Tag: google

Google to Block Entrust Certificates in Chrome Starting November 2024
News

Google to Block Entrust Certificates in Chrome Starting November 2024

Citing compliance failures and the certificate authority's slow response to security vulnerabilities, Google has announced that it will begin blocking websites that use Entrust certificates starting on or around November 1, 2024, in its Chrome browser. Google's Chrome security team stated that over the past few years, publicly available incident reports have shown a pattern of unsettling actions by Entrust that do not live up to the expectations mentioned above. This has damaged public trust in Entrust's ability, dependability, and integrity as a publicly trusted [certificate authority] owner. In light of this, the massive tech company announced that it will default to not trust TLS server authentication certificates from Entrust beginning read more about Google to Block Entrust Cer...
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
News

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has issued a warning, stating that a zero-day exploit has been used to target a security vulnerability in the Pixel Firmware. The elevation of privilege problem in Pixel Firmware has been identified as the high-severity vulnerability, designated as CVE-2024-32896. Regarding the type of attacks that are taking advantage of it, the company only disclosed that "there are indications that CVE-2024-32896 may be under limited, targeted exploitation." Fifty security vulnerabilities are addressed in the June 2024 security update, five of which are related to different Qualcomm chipset components. Several noteworthy vulnerabilities that were addressed included a denial-of-service (DoS) attack that affected Modem and many information disclosure weaknesses that affected Trusty rea...
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
News

Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps

To stop fraudulent apps from collecting private information on the device, Google is releasing a number of new features with Android 15. This is essentially a Play Integrity API update that third-party app developers may use to protect their apps from malicious software. According to Dave Kleidermacher, vice president of engineering for Android security and privacy, "Developers can check if other apps are running that could be capturing the screen, creating overlays, or controlling the device." This is beneficial for applications that wish to shield users from fraud and conceal private data from other applications. Furthermore, before processing sensitive data or carrying out sensitive operations, the Play Integrity API can be used to verify whether Google Play Protect is turn...
Google Launches AI-Powered Theft and Data Protection Features for Android Devices
News

Google Launches AI-Powered Theft and Data Protection Features for Android Devices

A number of privacy and security enhancements, including a set of sophisticated protection tools to assist safeguard users' devices and data in the case of theft, have been revealed by Google for Android. The tech giant stated that these features are anticipated to be made accessible through an update to Google Play services for smartphones running Android versions 10 and later. They are intended to assist secure data before, during, and after a theft attempt. One such feature is private space, which lets users store private applications on their phones in a specific section that may be secured with a different PIN and kept hidden. By forcing users to input their PIN, password, or biometric data before changing sensitive device settings, like turning off Find My Device read more ...
Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices
News

Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices

On Monday, Apple and Google formally announced the release of a new feature that alerts users on iOS and Android devices when a Bluetooth tracking device is being used to surreptitiously monitor them without their knowledge or agreement. The businesses stated in a joint statement that this will help reduce the misuse of devices meant to help keep track of items and that it also intends to address potential concerns to user privacy and safety. The cross-platform solution concept was first made public by the two IT behemoths precisely a year ago. The feature, known as Detecting Unwanted Location Trackers (DULT), can be found on iOS devices with iOS 17.5, which was released yesterday, and Android devices running versions 6.0 and higher read more Apple and Google Launch Cross-Platfor...
Google Announces Passkeys Adopted by Over 400 Million Accounts
News

Google Announces Passkeys Adopted by Over 400 Million Accounts

Google revealed on Thursday that over 400 million Google accounts are using passkeys, and over the previous two years, users have authenticated over 1 billion times. According to Heather Adkins, vice president of security engineering at Google, passkeys are 50% faster than passwords and are phishing resistant because they just require a fingerprint, facial scan, or pin. The search engine behemoth points out that passkeys are already utilized for Google Account login more frequently than older types of two-factor authentication, like the combination of app-based and SMS-based one-time passwords (OTPs). The business also said that it is adding new apps and services to its Cross-Account Protection program, which notifies users of suspicious activities involving third-party apps and ...
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
News

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

On Monday, Google disclosed that during the previous year, nearly 200,000 app submissions to its Play Store for Android were either remediated or rejected due to concerns about access to sensitive data, such location or SMS messages. Additionally, the tech company claimed that 333,000 malicious accounts had been removed from the app storefront in 2023 because to continuous policy violations or attempts to transmit malware. According to Google's Steve Kafka, Khawaja Shams, and Mohet Saxena, in 2023 we stopped 2.28 million policy-violating apps from being released on Google Play, in part because of our investment in new and better security features, policy updates, and sophisticated machine learning and app review processes. We collaborated with SDK providers to restrict access to ...
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
News

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

Google has reiterated its intention to remove third-party monitoring cookies from its Chrome browser in an effort to allay ongoing competition concerns raised by UK regulators regarding its Privacy Sandbox program. By the end of the year, the IT giant expects to reach an agreement with the Competition and Markets Authority (CMA) in the United Kingdom. According to the revised schedule, third-party cookie phasing will begin early in 2021. This is the third delay of this kind since the tech giant first revealed the plans in 2020; the previous two were from early 2022 to late 2023 and again to the second half of 2024. The term "Privacy Sandbox" describes a group of programs that provide users with privacy-preserving options to tracking cookies and cross-app identifiers used to displ...
Hackers abuse Google Cloud Run in massive banking trojan campaign
News

Hackers abuse Google Cloud Run in massive banking trojan campaign

Researchers in security are alerting us to instances of hackers misusing Google Cloud Run to spread large amounts of banking trojans, such as Astaroth, Mekotio, and Ousaban. With Google Cloud Run, customers can manage workloads and launch front-end and back-end services, websites, and apps without having to worry about scaling or maintaining an infrastructure. When Brazilian attackers began launching campaigns employing MSI installer files to distribute malware payloads in September 2023, Cisco Talos analysts noticed a sharp increase in the exploitation of Google's service for malware distribution. According to the researchers' assessment, Google Cloud Run's affordability and capacity to get over conventional security restrictions read more Hackers abuse Google Cloud Run in massi...
Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore
News

Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore

A new trial program from Google has been announced for Singapore, to stop users from sideloading specific apps that misuse Android app permissions to read one-time passwords and collect private information. When the user tries to install the app from an Internet-sideloading source (web browsers, messaging apps, or file managers), this enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions that are frequently abused for financial fraud," the company said. This feature looks for apps that attempt to obtain sensitive permissions related to reading SMS messages, understanding or dismissing notifications from legitimate apps, and accessibility services that are frequently exploited by malware based on Android to ...