, Jan. 25, 2023 \u2013 Data Privacy Week advice, terrible patching statistics and more"},"content":{"rendered":"<p data-ar-index=\"0\">Data Privacy Week advice, terrible patching statistics and more<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, January 25th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25717989\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>This is Data Privacy Week.<\/strong> <a href=\"https:\/\/www.itworldcanada.com\/article\/data-privacy-week-some-canadian-firms-have-shortcomings-in-treating-privacy-says-regulator\/523554\" rel=\"noopener\">My stories with advice for businesses are posted on <em>ITWorldCanada.com.<\/em><\/a> For individuals wanting to improve their privacy online, here\u2019s a few tips: Say as little about yourself on social media as possible. No one online needs to know your birthday, or that you bought a new house, new car or jewelry. When you register for an internet service or buy anything online, find out how much personal data is collected. Is it really necessary for the transaction? What will the website do with your personal data? When you get a mobile app for your smartphone, before installing pay attention to what it accesses. Does it need to access your contact list, the phone\u2019s camera or microphone? When you go to some websites they offer ads. Can you opt out of the ads? You should be told when website data-collecting cookies are being used and given the choice of not allowing them. Finally, privacy is related to your cybersecurity practices. So create safe passwords. Use a different password on every site. Use a password manager to keep track of them. And keep the operating systems of your computers and smart phones up to date by installing the latest patches. Don\u2019t forget to patch your home WiFi router. For more information go to <a href=\"https:\/\/staysafeonline.org\/\" rel=\"noopener\"><em>StaySafeOnline.org<\/em><\/a> and the<a href=\"https:\/\/www.priv.gc.ca\/en\/for-individuals\/\" rel=\"noopener\"> Office of the Privacy Commissioner of Canada.<\/a><\/p>\n<p data-ar-index=\"4\"><strong>Encrypted backups<\/strong> made by users of GoTo Central, GoTo Pro, Hamachi and RemotelyAnywhere were stolen by a hacker in an incident last November, <a href=\"https:\/\/www.goto.com\/blog\/our-response-to-a-recent-security-incident\" rel=\"noopener\">GoTo has admitted<\/a>. Worse, the hacker got an encryption key for some of the encrypted backups. The scrambled backups were stolen from a third-party cloud storage service used by GoTo. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multifactor authentication settings, as well as some product settings and licensing information. In addition, while GoTo Rescue and GoToMyPC encrypted databases were not copied, multifactor settings of a small subset of their customers were. GoTo is resetting the passwords of affected users and reauthorize multifactor authentication settings where applicable.<\/p>\n<p data-ar-index=\"5\"><strong>Hackers love exploiting<\/strong> unpatched vulnerabilities. One reason is companies are slow to install fixes. How slow? According to Orange Cyberdefense, a division of the European cellular provider called Orange, only 20 per cent of its customers are installing security patches in 30 days or less after fixes are released. Even some critical vulnerabilities aren\u2019t fixed until six months after a patch is issued. And some vulnerabilities aren\u2019t discovered or patched at all. The report, <a href=\"https:\/\/thehackernews.com\/2023\/01\/security-navigator-research-some.html\" rel=\"noopener\">given to The Hacker News<\/a>, doesn\u2019t explain why it can take so long for some holes to be dealt with.<\/p>\n<p data-ar-index=\"6\"><strong>Two vulnerabilities<\/strong> in Samsung\u2019s Galaxy App Store have been discovered by <a href=\"https:\/\/research.nccgroup.com\/2023\/01\/20\/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434\/\" rel=\"noopener\">researchers at NCC Group.<\/a> One could have allowed a hacker to automatically install a malicious app on a device without the owner\u2019s knowledge. This problem only affects devices running Android 12 or lower. The other problem could have allowed an app store user to go to an attacker-controlled domain. Samsung has released a new version of the Galaxy App Store. All Samsung mobile devices users should open the app store on their devices and, if prompted, download the latest version of the store.<\/p>\n<p data-ar-index=\"7\"><strong>Attention<\/strong> users of the Dashlane, Bitwarden and Safari browser password managers. Make sure you\u2019re running the latest versions. <a href=\"https:\/\/portswigger.net\/daily-swig\/popular-password-managers-auto-filled-credentials-on-untrusted-websites\" rel=\"noopener\">Google says it has discovered<\/a> a vulnerability allowing usernames and passwords to be automatically filled into untrusted web pages without the user having to enter their master password and launch the password manager.<\/p>\n<p data-ar-index=\"8\"><strong>Finally<\/strong>, users of the WordPress education plugin called LearnPress are being warned to update to the latest version. This comes after <a href=\"https:\/\/patchstack.com\/articles\/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version\/\" rel=\"noopener\">researchers at Patchstack discovered<\/a> several critical vulnerabilities. This plugin allows WordPress customers to create and sell courses online. The fix was published in December but many users may not have heard.<\/p>\n<p data-ar-index=\"9\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"10\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-jan-25-2023-data-privacy-week-advice-terrible-patching-statistics-and-more\/523712\">Cyber Security Today, Jan. 25, 2023 \u2013 Data Privacy Week advice, terrible patching statistics and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on the aftermath for GoTo customers after a supply chain cyberattack, vulnerabilities in Samsung&#8217;s Galaxy App Store, problems with password manager<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-34585","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=34585"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34585\/revisions"}],"predecessor-version":[{"id":34588,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34585\/revisions\/34588"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=34585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=34585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=34585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}