The US General Services Administration publishes an IG report detailing what it calls a mistake, not a breach. A Slack misconfiguration could potentially have exposed personally identifiable information and contractor proprietary information, but GSA says such data appear not to have been compromised.
ISIS shifts its online recruiting strategy in Central Asia, and continues to draw information ops fodder from Sykes-Picot.
FireEye warns that maliciously crafted Microsoft Office files are serving as vectors for the recently patched Flash zero-day.
A Google Project Zero bug hunter reports a memory exploitation vulnerability in Symantec’s core Antivirus Engine.
Clickjacking, says Skycure, afflicts most older Android devices. Privilege escalation is among the risks the vulnerability poses.
A click-fraud botnet, Btidefender reports, is using the Redirector.Paco Trojan to afflict “AdSense-like programs.” The principal victims of clickfraud are, of course, advertising budgets and the companies who burn through them on the strength of bogus interactions.
enSilo analyzes “Furtim,” “stealthy,” “paranoid” malware now circulating in the wild. The exploit was recognized by a researcher known by the handle “@hFireFox.” Furtim is noteworthy for the large number of checks it makes for AV measures. Its servers also send the malicious code only once. (The payload has three elements: a power configuration file, Pony infostealer, and a third, as yet unknown bit of malware.)
Observers continue to look at the SWIFT funds transfer system. Some conclude its security procedures need an overhaul.
Barron’s suggests Cisco’s forthcoming guidance may disappoint. Avanan and illusive both announce new rounds of venture funding.