December 10, SecurityWeek – (International) Many Cisco products plagued by deserializations flaws. Cisco Systems reported that it is investigating which of its products are affected by the Java deserialization vulnerability that can be exploited for remote code execution (RCE) via the Apache Commons Collections library due to the failure of developers to ensure that untrusted serialized data is not accepted for deserialization. Cisco will release software updates addressing the flaw. Source
December 10, SecurityWeek – (International) Google launches Data Loss Prevention (DLP) for Gmail. Google announced its new feature, Data Loss Prevention (DLP) for Gmail will help administrators enforce DLP policies and will automatically take action based on predefined content detectors in email text and attachment types, including documents, presentations, and spreadsheets to ensure that sensitive information cannot be exposed to unauthorized viewers. The feature is available for Google Apps for Work Unlimited customers only. Source
December 10, Softpedia – (International) Barbeques are now hackable thanks to ever-evolving technology. Two American security researchers discovered that smart Internet of Things (IoT) devices can be easily abused after discovering ways to infiltrate the BBQ Guru-owned CyberQ Wifi BBQ Control, which comes manufactured with Internet capabilities, via a malicious Uniform Resource Locator (URL) code crafted by attackers intended to deceive a CyberQ owner into opening the link via a simple spear phishing campaign. Once the malicious link is opened, hackers can access the user’s privileges and command the barbeque to alter its behavior. Source
December 9, SecurityWeek – (International) Google brings safe browsing to Chrome for Android. Google released its Safe Browsing technology in Google Play Services version 8.1, and Chrome for Android version 46 and above versions that will warn users when accessing a flagged website, including social engineering, phishing, and other malicious websites. Source
December 9, Zero Day – (International) Microsoft warns of possible attacks after Xbox certificate leaked. Microsoft released an advisory stating that the private keys to the xboxlive.com domain were inadvertently disclosed, allowing attackers to impersonate Xbox users and carry out man-in-the-middle (MitM) attacks, as well as intercept the website’s secure connection to deceive users in providing their username and passwords to hackers. Source