Week in review: FaceTime bug, Apple developer certs abused, new privacy attack against 5G

Here’s an overview of some of last week’s most interesting news and articles:

New Mac malware steals cookies, cryptocurrency and computing power
A new piece of Mac malware is looking to steal both the targets’ computing power and their cryptocurrency stash.

Safeguarding your data from human error and phishing attacks with the cloud
Using public cloud platforms ensures that you can customize permission settings and access past versions of documents to resolve any man-made mistakes.

Researchers reveal new privacy attack against 3G, 4G, and 5G mobile users
5G cellular mobile communications, when implemented, are expected to provide high bandwidth, low latency, energy savings, better connectivity, but security and privacy must also be assured.

Google also abused its Apple developer certificate to collect iOS user data
It turns out that Google, like Facebook, abused its Apple Enterprise Developer Certificate to distribute a data collection app to iOS users, in direct contravention of Apple’s rules for the distribution program.

Taking ethical action in identity: 5 steps for better biometrics
The film Minority Report demonstrated one possible future, in terms of precise advertising targeting based on a face. But the Spielberg film also demonstrated some of the downsides of biometrics – the stunning lack of privacy and consumer protection.

Microsoft rolls out new tools for enterprise security and compliance teams
Microsoft has announced a number of new capabilities and improvements for tools used by enterprise administrators.

eCommerce credit card fraud is nearly an inevitability
Riskified surveyed 5,000 US-based consumers aged 18 and older about their online shopping behaviors, experience with and prevalence of credit card fraud, repeat shopping likelihood and customer satisfaction to develop a full picture of how consumers react to a number of common shopping experiences.

How to know when you’re ready for a fractional CISO
Hiring a CISO means your organization has hit a point of scale where security is a top priority and needs to become more a part of the culture and the leadership. Before you hire an expensive recruiter, spend months interviewing candidates and add a hefty new line to your budget, consider a fractional CISO.

Critical FaceTime bug turns iPhones, Macs into eavesdropping tools
A shocking and easily exploitable FaceTime bug allows people to listen in on other users of Apple devices by simply calling them through the service.

Free training course material on network forensics for cybersecurity specialists
Based on current best practices, the training includes performance indicators and means that will help those who take it increase their operational skills of tackling cyber incidents.

How accepting that your network will get hacked will help you develop a plan to recover faster
Security teams must continue to prevent security attacks while also accepting the reality that the network will eventually get breached – but his doesn’t mean accepting the role of victim.

Employees report 23,000 phishing incidents annually, costing $4.3 million to investigate
Account takeover-based (ATO) attacks now comprise 20 percent of advanced email attacks, according to Agari’s Q1 2019 Email Fraud & Identity Deception Trends report.

The biggest cybersecurity challenge? Communicating threats internally
IT executives responsible for cybersecurity feel a lack of support from company leaders, and 33 percent feel completely isolated in their role, according to Trend Micro.

How privacy and security concerns affect password practices
Yubico announced the results of the company’s 2019 State of Password and Authentication Security Behaviors Report, conducted by the Ponemon Institute, who surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France.

Emotet: A veritable Swiss Army knife of malicious capabilities
Formerly just a banking Trojan, Emotet is now one of the most dangerous and multifaceted malware out there. According to Malwarebytes, it and Trickbot are part of the reason why Trojans topped their list of most common business detections in 2018.

ENISA outlines top cyber threats and trends in 2018
This report raises awareness of the cyber dangers that citizens and businesses should be conscious of and responsive to.