THIS ISSUE’S EXPERT:
David Emm, Principal
SecurityResearcher
at Kaspersky Lab
(www.kaspersky.co.uk)12 2 - 15 October 2019 Email us your security questions [email protected]
QHow worryingis
it that smart TVs
share our data
with Netflix (bit.ly/
smarttv485)?
Paul Giddings, FacebookAManyhousehold
devices –from
kitchen appliances
tohome-entertainment
technology– are becoming
inter-connected, sothe lackLastPass fixes password-
leaking flaw
LastPass has
patcheda
vulnerability that
could haveledto
usersexposing the
login details they
used on the last site they visited.
A flaw in the popular password
manager’s browserextension
rendered the service susceptible
tocybercriminals launching
‘clickjacking’attacks.Tofall victim,
a LastPass userwould havehadto
enter their details on awebsite,then
visit acompromised sitebybeing
tricked into clicking the page link
several times.
This vulnerability affected the
LastPassweb extensionfor Chrome
and Opera, thecompanyconfirmed.
The bugwas discovered byGoogle’s
ProjectZero researchteam, which
disclosed the vulnerabilitytoofunderstanding about how
theyharvest andmanageour
personal dataisconcerning.
The newsthatsmart TVs
anddigital assistants are
leaking sensitive datatothird
parties suchasNetflix and
Facebook will comeasa
great surprise tomany
consumers andraises
pressing questions: howfar
doesthisacqusitionof
private information
undermine consumertrustin
major technologycompanies
andtowhatextentdoesit
comeatthe expense of
consumerprivacy?
The government mustset
standardsthatlimit the
power oforganisationsto
harvest personal informationwithout the knowledge and
consent of their customers,
andestablish security
practices for Internetof
Thingsdevices.
It iscrucial thatweare
made aware of the
repercussionsofhaving
connecteddevices inour
homes,and havea say in
whether our dataisshared.QAre biometric
login methods
more secure than
usingpasswords?
Gary Jeffries, FacebookAThe combination
ofsecurity
breaches and poor
passwordchoicemakes
thema weakformof
authentication. They’re also
anextra hurdletojumpto
gainaccesstoa service,
whereasbiometricsare
more orlessfrictionless.
However, biometricsare
best usedtoreplace
usernames, not passwords,
andthe established advice
about using multi-factor
authenticationtosecure
youraccountsstillstands.News about the latest threats and advice from securityexperts
Stay Safe OnlineSECURITY ALERT! |What’s been bothering us this fortnight
Security Helpdesk|Your questions answered by security specialistsLastPass afewweeks before the flaw
was made public.
LastPasswarned userstobeawareof
the scale of phishingattacksroutinely
launched against them,touse both
anti-malware and antivirus software and
toenable multi-factor authentication on
all services where possible.
bit.ly/lastpassSecurity fearsover deepfake
ransomware
Deepfakeransomwareis one of the most
fearedforms ofcyberattack, according
toTrend Micro’s future threat
researchers.The securitycompany
believes that this type ofransomware,
which involves anattacker takinga
selection of images that individuals post
online and using themtocreatean
embarassing or scandalous video such as
pornography or violent behaviour,could
starttospread inyearsto come.
The researchers believethe threat
could be more damaging than current‘sextortion’ scams because, witha
deepfake,the act doesn’t actually have
totake place.Few people botherto
fact-check, so once the deepfake is out
there,the damage is done.
Theyalsovoiced theirfears that
deepfake scamscould spur an increase
inteenage suicide, soawareness of
these types of scams is important so
wecanremain sceptical if and when
they arise.
See ourFAQ on page 38toread
more about theworrying rise of
deepfake videos.
bit.ly/deepfakeThe government must limit the power
of organisations to harvest personal data
without knowledge andconsent