Security News

Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. "Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers," the company said in a post.

Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.The company says that the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.

The UK's Home Secretary - the minister in charge of policing and internal security - has been forced to apologize for breaching IT security protocols in government. On another occasion, she accidentally forwarded official documents to a Member of Parliament from her Gmail account because she did not have her phone with her.

Phishers taking advantage of Gmail's SMTP relay service to impersonate brands. It was recently found by cloud email security company Avanan that phishers have been exploiting Gmail's SMTP relay service since at least April.

Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31. "In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley revealed today.

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks. According to a report by Barracuda, who surveyed 10,500 organizations, 35% of them received at least one bait attack email in September 2021 alone.

Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia. The campaign was detected in late September and accounts for a larger than usual batch of Government-Backed Attack notifications that Google sends to targeted users every month.

This effective indicator that these types of email communication are coming from that specific legitimate source is made possible by Gmail's added support for the Brand Indicators for Message Identification standard. About BIMI. BIMI is an email specification that enables the use of brand-controlled logos within email clients.

US House Rep Mo Brooks seemingly revealed his Gmail password and a PIN in a Sunday rage tweet about a lawsuit regarding the January 6 insurrection attempt. Brooks, who sits on the House's Cyber, Innovative Technologies, and Information Systems subcommittee, and the Science, Space, and Technology committee, tweeted a photo from an iPad of his Windows computer, attached to which was a piece of paper with login credentials written on it.