ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability. “Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089, was patched in Adobe’s February 12 patch release. Buried among 42 other critical bugs, the security flaw was described as a sensitive data leak problem which can lead to information disclosure when exploited.”
security
PC Magazine: How to Encrypt a Document Stored on Google Drive
PC Magazine: How to Encrypt a Document Stored on Google Drive. “If you want to keep your files safe from prying eyes, encryption is your best bet—especially if you’re going to store those files in the cloud, where data breaches and other security issues can expose them to the outside world.”
eWeek: Duo Security Digs Into Chrome Extension Security With CRXcavator
eWeek: Duo Security Digs Into Chrome Extension Security With CRXcavator. “Cisco’s Duo Security business unit is announcing the public beta of a new tool called CRXcavator on Feb. 21 that will make it easier for organizations to take inventory of the Chrome extensions running across their enterprise, understand what if any risk they pose and then link that to a policy for secure deployment. As part of the effort to build CRXcavator, Duo also looked at more than 120,000 Chrome extensions to discover potential security concerns and risks.”
Ars Technica: Google Play apps with >10 million installs drain batteries, jack up data charges
Ars Technica: Google Play apps with >10 million installs drain batteries, jack up data charges. “Is your Android phone feeling hot to the touch, acting sluggish, in need of frequent charges, or using dramatically more data than it used to? It may be a victim of DrainerBot, a major fraud operation distributed through Google Play apps with more than 10 million downloads, researchers said Wednesday.”
New York Times: Russian Hackers Targeted European Research Groups, Microsoft Says
New York Times: Russian Hackers Targeted European Research Groups, Microsoft Says. “A group of hackers associated with Russian intelligence targeted civil society groups across Europe ahead of May elections there, Microsoft said on Tuesday.”
Git money, git paid: GitHub waves larger wads of dollar bills to tempt bug hunters (The Register)
The Register: Git money, git paid: GitHub waves larger wads of dollar bills to tempt bug hunters . “Social code storage biz GitHub, now a ward of Microsoft, on Tuesday divulged plans to make itself more attractive to hackers by flashing larger sums of cash and offering better indemnity.”
Threatpost: New GandCrab Decryptor Unlocks Files of Updated Ransomware
Threatpost: New GandCrab Decryptor Unlocks Files of Updated Ransomware. “Yet another free decryptor is available for GandCrab ransomware victims. The tool, released Tuesday, is the third decryptor update in the past year that thwarts the prolific and fast-evolving GandCrab ransomware.”
