Password Manager security risks, Flash's relationship with Microsoft Edge, the Nest Secure's hidden red flag, and more in This Week in Cybersecurity: where we highlight a select few of each week's new cyber security stories and share them here. Don't forget to follow our daily blog and social media for more in-depth cyber security and technology news.

If you would like to be the first to know about our Week in Cybersecurity reports and receive a FREE Webcam Cover, sign up here.

The Week of February 22nd, 2019:

  • Google’s Nest thermostat has been under scrutiny for lack of security before but has spurred a bit of controversy yet again as the Nest Secure hub was shipped with a microphone installed and the public knew nothing about it. The Nest Secure device, which has been available since 2017, didn’t state in any promotional materials or technical specs that a microphone was included until it was recently announced that Google voice assistance was coming in an update. Though Google officially stated that the omission was a mistake and “the on-device microphone was never intended to be a secret … and is only activated when users specifically enable the option,” this introduces a new security risk with the home security system. (CNET Security)
  • A Point-of-Sale company called the North Country Business Products (NCBP) has been the victim of a major security breach. NCBP confirmed that the breach was a result of hackers compromising their IT system and installed POS malware on many of their networked locations, mostly restaurants, which included Dunn Brothers Coffee, Someburrows, and Zipps Sports Grill. The attack affected 139 different locations, which the NCBP has listed on their website. (NCBP Data Security Event)
  • Remember WinRAR? And the prompt to support the program popping up every time you loaded it up? Well, it suffered a major security flaw; one major enough to affect all 500 million users over the past 19 years. Security researchers at Check Point Software discovered a major security flaw within a DLL library, that thankfully WinRAR has already released a patch to resolve the vulnerability. If you are using WinRAR, update your program immediately. (Check Point Software)
  • More Microsoft Edge problems arise as a secret whitelist within the browser has been allowing Facebook to run Adobe Flash code, bypassing its own security measures that prevent websites from running Flash code without consent. Other domains in this secret whitelist include Microsoft and MSN (natch), Deezer, QQ, and Yahoo, though Microsoft has since reduced the list down to only two domains. This came to the light after a researcher had found an XSS vulnerability within the whitelist mechanism itself, which Microsoft responded by enforcing HTTPS on all domains on the list. (ZDNet)
  • Do you use a password manager? A new study from the Independent Security Evaluators (ISE) found that several password managers, including major services such as DashLane and LastPass, are easier to crack than expected. The study stated that in some of the popular programs, once the master password is visible to the hacker, they can decrypt the database of the password manager, giving them the ability to gather more login credentials from memory even if the password manager is locked. Though Password managers are still a good thing, it’s a scary thought that security could be that lax. (InfoSecurity Magazine)

At neoRhino, cyber security defense is just one of the many ways we protect small to medium-sized businesses and keep them secure should disaster strike. Call us now at 281-779-4850 to schedule a FREE consultation or visit our Products & Services page to learn more about us.