Security News
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a...
Karakurt, a particularly nasty extortion gang that uses "Extensive harassment" to pressure victims into handing over millions of dollars in ransom payments after compromising their IT infrastructure, pose a "Significant challenge" for network defenders, we're told. So to help organizations avoid getting caught by this crew, the FBI, and the US government's Cybersecurity and Infrastructure Security Agency, Treasury Department, and Financial Crimes Enforcement Network released an extensive list of vulnerabilities and methods the gang exploits and uses for initial access, the software tools they abuse to snoop around and steal data, and the payment wallets and even email addresses used in the group's extortion attacks.
Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious...
Google is notifying Gmail users that the webmail's Basic HTML view will be deprecated in January 2024, and users will require modern browsers to continue using the service. The basic HTML view is a stripped-down version of Gmail that does not offer users chat, spell checking, keyboard shortcuts, adding or importing contacts, setting custom "From" addresses, or using rich text formatting.
Google is urging users to activate its Enhanced Safe Browsing feature via numerous alerts in Gmail that keep coming back, even after you acknowledge them. Enhanced Safe Browsing was released in 2007 as an upgrade to Google's standard Safe Browsing feature that warns users when they visit known phishing and malware sites.
The malware enables the operators to take control of the victim's Gmail, Outlook, Hotmail, or Yahoo email accounts, steal email data and 2FA codes arriving in the inbox, and send phishing emails from the compromised accounts. The victim clicks on the hyperlink on the page and downloads a RAR archive that contains a batch file with a CMD extension, which downloads a PowerShell script that fetches trojan DLLs and a set of legitimate executables from the C2 server.
Google announced today that all Gmail users in the United States will soon be able to use the dark web report security feature to discover if their email address has been found on the dark web. Once enabled, it will allow Gmail users to scan the dark web for their email addresses and take action to protect their data based on guidance provided by Google.
Google Account holders can now use passkeys instead of passwords to log in, Google announced in a security blog post on Wednesday. The passkey is shared with Google websites and apps, but not beyond them.
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails. Kimsuky is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians.
Google Workspace has expanded its client-side encryption to Gmail and Google Calendar for users of Workspace Enterprise Plus, Education Standard and Education Plus, Google announced on Tuesday. Google Calendar for web browser, and Calendar on Android and iOS mobile apps in beta.