Security News

When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon. Mozilla, maker of Chrome rival Firefox, has been trying to decide whether Camerfirma's history of questionable certificate management practices - documented in a lengthy list - warrants banishing the Spanish company's certificates from its Root Store - the set of certificates Firefox recognizes as trustworthy by default.

Chrome 89 also supports Web NFC, meaning that web applications can read and write NFC tags. Another new feature is the Web Serial API, which enables direct communication between web applications and devices with serial ports.

A "Severe" vulnerability in GNU Privacy Guard's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems.

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a Google Project Zero researcher tasked with studying zero-day vulnerabilities in hardware and software systems.

A malicious Home Depot advertising campaign is redirect Google search visitors to tech support scams. Malicious Google search ads are nothing new, with campaigns for Amazon Prime, PayPal, and eBay seen in the past.

A trio of researchers from China have found that QUIC is more vulnerable to web fingerprinting than HTTPS, a shortcoming that could make it easier for an adversary to infer which websites an individual is visiting by scrutinizing network traffic. Google developed QUIC to solve issues like these and the protocol is being worked on in parallel by the Internet Engineering Task Force as a standard.

Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability. When the vulnerability was first disclosed, Google stated that they would block HTTP and HTTPS access to TCP ports 5060 and 5061 to protect against this vulnerability in the release of Chrome 87.

Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate. Google unveiled a new report from its Threat Analysis Group on Monday highlighting the work of a group of cyberattackers associated with the government of North Korea that sought to impersonate cybersecurity researchers in an effort to target those "Working on vulnerability research and development at different companies and organizations." Adam Weidemann, a member of the Threat Analysis Group, wrote that the attackers used a variety of fake blogs, Twitter accounts and LinkedIn profiles to make themselves look legitimate and communicate with researchers and analysts they were hoping to go after.

BeyondCorp Enterprise is a scalable, agentless, end-to-end zero trust platform that lives entirely within Chrome Enterprise. Google Cloud has announced the general availability of its new zero trust security product, BeyondCorp Enterprise, a scalable, agentless, end-to-end zero trust platform that lives entirely within Chrome Enterprise.

Google says it's making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials. The company gave an update Monday on its work to remove from its Chrome browser so-called third-party cookies, which are used by a website's advertisers or partners and can be used to track a user's internet browsing habits.