Google want to know everything about you - Now, it looks like , Microsoft wants to know what Google knows about you or , Is it the good old Embrace, Extend and Extinguish Strategy.

After a quick setup process, you simply link a Google Account to an Outlook.com account, and Gmail, Drive documents, and Google Calendar will all be automatically displayed inside Outlook.com on the web.

It looks very similar to how Outlook for iOS and Android work, with separate inboxes and side-by-side integration in the calendar.

https://www.theverge.com/2019/11/20/20973889/microsoft-outlook-web-gmail-google-drive-calendar-integration-support-features

New equation = Ransomware Infection = Data Breach. (should I call it Ransom-Breach?) Now on, it is Pay-up or we expose your data. . So, back to basics - Data Backup and Awareness training.

After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from a security staffing firm

https://blog.knowbe4.com/heads-up.-this-is-ugly-after-refusing-the-maze-ransomware-payment-their-stolen-data-was-leaked?

Exciting(/scary) feature(/bug) in Android - Secretly take pictures or record video -- even if your device is locked.

Google is strict when it comes to mobile applications obtaining access to sensitive information from camera, microphone, or location services. As a result, users must accept permission requests, but in Checkmarx's attack scenario, these requirements are bypassed.


https://www.zdnet.com/article/android-vulnerability-lets-rogue-apps-take-photos-record-video-even-if-your-phone-is-locked/

Thanks Giving to Christmas is Vacation season - So, here is a simple security Tip from Sophos

Disney launched a new streaming service and in a matter of few hours, user accounts were hacked/stolen and put up for sale on hacking forums

. Prices vary from $3 per account to as much as $11 (strangely, that's more than Disney's $7 offer)

https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums

Why you need to take Microsoft Patch Seriously - Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429.

“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system,”

Importantly, there’s a possible attack vector – and it doesn’t even require you to use IE

https://www.welivesecurity.com/2019/11/14/microsoft-patch-internet-explorer-zero-day

Insider Threat - Any/Every organization can be affected. It time that we take "Zero Trust" security model seriously - Trend Micro saw about 100,000 of its consumer customers have their account information stolen

The cybersecurity company said in a statement today the first inkling something was wrong came in August 2019 when some customers complained of receiving scam phone calls from people purportedly from Trend Micro. The information the callers disclosed to their targets during the conversations led the company to believe it had to have come from an insider.

The company said it never calls customers unannounced.

By late October the company was able to fully determine the attack was an inside job. An employee used fraudulent means to gain access to customer support databases, retrieve the data and sell it.

“Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” the company said.

https://www.scmagazine.com/home/security-news/insider-threats/trend-micro-hit-with-insider-attack/

Can this headline be true?? - ( Actually it is worse than what is states) When the “Disable all macros without notification” feature is enabled, the XLM macros are actually automatically executed without any warning or prompts being shown to the user.

Some good news:
Fully patched versions of Office 2016 and Office 2019 for Mac reportedly do correctly report the presence of XLM macros inside SYLK files.

https://hotforsecurity.bitdefender.com/blog/mac-users-warned-that-disabling-all-office-macros-doesnt-actually-disable-all-office-macros-21744.html

Check if you are vulnerable to CVE-2019-13720 & CVE-2019-13721 in your Chrome Browser

Use the following URL

https://appcheck-ng.com/new-chrome-zero-day/?utm_source=Twitter&utm_medium=Security&utm_campaign=Chrome%20Zero%20Day