- feeds
- popular
- recent
- reader
- about
- story
- technologies
- what is rss
- connect
- dmca
- contact
- Feed Preview google – Threatpost
Google Warns of Critical Android Remote Code Execution Bug
Google's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.
https://threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/
Researcher Breaks reCAPTCHA With Google’s Speech-to-Text API
Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate.
https://threatpost.com/researcher-breaks-recaptcha-speech-to-text-api/162734/
Tech Giants Lend WhatsApp Support in Spyware Case Against NSO Group
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.
https://threatpost.com/tech-giants-lend-whatsapp-support-in-spyware-case-against-nso-group/162552/
3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.
https://threatpost.com/3m-users-malicious-facebook-insta-browser-add-ons/162350/
Sextortionist Campaign Targets iOS, Android Users with New Spyware
Goontact lures users of illicit sites through Telegram and other secure messaging apps and steals their information for future fraudulent use.
https://threatpost.com/sextortionist-campaign-targets-ios-android-users-with-new-spyware/162321/
Google Play Apps Remain Vulnerable to High-Severity Flaw
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Edge.
https://threatpost.com/google-play-apps-remain-vulnerable-to-high-severity-flaw/161785/
iPhone Bug Allowed for Complete Device Takeover Over the Air
Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.
https://threatpost.com/iphone-bug-takeover-over-the-air/161748/
Facebook Messenger Bug Allows Spying on Android Users
The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them.
https://threatpost.com/facebook-messenger-bug-spying-android/161435/
Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole
Overall Google's Chrome 87 release fixed 33 security vulnerabilities.
https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/
2 More Google Chrome Zero-Days Under Active Exploitation
Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution.
https://threatpost.com/2-zero-day-bugs-google-chrome/161160/
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
https://threatpost.com/microsoft-patch-tuesday-critical-bugs/161098/
Ghimob Android Banking Trojan Targets 153 Mobile Apps
A banking trojan is targeting mobile app users in Brazil - and researchers warn that its operator has big plans to expand abroad.
https://threatpost.com/ghimob-android-banking-trojan/161075/
Apple Patches Bugs Tied to Previously Identified Zero-Days
The actively exploited vulnerabilities discovered by Project Zero exist across iPhone, iPad and iPod devices.
Google Forms Abused to Phish AT&T Credentials
More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.
https://threatpost.com/google-forms-abused-to-phish-att-credentials/160957/
Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.
https://threatpost.com/chrome-holes-actively-targeted/160890/
Scammers Abuse Google Drive to Send Malicious Links
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.
https://threatpost.com/scammers-google-drive-malicious-links/160832/
Firestarter Android Malware Abuses Google Firebase Cloud Messaging
The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism.
https://threatpost.com/firestarter-android-malware-google-firebase-cloud/160800/
Google Boots 21 Bogus Gaming Apps from Play Marketplace
Android apps packed with malware from HiddenAds family downloaded 8 million times from the online marketplace.
Chrome 86 Aims to Bar Abusive Notification Content
Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.
https://threatpost.com/chrome-86-abusive-notification-content/160445/
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
The memory-corruption vulnerability exists in the browser’s FreeType font rendering library.
https://threatpost.com/google-patches-zero-day-browser/160393/
Google’s Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy
Google's Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden's presidential campaign.
Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices
Intel and Google are urging users to update the Linux kernel to version 5.9 or later.
https://threatpost.com/google-intel-kernel-bug-linux-iot/160067/
Google Rolls Out Fixes for High-Severity Android System Flaws
The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416).
Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables
Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users.
https://threatpost.com/google-chrome-86-critical-payments-bug-password-check/159938/
Why Web Browser Padlocks Shouldn’t Be Trusted
Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.
https://threatpost.com/why-web-browser-padlocks-shouldnt-be-trusted/159659/
Alien Android Banking Trojan Sidesteps 2FA
A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.
Google Chrome Bugs Open Browsers to Attack
Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.
Google Play Bans Stalkerware and ‘Misrepresentation’
The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns.
Bluetooth Spoofing Bug Affects Billions of IoT Devices
The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.
https://threatpost.com/bluetooth-spoofing-bug-iot-devices/159291/
Govt.-Backed Contact-Tracing Apps Raise Privacy Hackles
New opt-in COVID-19 Exposure Notifications Express systems baked into Apple’s iOS and available on Android need privacy guardrails, say privacy advocates.
https://threatpost.com/govt-contact-tracing-apps-privacy/159109/
Google Squashes Critical Android Media Framework Bug
The September Android security bulletin addressed critical- and high-severity flaws tied to 53 CVEs overall.
Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
A researcher discovered a cross-site scripting flaw in Google Map's export function, which earned him $10,000 in bug bounty rewards.
https://threatpost.com/bug-in-google-maps-opened-door-to-cross-site-scripting-attacks/159006/
Google Ups Product-Abuse Bug Bounties
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent.
https://threatpost.com/google-product-abuse-bug-bounties/158940/
India Blocks High-Profile Chinese Apps on Political, Privacy Concerns
Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization.
https://threatpost.com/india-blocks-high-profile-chinese-apps-on-political-privacy-concerns/158959/
Joker Spyware Plagues More Google Play Apps
The six malicious apps have been removed from Google Play, but could still threaten 200,000 installs.
https://threatpost.com/joker-spyware-google-play-apps-2/158895/
Medical Data Leaked on GitHub Due to Developer Errors
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
https://threatpost.com/medical-data-leaked-on-github-due-to-developer-errors/158653/
TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic
App concealed the practice of gathering device unique identifiers using an added layer of encryption.
Google Fixes Mysterious Audio Recording Blip in Smart Speakers
Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature.
https://threatpost.com/google-fixes-mysterious-audio-recording-blip-in-smart-speakers/158219/
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.