Security News

Google is about to give Chrome users a small security boost with new functionality that will attempt to automatically upgrade web pages to HTTPS. Dubbed HTTPS-First mode, the feature resembles the HTTPS-only mode in Firefox. For years, Google and other Internet companies out there have been actively advocating for the wide adoption of HTTPS across the web, both there still are websites that don't use encryption yet, thus posing a threat to their users.

Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild. Google Chrome will automatically update itself on the next launch, but you can also manually update it by checking for the newly released version from Settings > Help > 'About Google Chrome.

Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum.

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks.

"Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS and display a full-page warning before loading sites that don't support it." Google said. "Users who enable this mode gain confidence that Chrome is connecting them to sites over HTTPS whenever possible, and that they will see a warning before connecting to sites over HTTP.".

Google security researchers shared more information on four security vulnerabilities, also known as zero-days, unknown before they discovered them being exploited in the wild earlier this year. The four security flaws were found by Google Threat Analysis Group and Google Project Zero researchers after spotting exploits abusing zero-day in Google Chrome, Internet Explorer, and WebKit, the engine used by Apple's Safari web browser.

Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws - tracked as CVE-2021-34816 and CVE-2021-34817 - were discovered and reported on June 4 by researchers from SonarSource, following which patches have been shipped for the latter in version 1.8.14 of Etherpad released on July 4.

Google Cloud on Monday announced that its Certificate Authority Service is now generally available. The Google Cloud Certificate Authority Service, for which a public preview was announced in October 2020, is designed to help organizations "Simplify, automate, and customize the deployment, management, and security of private certificate authorities."

SoftServe and Google Cloud Premier Partner, has achieved the Security Specialization in the Google Cloud Partner Advantage Program, having proven its expertise and success in building security solutions on Google Cloud's Platform. "We are excited to add this Security Specialization at a time when cybercrime is becoming ever more prevalent and attacks are becoming more sophisticated," said Todd Lenox, VP Alliances and Partnerships at SoftServe.

Bogus cryptomining apps for Android available for download on Google Play are estimated to have scammed more than 93,400 victims to date, researchers said, stealing at least $350,000. In addition to offering the "Apps" themselves for a fee, the scammers also promote additional services and upgrades that users can purchase within the apps, either by transferring Bitcoin or Ethereum cryptocurrencies directly to the developers' wallets or via the Google Play in-app billing system.