Security News
Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. Although it is unclear how many MetaMask users fell for the scam, some say they ended up with empty wallets after clicking on a fraudulent search ad being promoted as the MetaMask site.
A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released. The Google Play Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user.
Authentic8 announced a partnership with Google Cloud to expand availability of Silo across Google Cloud's infrastructure with 1-click procurement. Authentic8 is now a Google Cloud Technology Partner providing security, and Authentic8 gains access to Google Cloud's ability to run compliant web-based workflows at the highest levels of civilian classification.
Infosec bods from Check Point have discovered that popular apps are still running outdated versions of Google's Play Core library for Android - versions that contained a remote file inclusion vulnerability. They found that the Play Core Library, an in-app update and streamlining feature offered to Android devs, could be abused to "Add executable modules to any apps using the library".
UPDATE. Researchers are warning that several popular Google Play applications - including mobile browser app Edge - have yet to push out an important update addressing a high-severity vulnerability in the Google Play Core Library. The vulnerability exists in Google Play Core Library, which is utilized by various popular applications like Google Chrome, Facebook and Instagram.
Google is shutting down its 3D model sharing site Poly in 2021 to focus their resources on building AR experiences. Google Poly allows designers to upload their 3D models to a gallery that can be used by other members in their projects.
To make sure Chrome users aren't utilizing weak passwords, Google Chrome's Safety check feature will alert you if your passwords were found in data breaches. Google is now working on a new feature that will automatically detect and highlight weak passwords when performing a Safety check, as shown below.
Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "Wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "View all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time," said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "Memory corruption issue was addressed with improved input validation."
CyrusOne announced new options for direct connectivity to Google Cloud, with the addition of five new direct on-ramps in Aurora, Austin, Houston, San Antonio, and the newly operational Council Bluffs facility. As part of Google Cloud Interconnect, the new direct connect locations provide CyrusOne customers with simple, cost-effective solutions for creating hybrid cloud environments tailored to their specific business needs.
Google Chrome will soon let you search through your open web pages to find that missing page lost among a sea of tabs. To help with this mess, Google is testing a new 'Tab Search' feature in the Chrome Canary builds that allows you to search your open tabs for a particular keyword.