A malicious email campaign has been found abusing a Google Cloud Storage service to host a payload sent to employees of financial services organizations, Menlo Labs researchers report. The threat appears to have been active in the US and UK since August 2018. Victims receive emails containing links to archive files; researchers say all instances…

The Christmas and New Year holidays are generally regarded as a very nice time of the year. Workers depart the office, giving information security experts a chance to put their feet up. Before you take your well-deserved rest, however, make sure to take measures to protect corporate information on employees’ personal gadgets. Sensitive information on…

Globally, organizations have spent millions on security solutions; however, these purchasing decisions often are not based on fact or data — just hunches, expenditures, and market trends. Senior executives struggle to have complete visibility into their own company’s security posture as well as the current threat environment. There is a lack of comprehensive, near-real-time information…

If you shared data with Facebook over the past few years, there’s a high chance Facebook handed it to Microsoft, Amazon, Spotify, or any of the other 150 companies that benefited from extensive data-sharing deals with the social media giant, The New York Times reports. Internal Facebook records provide a more detailed look at data-sharing…

A Washington State University research team has uncovered significant and previously unknown vulnerabilities in high-performance computer chips that could lead to failures in modern electronics. The researchers found they could damage the on-chip communications system and shorten the lifetime of the whole computer chip significantly by deliberately adding malicious workload. Led by Partha Pande, assistant…

The vulnerabilities impact the Windows and macOS versions of Acrobat and Acrobat Reader DC (Continuous and Classic 2015 tracks), and Acrobat and Acrobat Reader 2017 products. The list of security holes includes various types of critical bugs that can lead to arbitrary code execution, including buffer errors, untrusted pointer dereference, use-after-free, and heap overflow. The…

In 2018, more organizations adopted cloud computing, and at a rapidly growing pace. The main drivers for cloud were high efficiency, easier and faster deployments, and, of course, scalability. But from a security perspective, the speedy adoption of cloud computing is forcing security professionals to learn about new challenges, cloud-specific risks, and relevant mitigations as…

As vulnerabilities go, it was the best sort: found by internal testing before it led to a security breach. Nevertheless, the latest Google+ software vulnerability was enough to push forward shutting down the service: Google now says it will be shuttered by April 2019 rather than the originally planned August 2019. According to Google, the…

Facebook continues to be criticized for its data collection practices. The media is hammering Google over how it handles data. JPMorgan Chase & Company was vilified for using Palantir software to allegedly invade the privacy of employees. This past June marked the five-year anniversary of The Guardian’s first story about NSA mass surveillance operations. These…