Researchers have found a critical vulnerability, CVE-2021-21148, in Google Chrome. We recommend addressing it as soon as possible because cybercriminals are already exploiting it. Browser versions for major desktop operating systems (Windows, MacOS, and Linux) are all vulnerable. Here’s what’s going on, and how to update your browser. Why CVE-2021-21148 is dangerous The … [Read more...] about Why you should to update Google Chrome to version 88.0.4324.150 immediately
Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security … [Read more...] about Google uncovers new iOS security feature Apple quietly added after zero-day attacks
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The … [Read more...] about New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward … [Read more...] about A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as … [Read more...] about Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
Malware disguised as Minecraft mods on Google Play
The first version of Minecraft was released way back in 2009, but the game remains incredibly popular to this day. That should come as no surprise; not only is it enormous fun, but it’s a platform for kids and adults alike to create their own worlds. Some even use it for urban planning — and some teachers use it in the classroom. Unfortunately, as with any successful project, … [Read more...] about Malware disguised as Minecraft mods on Google Play
Google Discloses Windows Zero-Day Bug Exploited in the Wild
Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges (EoP) vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver ("cng.sys") that can be exploited for a sandbox … [Read more...] about Google Discloses Windows Zero-Day Bug Exploited in the Wild
DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
Cisco Blogs / Security / Threat Research / DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google … [Read more...] about DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
How to Run Google SERP API Without Constantly Changing Proxy Servers
You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work well – for a little while. After several scrapes, Google's automated security system kicks in. Then it kicks you out. The … [Read more...] about How to Run Google SERP API Without Constantly Changing Proxy Servers
Google Removes 21 Malicious Android Apps from Play Store
Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were reported by the Czech cybersecurity firm Avast on Monday, which said the 21 malicious apps (list here) were downloaded nearly eight million times from Google's app marketplace. The apps … [Read more...] about Google Removes 21 Malicious Android Apps from Play Store