Security News

Although a majority of the messaging apps today rely on WebRTC for communication, the connections themselves are created by exchanging call set-up information using Session Description Protocol between peers in what's called signaling, which typically works by sending an SDP offer from the caller's end, to which the callee responds with an SDP answer. Not only did the flaws in the apps allow calls to be connected without interaction from the callee, but they also potentially permitted the caller to force a callee device to transmit audio or video data.

Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.

A bug in Google Search is causing a browser tab to freeze when searching between a specified range of dates. Google has a search feature under the Tools > Any Time drop-down menu that allows you to search for content published within a specific date range.

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. Chrome 88 is now promoted to the Stable channel, Chrome 89 is the new Beta version, and Chrome 90 will be the Canary version.

Review your recent Gmail access, browser sign-in history, and Google account activity to make sure no one other than you has used your account. The following steps can help you figure out if someone, other than you, is accessing your Gmail or Google account.

Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome. This is because many of the Google APIs included in the Chromium code are specific only to Google Chrome and are not intended to be integrated and used by the users of derived Chromium products.

Google has removed 164 apps, downloaded a total of 10 million times, from its Google Play marketplace because they were delivering "Disruptive" ads, considered malicious. The problem continues to plague Google despite numerous efforts by the company to prevent "Malicious developers" from submitting their apps to its Google Play marketplace.

Now patched, the exploits took advantage of bugs in Windows, Chrome, and older versions of Android though watering hole attacks, says Google. In a series of blog posts published Tuesday, Google revealed that it discovered two malicious servers set to deliver different exploit campaigns through watering hole attacks.

Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits. The Project Zero team, in collaboration with the Google Threat Analysis Group, discovered a watering hole attack using two exploit servers in early 2020, each of them using separate exploit chains to compromise potential targets.

The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. The exploit allows an attacker to obtain the long-term elliptic curve digital signal algorithm private key designated for a given account.