Reading Time: ~2 min.

Facebook Research App Removed from App Store

After seeing their Onavo VPN application removed from the
Apple App Store last year, Facebook
has re-branded the service as a “research” app and made it available through
non-Apple testing services. The app itself requires users download and install
a Facebook Enterprise Developer Certificate and essentially allow the company complete
access to the device. While many users seem to be in it only for the monthly
gift cards, they remain unaware of the extreme levels of surveillance the app
is capable of conducting, including accessing all social media messages, sent
and received SMS messages and images, and more. Apple has since completely
removed Facebook’s iOS developer certificate after seeing how they collect data
on their customers.

Japan Overwhelmed by Love Letter Malware Campaign

Following the discovery of the Love
malware a couple weeks ago, the campaign has been determined to be responsible
for a massive spike in malicious emails. Hidden amongst the contents of the
suspiciously-titled attachments are several harmful elements, ranging from
cryptocurrency miners to the latest version of the GandCrab ransomware. Unfortunately
for users outside of the origin country of Japan, the initial payload is able
to determine the system’s location and download additional malicious payloads
based on the specific country.

Apple FaceTime Bug Leads to Lawsuit

With the recent announcement of a critical vulnerability for
FaceTime app
, the manufacturer has been forced to take the application
offline. Unfortunately, prior to the shutdown, one Houston lawyer filed a case alleging
that the vulnerability allowed for unauthorized callers to eavesdrop on a
private deposition without any consent. By simply adding a user to a group
FaceTime call, callers were able to listen through the other device’s
microphone without that user answering the call.

Authorities Seize Servers for Dark Online Marketplace

Authorities from the US and Europe announced this week that,
through their combined efforts, they had successfully located and seized servers
belonging to an illicit
online marketplace
known as xDedic. While this was only one of many such
server sites, administrators could have used it to facilitate over $68 million
in fraudulent ad revenue and other malicious activities. Hopefully, this
seizure will help law enforcement gain an understanding of how such marketplaces
operate and assist with uncovering larger operations.

French Engineering Firm Hit with Ransomware

Late last week the French engineering firm Altran Technologies was forced to take its central network and supported applications offline after suffering a ransomware attack. While not yet confirmed, the malware used in the attack has likely been traced to a LockerGoga ransomware sample uploaded to a malware engine detection site the very same day. Along with appending extensions to “.locked”, LockerGoga has been spotted in multiple European countries and seems to spread via an initial phishing campaign, and then through compromised internal networks.

The post Cyber News Rundown: Apple Removes Facebook Research App appeared first on Webroot Blog.