Apple's big FaceTime security bug, a new zero-day threat in Microsoft Exchange, Google+ officially over, and more in This Week in Cybersecurity: where we highlight a select few of each week's new cyber security stories and share them here. Don't forget to follow our daily blog and social media for more in-depth cyber security and technology news.
If you would like to be the first to know about our Week in Cybersecurity reports and receive a FREE Webcam Cover, sign up here.
The Week of February 1st, 2019:
- Microsoft Exchange 2013 users and newer are vulnerable to a zero-day named "PrivExchange" that allows a hacker to gain admin privileges by using a simple Python tool. According to the researcher, this isn't one single flaw, but a combination of three flaws that an attacker can abuse to escalate their access from a hacked email account. As of now, there is no official emergency patch from Microsoft for PrivExchange but are working to have one ready for download soon. (ZDNet)
- A major FaceTime bug was discovered (on Data Privacy Day, no less) that allows iPhone users with iOS 12.1 or later to initiate a call though Group FaceTime and hear audio on the other end before the recipient accepts or rejects the call. Apple has disabled Group FaceTime on their servers while they develop a security fix this week. We recommend not using FaceTime as a whole until an official fix from Apple is released. (CSO)
- Microsoft’s Edge Internet Browser is looking to join the battle against fake news. It its latest update, the Edge app now includes a feature called NewsGuard. Previously only available as a desktop extension, NewsGuard uses actual human feedback rather than algorithms to determine if, according to Microsoft, “a website generally fails to maintain basic standards of accuracy and accountability.” If the website fails to meet their guidelines, a red icon will appear next to the site’s URL in the browser, with a message displaying if the site is deemed trustworthy or not. (CNET)
- Though we were aware of its impending closure after a massive data breach last year, Google officially announced this week that Google Plus (Google+) is officially shutting down for public usage on April 2nd, 2019. In the time before this date, changes will start appearing on the site such as freezing the ability to make new profiles or pages on February 4th and the ability to use Google+ for Blogger comments in March. Though the consumer version is closing, G Suite Enterprise users will still have Google+, and Google is looking to revamp its look as well as adding new features. Consumers should use this time to download any desired data before the shutdown. (Engadget)
- An app on iOS and Android devices called “Facebook Research VPN” allowed for users between the ages of 13 and 35 to let Facebook gather usage and private data for a monthly cash payout. While no exacts are known about what data was shared, how much access was given to Facebook from its users could include private chats, location information, phone screenshots, and more. Apple blocked the app from its App Store, citing that Facebook was misusing their Enterprise Developer Program by giving access to non-employees. Other related apps from Onavo, a company Facebook acquired recently to help with data collection, have been blocked from the App Store as well. (Digital Trends)
At neoRhino, cyber security defense is just one of the many ways we protect small to medium-sized businesses and keep them secure should disaster strike. Call us now at 281-779-4850 to schedule a FREE consultation or visit our Products & Services page to learn more about us.