Security News

A barcode scanner app, with over 10 million downloads, was booted from the Google Play marketplace after users began to complain of mobile-ad overload. The makers of the app, called Barcode Scanner, intentionally altered the code of the app via an update turning it from a benign app to adware, according to researchers. Tipped by a user, researchers at Malwarebytes explained, the publisher added new heavily obfuscated code to the app that directed the default mobile web browser to launch and serve-up ads - whether the barcode app was active or not.

Global Payments and Google announced an expansive multi-year partnership to deliver innovative cloud-based products and capabilities, enabling best-in-class digital merchant customer experiences worldwide. As part of the partnership, Global Payments will migrate its merchant acquiring technology to Google Cloud, and will provide merchant acquiring services to Google to extend its global market reach.

Cybercriminals have been using a novel approach to exfiltrate data that involves directly injecting malicious Google Chrome extensions onto victims' Windows machines via the abuse of Google's cloud synching function. The malicious add-on is disguised as a "Forcepoint Endpoint Chrome Extension for Windows," with the attackers using the security company's logo to enhance an air of legitimacy.

Google last week announced the launch of OSV, which the internet giant has described as a vulnerability database and triage infrastructure for open source projects. OSV should make it easier for the users of open source software to find out which vulnerabilities impact them.

The company will deepen its initial work with Google and move its offline analytics, data processing, and machine learning workloads to Google's Data Cloud. With this expanded partnership, Twitter is adopting Google's Data Cloud including BigQuery, Dataflow, Cloud Bigtable and machine learning tools.

Google is weaning itself off user-tracking "Cookies" which allow the web giant to deliver personalized ads but which also have raised the hackles of privacy defenders. Last month, Google unveiled the results of tests showing an alternative to the longstanding tracking practice, claiming it could improve online privacy while still enabling advertisers to serve up relevant messages.

Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks. The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.

The heap-buffer overflow error exists in V8, an open-source WebAssembly and JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers. Researchers urge Google Chrome users to update as soon as possible.

Google this week said it paid out more than $6.7 million in rewards as part of its bug bounty programs in 2020. The total amount of bug bounty rewards increased only slightly compared to 2019, when the Internet search giant paid just over $6.5 million.

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the Google Chrome 88.0.4324.150 announcement reads.