The Mac Security Blog

Security News

Fancy Bear, ReVoLTE, and Instagram’s biometric theft – Weekly privacy news, August 21, 2020

Posted on by

Privacy News Online’s weekly video recap includes the top privacy stories, hosted by tech news commentator Brian Tong.

Each episode includes a cybersecurity news segment hosted by Intego’s Chief Security Analyst, Josh Long. This week’s video features two security stories, one of which we covered here on The Mac Security Blog, about an advanced new specimen of Mac malware called XCSSET. For full details, please see our comprehensive XCSSET article.

Mac malware exposed: XCSSET, an advanced new threat

The other security story covered in this week’s video is about new Russian espionage malware for Linux, dubbed Drovorub. The NSA and FBI have released details about this threat, which includes a Linux kernel module rootkit and is capable of exfiltrating files from a target system. The report names the Russian GRU as the threat actor also known as Fancy Bear and APT28. You can read Ars Technica’s summary, or see the full PDF report for more technical details.

Privacy news stories

Instagram app iconOne of this week’s top privacy stories is that Instagram is facing a $500 billion lawsuit for gathering facial biometrics data without consent. At issue is that pictures uploaded to Instagram may contain the face of someone other than the account holder, who may not have given consent to Instagram (or parent company Facebook) to have their photos used for facial recognition data. Facebook previously had to pay a $650 million fine for a similar violation involving photos uploaded to the Facebook social network.

Meanwhile, a new attack that researchers are calling ReVoLTE (pronounced “revolt-y”) may allow hackers to eavesdrop on phone calls made over 4G LTE networks. Calls made over LTE are usually encrypted, but an implementation flaw found in many cellular towers enables attackers to decrypt conversations. Additional details are available at the ReVoLTE site. Calls made using third-party calling apps that count toward your data plan usage, such as FaceTime or Signal, are not affected.

For the rest of this week’s privacy news, watch the eight-minute video and read the related articles.

You can subscribe to the Private Internet Access YouTube channel and click the 🔔 to get notified when new videos are uploaded each Friday.

More security news, plus Apple news

For more weekly news and commentary, particularly about Apple and security topics, subscribe to the Intego Mac Podcast. Veteran Mac journalist Kirk McElhearn and Intego’s Josh Long host our weekly audio discussion show.

Sign up for Intego’s e-mail newsletter and follow The Mac Security Blog for more Apple and security news. And don’t forget to follow Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 🔔 to get notified about new videos on Intego’s own YouTube channel, too).

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →