Security News

It turns out, this header, now being returned by GitHub sites, is actually meant for website owners to opt-out of Google FLoC tracking. BleepingComputer also noticed the entire github.com domain had this header set, indicating GitHub did not want its visitors to be included in Google FLoC's "Cohorts" when visiting any GitHub page.

UK consumer watchdog Which? has found that ad giants Google and Facebook are failing to remove online scam ads even after victims report them. A third of those reporting scam ads to Google found the same offending ads still present, while the figure was a quarter for antisocial media site Facebook.

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform.

Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. PoC dropped on Twitter, zero-day fixed one week later.

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.

Siemens intends to integrate Google Cloud's leading data cloud and artificial intelligence/machine learning technologies with its factory automation solutions to help manufacturers innovate for the future. While AI projects have been deployed by many companies in "Islands" across the plant floor, manufacturers have struggled to implement AI at scale across their global operations.

Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. While Google Alerts has been abused for a long time, BleepingComputer has noticed a significant increase in activity over the past couple of weeks.

A proposal by a WordPress core contributor to treat Google's FLoC ad tech as a security vulnerability, and therefore backport an automatic opt-out to previous WordPress versions, shows the depth of community opposition to the technology. Now a WordPress Core contributor has proposed treating "FLoC as a security concern."

Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. This month, Google began testing a new tracking platform called Federated Learning of Cohorts, or FLoC, that places users in anonymous buckets, or cohorts, based on their interest and browsing behavior.

WordPress announced today that they are treating Google's new FLoC tracking technology as a security concern and may block it by default on WordPress sites. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google's FLoC implementation just replaces one privacy risk with another one.