Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.

Top headlines this week

  • Apple revoked a set of developer tools from Facebook.The two tech companies got into a tug-of-war this week over a Facebook program that came to light where they paid users to install a VPN on their mobile devices. Facebook would then track users’ habits via the VPN. Facebook has now ended that program.
  • Apple temporarily disabled its group FaceTime service as it fixes a vulnerability. If exploited, an attacker could potentially listen in on conversations via Apple devices’ microphones even if the user doesn’t answer a FaceTime call. Apple’s slow response to this bug has prompted New York’s attorney general to launch an investigation.
  • The U.S. filed several criminal charges against Chinese tech company Huawei. One indictment accused Huawei of attempting to steal trade secrets from mobile company T-Mobile, while another says the company worked to bypass American sanctions against Iran.

From Talos

  • Attackers are utilizing a fake job posting from Cisco Korea to infect users. Based on our research, we believe this is the latest in a long string of attacks from the same threat actor.
  • There are multiple vulnerabilities in ACD Systems' Canvas Draw 5. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. Snort rules 39593 - 39596, 39599 - 39632, 47336, 47337 can help protect you from the exploitation of these vulnerabilities.
  • Python.org contains an exploitable denial-of-service vulnerability in its X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer to dereference, resulting in a denial of service. Snort rules 48854 and 48855 can protect you from the exploitation of this vulnerability.
  • Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. Snort rules 47750 and 47751 can protect you from the exploitation of these vulnerabilities.

Malware roundup

  • The FormBook malware is back, this time targeting retail and hospitality companies. The information-stealer first appeared in 2016, and its use has recently risen through a new malware-hosting service.
  • The FBI and Air Force are working together to dismantle a North Korean botnet. Joanap is a remote access tool believed to be associated with the Lazarus Group APT. Snort rule 46885 can prevent Joanap from making an outbound connection.
  • A new cryptocurrency malware is targeting Macs. A variant of OSX.DarthMiner, the malware steals browser cookies and saved passwords in the Google Chrome web browser.
  • American and Belgian authorities shut down an illegal online marketplace. xDedic, a website that concealed the location of its servers and was often used to sell personal information stolen in cyber attacks, is responsible for roughly $68 million of fraud.

The rest of the news

  • Google removed several data collection apps from the iOS App Store. The apps collected data from users’ phones, browsers and routers with their consent. In exchange, Google sent gift cards to the users. However, they did not properly operate under Apple’s developer enterprise program.
  • The United Arab Emirates has gathered a group of hackers to track adversaries of their government. Many of the members are former U.S. National Security Agency hackers.
  • A group of 2.2 billion login credentials is circulating among hacking groups. This trove of information is part of a smaller collection that was uncovered by a security researcher earlier this year.
  • A distributed denial-of-service attack recently broke the record for packets sent per second. Security firm Imperva says they recently stopped an attack against their client that crossed the 500 million packets per second mark.
  • Airbus employees’ data was accessed as the result of a recent data breach. The airline says there was no impact to their commercial operations or intellectual property.
  • Chrome and Firefox fixed several security flaws in the latest versions of their browsers. Chrome 72 fixed 58 CVEs, including one that was rated “critical,” while Firefox patched seven CVEs, including three “critical” ones.