Week in review: Highest paying IT certifications, emergency iOS patch, and how attackers exploit whitelists

Here’s an overview of some of last week’s most interesting news and articles:

Windows 10 Creators Update will come with clearer privacy options
Nearly two years after Microsoft released Windows 10, the company has finally revealed what data it collects from users. The revelation comes as part of a recent change of the company’s privacy statement, which has been made to reflect the company’s move towards more transparency.

How attackers exploit whitelists
Attackers have been known to take advantage of organizations’ whitelist system to prevent the blacklist system from keeping their malware and exploits away from the organizations’ networks.

Highest paying certifications, skills in demand revealed
Cloud computing and cybersecurity skills are in high demand.

20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites
A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible.

Apple patches drive-by Wi-Fi flaw with emergency iOS patch
Less than a week after Apple pushed out iOS 10.3 came an iOS emergency patch that all iDevice owners should implement as soon a possible.

15 new ransomware decryption tools added to No More Ransom
The platform is now available in 14 languages and contains 40 free decryption tools. Since the last report in December, more than 10 000 victims from all over the world have been able to decrypt their affected devices thanks to these tools available free of charge.

Through inter-app data sharing, Android apps can get your data without permission
With a newly developed toolsuite that can analyze Android apps and detect whether two or more of them can collude with each other to acquire information that they would otherwise not be capable of obtaining, a group of researchers has shed some light on an existing capability that could easily become a big problem in the future.

Your iPhone is not infected, and you don’t need a free VPN app to clean it
A scammy lunge at tech-unsavvy users is being performed by VoiceFive, a global market research company that has developed and offered for download MyMobileSecure – an “unlimited VPN proxy” – on Apple’s App Store.

QNAP NAS devices open to remote command execution
If you’re using one of the many QNAP NAS devices and you haven’t yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don’t want it to fall prey to attackers.

US lawmakers propose bill to stop warrantless phone searches at US border
Four US Congressmen have introduced on Tuesday a new law aimed at protecting Americans from warrantless searches of their digital devices when they cross the US border.

Trump signs into law repeal of US consumers’ online privacy protections
It’s official: US Internet service providers and mobile data carriers will be able to to sell or share its customers’ Web browsing and app usage history and other private information to advertisers and other third parties, without having to ask those customers for permission.

Oil and gas companies’ cybersecurity strategies are evolving
Oil and gas company leaders reported an average of 96 cyberattacks over 12 months, with one in three succeeding in a breach that was discovered only 62 percent of the time by firms’ security teams.

iOS spyware Pegasus has an equally capable Android counterpart
Mobile security firm Lookout and Google have revealed the existence of Chrysaor (aka Pegasus for Android), a powerful espionage app that is believed by both companies to be the work of Israel-based firm NSO Group, which specializes in lawful surveillance software.

Tax season security tips: Protect yourself from cybercrime
The techniques preferred by cybercriminals, and tax season security tips.

Generational differences increase security risks
There are two major IT security risks that enterprises need to prepare for – Millennials and the impending General Data Protection Regulation (GDPR).

WWW inventor Tim Berners-Lee opposes encryption backdoors
As the de-facto inventor of the world wide web, Sir Tim Berners-Lee’s opinions on things like online privacy and encryption backdoors should carry a lot more weight than those of most people.

European companies hit with highly customizable ransomware
Panda Security researchers have been following and analyzing ransomware attacks that have been targeting European business for a few months now, and have tied them to the same group.

Weak social network password security is more trouble than you think
53 percent of users haven’t changed their social network passwords in more than one year – with 20 percent having never changed their passwords at all, according to a survey conducted by Thycotic at RSA Conference in San Francisco in February.

The rise of InsurTech: How young startups influence a mature industry
Artificial intelligence (AI) and the Internet of Things (IoT) now account for almost half of total investment in insurance technology (InsurTech) startups globally.

New infosec products of the week​: April 7, 2017
A rundown of infosec products released last week.