Better email security and compliance with attachment scanning and file type detection

Email compliance settings allow Google Apps admins to set policies to regulate the delivery of both internal and external email for their organization. Today, we’re announcing two different policy improvements to further enhance email security:

Attachment scanning
The Content compliance setting enables admins to specify what action to perform for messages based on predefined sets of words, phrases, text patterns, or numerical patterns contained within their content. Similarly, the Objectionable content setting enables admins to specify what action to perform for messages containing specific word lists that they create

Previously, each of these policies supported the scanning of the body of email messages and text attachments only. With today’s launch, the policies will also scan the content inside common attachment types―such as documents, presentations, and spreadsheets from different productivity suites―for increased security.

File type detection
The Attachment compliance setting enables admins to specify actions to perform for messages with attachments based on file type, file name, and message size. Previously, the policy relied solely on the file type extension when identifying matches. With today’s launch, we’ll start scanning and identifying the actual file type of attachments, preventing the renaming of most file type extensions to circumvent attachment policies.

Check out the Help Center links below for more information on these security improvements.

Reference By: Google

A new look for the Google Drive on the mobile web

Google Drive, To create a consistent experience across the Google Docs, Sheets, and Slides viewers on the web on mobile, today Google introducing a simpler, more uniform interface for each.

Comprompt-Mobile Web Editors (Final Version)

In addition, we’re encouraging people to edit their Google Docs files in the mobile app, which is easier to use and offers more robust functionality. Going forward, when users open Docs files on the mobile web and attempt to edit, they’ll be taken directly to the app or given the option to download it. Like with Google Sheets and Slides files, they’ll no longer be able to edit Docs files on the mobile web.

Comprompt-Google Drive Mobile Web Editors UI Refresh (Promo)

Reference By – Google

Prevent individuals from changing their Google+ profile names

Google introducing a new setting in the Google Apps Admin console that gives Apps admins control over whether or not people in their organizations can edit their profile names in Google+.

By default, people can change the profile name that’s displayed for their Google+ profile. The new display name is also used in all other Google products, except for user-edited Gmail usernames. Starting today, admins can decide to disallow name changes. If changes are disallowed, all Google+ profile names that were previously changed by individuals will be replaced by their corresponding names in the Admin console directory.

Comprompt-gplus

If admins decide to prevent users from changing their Google+ profile names, we recommend the following to minimize any confusion:

  • Inform people in your organization that their profile name might change—before you modify the setting.
  • Advise people to contact their Google Apps admin if they need to change their profile name after the setting is changed.

Visit the Help Center to learn more about managing Google+ profiles.

Reference-Google

Better email security and compliance with attachment scanning and file type detection

Email compliance settings allow Google Apps admins to set policies to regulate the delivery of both internal and external email for their organization. Today, we’re announcing two different policy improvements to further enhance email security:

Attachment scanning
The Content compliance setting enables admins to specify what action to perform for messages based on predefined sets of words, phrases, text patterns, or numerical patterns contained within their content. Similarly, the Objectionable content setting enables admins to specify what action to perform for messages containing specific word lists that they create.

Previously, each of these policies supported the scanning of the body of email messages and text attachments only. With today’s launch, the policies will also scan the content inside common attachment types―such as documents, presentations, and spreadsheets from different productivity suites―for increased security

File type detection
The Attachment compliance setting enables admins to specify actions to perform for messages with attachments based on file type, file name, and message size. Previously, the policy relied solely on the file type extension when identifying matches. With today’s launch, we’ll start scanning and identifying the actual file type of attachments, preventing the renaming of most file type extensions to circumvent attachment policies.

Check out the Help Center links below for more information on these security improvements.

Reference By: Google

Enhanced inbound mail gateway functionality

Google Apps allows for the use of inbound mail gateway servers which admins can leverage to process their inbound mail in different ways―such as archiving it or filtering out spam―before passing it onto the Google Apps mail server for delivery.

Today’s launch adds more flexibility for Apps admins when using inbound mail gateway servers:

  • Multiple upstream server systems – to accommodate more complex network architectures, customers can now have multiple server systems upstream from Gmail.

Message tagging – an upstream system can now tag messages as spam in the header, which Gmail will honor, allowing for full delegation of spam filtering to a third party solution if desired.comprompt-Disable downloading, printing, and copying of any Google Drive file

Reference By Google

Disable downloading, printing, and copying of any Google Drive file

With Information Rights Management (IRM), people using Google Drive can now disable downloading, printing, and copying from the advanced sharing menu―perfect for when the file you’re sharing contains sensitive information that you don’t want shared broadly or leaked. This new option is available for any file stored in Google Drive, including documents, spreadsheets, and presentations created with Google Docs.

To enable this feature, open the sharing dialogue from any Google document, spreadsheet, presentation, or other file in Drive on the web and click on Advanced in the lower right hand corner. Check the ‘Disable options to download, print, and copy for commenters and viewers’ box and click Save changes. This functionality is also available through API.Disable downloading, printing, and copying of any Google Drive file
Notes:

  • This feature can be enabled by file owners only, and on the web only
  • Once this feature is enabled, all entry points for downloading, printing, and copying will be removed from Google Drive, Docs, Sheets, and Slides on all platforms.

Google documents, spreadsheets, and presentations for which this feature has been enabled will show a notification at the top of the File and Edit menus

export disabled disabled downloading, printing, and copying of any Google Drive file

Reference By Google

Zero-Day Comms/Adobe Flash Exploit

Alert: Adobe Flash has experienced another exploit.

Contact your customers to make them aware of the zero-day vulnerabilities in Adobe Flash that were found in stolen data that had been posted online as a result of a breach at Hacking Team.

The vulnerability is a ByteArray class user-after-free (UAF) vulnerability which can be used to override PC functions, change the value of objects and reallocate memory. It affects versions of Adobe Flash Player 18.0.0.204 and earlier. Many organizations deploy Adobe Flash inside their networks, and given the widespread proliferation of the software, the risk of attack is high. Our Threat Intelligence team has created a signature for the vulnerabilities, which protects Symantec Endpoint Protection and Norton customers from the likely risk of the exploit’s use in cyber-attacks this

Use this event as an opportunity to ensure that your customers are taking the necessary steps to protect themselves and discuss the bigger issues of the fallout from Hacking Team being breached. Reinforce yourself, and Symantec, as a trusted security partner. Share best practices for hardening of networks and ensuring that sensitive data, e.g. bug-bounty program data, remains secure.

OVERVIEW

It was made public earlier this month that Italian hacker-for-hire surveillance firm, Hacking Team, had itself been breached. The company, known for selling intrusion and surveillance tools to governments and law enforcement agencies had been the target of an attack in which the attacks had uploaded 400GB of data onto Pastebin. The data dump contained various information such as email communications, customers’ information, invoices, source code, among others.

Over the weekend of July 10th, Trend Micro and FireEye independently announced that they had discovered two zero-day vulnerabilities in Adobe Flash that were found in the stolen data that had been posted online as a result of the breach at Hacking Team. At this time the exploits are proofs-of-concept, yet the code can be executed on the latest version of Flash Player. The vulnerability, dubbed the “most beautiful Flash bug for the last four years” in Hacking Team’s internal notes, is a ByteArray class user-after-free (UAF) vulnerability which can be used to override PC functions, change the value of objects and reallocate memory. It affects versions of Adobe Flash Player 18.0.0.204 and earlier. Symantec has added detection for the exploits as Hacktool and has created an AV signature to detect the exploits.

WHY THIS MATTERS TO MY CUSTOMERS

Organizations that allow Adobe Flash to run on their endpoints are vulnerable to this exploit. The vulnerability affects Windows, Macintosh, and Linux operation systems. A successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We consider this to be a high severity incident, and encourage customers to take immediate action to prevent damage from happening. Network users running affected versions of Adobe Flash could be victims of drive-by downloads.

SHOULD I REACH OUT TO MY CUSOMTERS?

We recommend that you contact your customers to make them aware of this vulnerability. Many organizations deploy Adobe Flash inside their networks, and given the widespread proliferation of the software, the risk of attack is high. Use this event as an opportunity to share the information provided in this bulletin to ensure that your customers are taking the necessary steps to protect themselves while reinforcing yourself, and Symantec, as a trusted security partner.

Important Talking Points

  • Our Threat Intelligence team has created a signature for the vulnerabilities, which protects Symantec Endpoint Protection and Norton customers from the likely risk of the exploit’s use in cyber-attacksthis week.
  • Symantec’s Security Response blog will keep you current on developments pertaining to this situation, including mitigation instructions.
  • Discuss the bigger issue of the fallout from Hacking Team being breached. Share best practices for hardening of networks and ensuring that sensitive data, for example, bug-bounty program data remains secure. Symantec provides solutions that can protect organizations from such attacks.

Q: When was this incident/vulnerability/threat discovered?
A: The vulnerability proof of concept was discovered within the Hacking Team leaked data on July 10 PDT and was shared on Twitter.
Q: How significant is this incident and why?
A: This incident is significant due to the prevalence of Adobe Flash and the fact that upon first analysis, the proof- of-concept code can successfully exploit the latest version of Adobe Flash (18,0,0,203). We are not aware if this vulnerability is being exploited in the wild. With the proof of concept disclosed, we can expect to see it released in the wild very soon.
Q: Which OS platforms are being targeted or could potentially be affected?
A: Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux.

  • Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome
  • Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux

Q: Is user interaction (other than normal web browsing, file opening, email viewing, etc.) required to become infected?
A: This vulnerability could be exploited by way of drive-by-download.
Q: Do Symantec/Norton products (Win/Mac/NMS) protect against this threat?
A: We have added detection for the exploits as Hacktool. Antivirus detection has been introduced as Exp.CVE- 2015-5122. This detection is available as of definitions version 20150711.022. We also have confirmed that the following IPS signature proactively blocked the Proof-of-Concept exploit code: Web Attack: Malicious SWF Download 30.
Q: Has this vulnerability been exploited in the wild?
A: At the moment, we are not aware, but because the information came from Hacking Team’s leaked data, it may have potentially been used, however, is it unlikely to be widespread. With the vulnerability disclosure, we can expect it to be rolled out to exploit kits in the coming days.
Q: Has the vendor issued an alert or advisory?
A: Adobe has launched an investigation on this vulnerability and has released a security bulletin and has stated that a patch will be released this week.
Q: Has the vendor issued a patch for this vulnerability?
A: No, not at this time.
Q: Are there any other sources of information on this threat (i.e. from our competitors) which have already been issued?
A: FireEye and TrendMicro released a blog about the vulnerability CVE-2015-5122 presented in this alert and have been credited with discovering the two exploits.
Q: Is Symantec releasing a public blog about this vulnerability?
A: The external blog has been published today over EMEA shift and it can be viewed in the Security Response Blog here.

 

Reference by symantec

A special offer and new controls for Security Key administrators

Last year, Google worked with the FIDO Alliance standards organization to launch the Security Key — an actual physical key used to simplify 2-Step Verification with Google Accounts. The key adds a layer of protection as it sends an encrypted signature rather than a code, ensuring that login information cannot be phished.

Recently, we announced that we’ve been working on new controls for Google Apps admins to easily deploy, monitor and manage SecurityKeys for their domains via the Admin console, with no additional software to install. Today, we’re excited to announce that these controlsare ready and available in the Admin console for Google Apps Unlimited and Google Apps for Education customers. We also have worked on a new special offer for Google Apps for Work customers that allows them to purchase Security Keys at a 50% discounted rate from Yubico, Security Key manufacturer.

Once Security Keys have been activated by individuals within a domain, Google Apps admins will now be able to do the following with today’s release:

  • See where and when people last used their keys with usage tracking and reports (Admin console > Reports > Audit > Admin)
  • Easily revoke access to lost Security Keys and provide backup codes so people can still sign-in and get work done (Admin console > Users > Open details for person in question > Security Keys)

We are using Security Keys at Google because it makes our lives easier and increases security. With these new controls, Google Apps admins can offer the same benefits to people in their domain.

Check out the links below for more information.

Note: the new admin controls are available for Google Apps Unlimited and Google Apps for Education customers only. Customers using other Google Apps editions can use Security Keys, but people in their domain must revoke their own keys using My Account.

Release track:
Rapid release and Scheduled release

Reference by www.google.com

 

Accept or reject external guest requests to join Hangouts video calls with the Hangouts iOS app

Google recently completed the cross-platform rollout of a feature allowing Google Apps customers to share links to Hangouts video calls so that external meeting guests may request to join if not explicitly invited.

Previously, video calls shared with the link required someone in the Apps domain of the Hangout video call to accept those requesting access on the web. With today’s launch, we’ve enabled this accept or reject functionality in the latest version of the Hangouts iOS app.

To accept or reject a request to join a video call on your mobile device, tap the ‘Accept’ or ‘Decline’ button in the pop-up screen that appears when a guest is requesting to join.

comprompt Accept or reject external guest requests

This functionality is coming soon to the Hangouts Android app.

Release track:
Rapid release and Scheduled release

reference by google.com