Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

12/10/2018
04:00 PM
50%
50%

New Google+ Breach Will Lead to Early Service Shutdown

A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.

As vulnerabilities go, it was the best sort: found by internal testing before it led to a security breach. Nevertheless, the latest Google+ software vulnerability was enough to push forward shutting down the service: Google now says it will be shuttered by April 2019 rather than the originally planned August 2019.

According to Google, the vulnerability in a Google+ API affecting some 52.5 million users would have allowed applications with permission to view public data to view some private data, as well. In a blog post, the company said that it had no data indicating that any third party had seen unauthorized data but that the problem is leading to all Google+ APIs being "subsetted" within the next 90 days.

Google says that it will have information on how current Google+ users and developers can migrate apps and data in the coming weeks.

Read here and here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark Reading,  4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The dead do not laugh...
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10551
PUBLISHED: 2020-04-09
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing ...
CVE-2020-10621
PUBLISHED: 2020-04-09
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
CVE-2020-11553
PUBLISHED: 2020-04-09
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.
CVE-2020-11554
PUBLISHED: 2020-04-09
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.
CVE-2020-11555
PUBLISHED: 2020-04-09
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.