Security News

Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online. They take advantage of the fact that online stores would consider Google's Apps Script domain as trusted and potentially whitelisting all Google subdomains in their sites' CSP configuration.

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims' credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML files.

While it sounds impossible, the same technological approach that helped index the entire Web can come in handy: a knowledge graph - similar to what powers Google Search - is an ideal technology foundation to make a generational leap in threat detection and response. To address these challenges, organizations are starting to use knowledge graphs and other advances including ML-led threat analysis, incorporation of threat hunting expertise, and better data management.

Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. To achieve this, Apple relies on Google Safe Browsing - or Tencent Safe Browsing for users in Mainland China - a blocklist service that provides a list of URLs for web resources that contain malware or phishing content, to compare a hash prefix calculated from the website address and check if the website is fraudulent.

Google Cloud and Sigfox announced that the leading global 0G network and IoT platform services provider, has partnered with Google Cloud, to scale its cloud infrastructure and extend its IoT services portfolio. Google Cloud will also enable faster improvements to Sigfox's connectivity, geolocation, and other value-added services towards ultra-low-cost and ultra-low-power IoT solutions.

Chromium-based browsers such as Microsoft Edge and Google Chrome will soon support the Intel CET security feature to prevent a wide range of vulnerabilities. Intel's Control-flow Enforcement Technology is a hardware security feature initially introduced in 2016 and added to Intel's 11th generation CPUs in 2020.

Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. After inspecting phishing and malware campaigns blocked by Gmail within five months, Google found that 42% of all targets were from the US, with the next two most targeted users being from the UK and Japan.

Apple's forthcoming iOS 14.5 release, currently in beta, will conceal the IP address of Safari web surfers from Google's Safe Browsing service, integrated into Safari to spot fraudulent websites. That means when Safari users visit a website with Safe Browsing active, their IP addresses will be associated with an Apple domain rather than their internet service provider or corporate network.

Hands On. Google has big ambitions for its new Open Source Vulnerabilities database, but getting started requires a Google Cloud Platform account and there are other obstacles that may add friction to adoption. The company wants to see more discipline and checks in critical open-source software, and revealed that it maintains its own private repositories for many projects to guard against compromised code or newly committed vulnerabilities.

Kind old Google has published data on targeted email attacks and dispensed advice to help users separate friend from foe. The pandemic has presented malware-laden email flingers with a world of opportunity and a whole new set of attack vectors.