Apr 15, 2023Ravie LakshmananZero-Day / Browser Security Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript … [Read more...] about Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Zero-click remote hacks for Samsung, Google, and Vivo smartphones
Smartphones, tablets, and even cars with Samsung Exynos microprocessors are at risk of remote hacking. Bug hunters at Google Project Zero say you just need the victim’s phone number. This is due to the presence of 18 vulnerabilities in the Exynos baseband radio processor, which is widely used in Google, Vivo, Samsung, and many other smartphones. Four of them are critical and … [Read more...] about Zero-click remote hacks for Samsung, Google, and Vivo smartphones
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
Mar 11, 2023Ravie LakshmananCyber Threat Intelligence The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and … [Read more...] about BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors
Feb 24, 2023Ravie LakshmananMobile Security / Firmware Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor (AP), it's just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular communications … [Read more...] about Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors
Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Feb 24, 2023Ravie LakshmananPrivacy / Data Safety An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies and … [Read more...] about Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
Feb 15, 2023Ravie LakshmananPrivacy / Technology Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and … [Read more...] about Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers
Dec 30, 2022Ravie LakshmananBug Bounty / Privacy A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws "allowed an attacker within wireless proximity to install a 'backdoor' account on the device, enabling them to … [Read more...] about Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers
New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
Dec 29, 2022Ravie LakshmananOnline Security / Malvertising Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google … [Read more...] about New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Dec 18, 2022Ravie Lakshmanan Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. This development comes at a time when concerns about online privacy and data security are at an all-time high, and it is certainly welcomed by users who value the … [Read more...] about Google Takes Gmail Security to the Next Level with Client-Side Encryption
Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
Dec 08, 2022Ravie LakshmananPatch Management / Zero-Day An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément … [Read more...] about Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers