Published: November 20th, 2020
Britain adds offensive cyber squad, a bug found in GO SMS Pro, and updates for Cisco Webex Meetings, Chrome and Firefox browsers
Welcome to Cyber Security Today. It’s Friday November 20th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
The United Kingdom has become the latest country to create a special unit allowed to disrupt the cyber activities of countries, as well as those of criminals and terrorists outside their boundaries. Called the National Cyber Force, it will have the authority to prevent the Internet and wireless phone networks from being used to further serious crimes. The department will work with military computer specialists, the National Cyber Security Centre and the SIS intelligence agency. It can be seen as similar to the U.S. Cyber Command’s authority to counter threats in cyberspace. Last year Canada’s Communications Security Establishment, the defence department agency that protects federal IT networks, gained the ability to launch “active” cyber activities with the authorization of the Defence Minister.
Offensive cyber operations against computers in other countries are controversial in that they may be seen as interference and therefore an act of war. Others see it as a legitimate way of striking back at cyber attackers if legal action isn’t possible.
Users of the GO SMS Pro mobile messaging app have been warned it has a vulnerability. Security vendor Trustwave says the problem could let anyone see private voice messages, videos and photos sent to people who don’t have the app. Worse, the kind of link used for media files — like voice mail –sent to those who don’t have the app can be altered allowing someone to see any files sent in the future. Trustwave suggests users of GO SMS Pro avoid sending sensitive media files until the app developer has closed this hole.
IT administrators whose organizations use Cisco Systems’ Webex Meetings applications should update their servers to the latest version. Researchers at IBM discovered vulnerabilities that allow attackers to listen in on meetings.
Finally, there are new versions of the Firefox and Chrome browsers available for download. Firefox 83 has improved security and fixes some bugs. Get it by going into the settings, click on Help and then About Firefox. Chrome lately has seen a number of vulnerabilities that had to be quickly patched. You should be on version 87 now. In the past couple of weeks Google has had to update Chrome several times, and it’s been hard to keep up. Any browser you use should be configured to update automatically. But in a just-released survey Menlo Security found 28 per cent of its customers were using version 85. And of those using version 86, over 80 per cent hadn’t updated Chrome in the past week or so and were vulnerable. Even if your browser is configured for auto-updates it’s a good idea to check once a week.
That’s it for now. But this afternoon you can catch the Week In Review edition, where I’ll talk with Terry Cutler of Cyology Labs about credential stuffing attacks. Listen on your way home or on the weekend.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.