Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. [...]
...moreSummary
Total Articles Found: 27
Top sources:
Top Keywords:
Top Authors
- Sergiu Gatlan: 6
- Lawrence Abrams: 5
- Bill Toulas: 3
- Bruce Schneier: 2
- Paul Ducklin: 2
Top Articles:
- New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
- Russia fines Google for spreading ‘unreliable’ info defaming its army
- Google Adds New Option to 'Auto-Delete' Your Location History and Activity Data
- Google outage affecting YouTube, Gmail and more
- Android users: watch out for this fake address bar trick
- Google sees 50% security boost for 150M users after 2FA enroll
- DuckDuckGo now blocks Google sign-in pop-ups on all sites
- Gmail hit by a second outage within a single day
- Ad blocker firms rush to fix security bug
- New Android malware on Google Play installed 3 million times
Google now pays $250,000 for KVM zero-day vulnerabilities
LLM Says: "Bug bounty boom"
Chrome starts the countdown to the end of tracking cookies
Published: 2023-12-15 18:14:38
Popularity: 94
Author: None
Keywords:
Google will soon roll out its Tracking Protection feature to some randomly chosen users in order to prepare for a full deployment.
...moreSecurity Risks of New .zip and .mov Domains
Published: 2023-05-19 11:11:52
Popularity: 24
Author: Bruce Schneier
Keywords:
Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability.
...moreDuckDuckGo now blocks Google sign-in pop-ups on all sites
DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users. [...]
...moreMalicious Android app found powering account creation service
A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [...]
...moreChrome and Edge fix zero-day security hole – update now!
Published: 2022-09-05 15:12:58
Popularity: 174
Author: Paul Ducklin
Keywords:
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
...moreNew Android malware on Google Play installed 3 million times
A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. [...]
...moreGoogle patches “in-the-wild” Chrome zero-day – update now!
Published: 2022-07-05 15:55:14
Popularity: 162
Author: Paul Ducklin
Keywords:
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
...moreRussia fines Google for spreading ‘unreliable’ info defaming its army
Roskomnadzor, Russia's telecommunications watchdog, has fined Google 68 million rubles (roughly $1.2 million) for helping spread what it called "unreliable" information on the war in Ukraine and the failure to remove it from its platforms. [...]
...moreGoogle: Predator spyware infected Android devices using zero-days
Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. [...]
...moreGoogle sees 50% security boost for 150M users after 2FA enroll
After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication (2FA), Google announced that an additional 150 million users now have 2FA enabled. [...]
...moreGoogle patches 10th Chrome zero-day exploited in the wild this year
Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild. [...]
...moreGoogle’s Project Zero Finds a Nation-State Zero-Day Operation
Published: 2021-04-08 11:06:53
Popularity: 12
Author: Bruce Schneier
Keywords:
LLM Says: "hacked again"
Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed. […] It’s true that Project Zero does not formally attribute hacking to specific groups. But the Threat Analysis Group, which also worked on the project, does perform attribution. Google omitted many more details than just the name of the government behind the hacks, and through that information, the teams knew internally who the hacker and targets were. It is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down the method of attack...
...moreGoogle shares Spectre PoC targeting browser JavaScript engines
Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to gain access to information from a browser's memory. [...]
...moreGmail hit by a second outage within a single day
Gmail is suffering its second outage in 24 hours, with users able to access their email but unable to send to other Gmail users or are experiencing unexpected behavior. [...]
...moreGoogle outage affecting YouTube, Gmail and more
Google users are currently experiencing issues around the world, with users unable to access Gmail, YouTube, Google Drive, and possibly other Google services. [...]
...moreHat trick for Google as it patches two more zero-days in Chrome
Published: 2020-11-12 21:16:34
Popularity: 33
Author: Pieter Arntz
Keywords:
Google has patched two more zero-day vulnerabilities that were actively being exploited in the wild. Update now! Categories: Exploits and vulnerabilities Tags: chromecve-2020-16013cve-2020-16017Googlepatchessite-isolation (Read more...) The post Hat trick for Google as it patches two more zero-days in Chrome appeared first on Malwarebytes Labs.
...moreBug in ‘USB for Remote Desktop’ lets hackers add fake devices
An unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices. [...]
...moreGoogle reenables FTP support in Chrome due to pandemic
After disabling FTP support in Google Chrome 81, Google has decided to reenable it again to prevent outages and difficulties in accessing information during the Coronavirus pandemic. [...]
...moreGoogle to Kill Chrome Apps Across All Platforms
Google announced that it will slowly phase out support for Chrome apps on all operating systems until they will completely stop working in June 2022 for all users. [...]
...moreGoogle Achieves Its Goal of Erasing the WWW Subdomain From Chrome
With the release of Chrome 79, Google completes its goal of erasing www from browser by no longer allowing Chrome users to automatically show the www trivial subdomain in the address bar. [...]
...moreNew Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
Published: 2019-07-17 10:52:05
Popularity: 7377
Author: noreply@blogger.com (Swati Khandelwal)
Keywords:
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side
...moreGoogle Chrome Canary Flag Makes The Browser a Colorful Mess
Google is testing a new feature in the Chrome Canary builds that allows you to change the colors used by various user interface elements of the browser. This allows users to make the browser and its New Tab Page a colorful mess that some may find amusing, while others find painful. [...]
...moreXSS flaw would have allowed hackers access to Google’s network and impersonate its employees
Published: 2019-06-16 05:19:53
Popularity: 103
Author: Pierluigi Paganini
Keywords:
LLM Says: ""Whoa, no way!""
Bug hunter Thomas Orlita discovered an XSS vulnerability in Google’s Invoice Submission Portal that would have allowed attackers access to Google’s internal network The Czech researcher Thomas Orlita discovered an XSS vulnerability in Google’s Invoice Submission Portal that would have allowed attackers access to part of Google’s internal network. The Google Invoice Submission Portal is […] The post XSS flaw would have allowed hackers access to Google’s network and impersonate its employees appeared first on Security Affairs.
...moreGoogle Adds New Option to 'Auto-Delete' Your Location History and Activity Data
Published: 2019-05-02 07:45:38
Popularity: 3748
Author: noreply@blogger.com (Swati Khandelwal)
Keywords:
Google is giving you more control over how long you want the tech company to hold on to your location history and web activity data. Google has introduced a new, easier, privacy-focused auto-delete feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after a set period of time. Google's Location History feature, if
...moreAndroid users: watch out for this fake address bar trick
Published: 2019-04-30 14:38:05
Popularity: 1221
Author: Danny Bradbury
Keywords:
When is an address bar not an address bar? When it's a fake.
...moreAd blocker firms rush to fix security bug
Published: 2019-04-17 10:59:56
Popularity: 741
Author: Danny Bradbury
Keywords:
If you’re using an ad blocker to filter out online commercials, then beware: You might be vulnerable to a new attack revealed on Monday that enables hackers to compromise your browser.
...more