Security Jobs from the Boardroom to the N.O.C.
Google discovered a software bug that gave third-party developers access to the private profile data of users of its Google+ social network. In response, Google will shut down the consumer functionality of the service over the next ten months. The Wall Street Journal reports that Google didn't disclose the breach when it first discovered it in March to avoid regulatory scrutiny and reputational damage.

The most dire vulnerability targets the Android framework and could allow an adversary to execute arbitrary code on targeted devices.

Potentially impacted customers include organizations like Aldo, Dunkin Donuts, GE, HauteLook, Nestle Waters, News Corp Australia and Sony. Cloud behemoth Salesforce.com is warning customers about an API error that may have leaked data for some users of its Marketing Cloud offering.

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug. Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware.

Bypass works on iOS 12 and Apple’s latest iPhone XS model phones allowing an attacker to access contacts and photos. A passcode bypass vulnerability in Apple’s new iOS version 12 could allow an attacker to access photos and contacts (including phone numbers and emails) on a locked iPhone XS and other devices.

Facebook's security breach shows even significant security investment might not help. The biggest technology companies, finance firms and technology giants — including Facebook which now reports up to 50 million user accounts may have been taken over by criminal hackers — invest many millions in cybersecurity and still fall victim to significant attacks.