Security News
Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability. When the vulnerability was first disclosed, Google stated that they would block HTTP and HTTPS access to TCP ports 5060 and 5061 to protect against this vulnerability in the release of Chrome 87.
Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate. Google unveiled a new report from its Threat Analysis Group on Monday highlighting the work of a group of cyberattackers associated with the government of North Korea that sought to impersonate cybersecurity researchers in an effort to target those "Working on vulnerability research and development at different companies and organizations." Adam Weidemann, a member of the Threat Analysis Group, wrote that the attackers used a variety of fake blogs, Twitter accounts and LinkedIn profiles to make themselves look legitimate and communicate with researchers and analysts they were hoping to go after.
BeyondCorp Enterprise is a scalable, agentless, end-to-end zero trust platform that lives entirely within Chrome Enterprise. Google Cloud has announced the general availability of its new zero trust security product, BeyondCorp Enterprise, a scalable, agentless, end-to-end zero trust platform that lives entirely within Chrome Enterprise.
Google says it's making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials. The company gave an update Monday on its work to remove from its Chrome browser so-called third-party cookies, which are used by a website's advertisers or partners and can be used to track a user's internet browsing habits.
This month Google engineers have fixed a severe remote code execution vulnerability in the Go language. The RCE vulnerability, CVE-2021-3115, mainly impacts Windows users of Go running the go get command, due to the default behavior of Windows PATH lookups.
North Korea's hackers homed in on specific infosec researchers and infected their systems with a backdoor after luring them to a suspicious website, Google revealed on Monday. "The researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," said Googler Adam Weidemann.
Google late Monday raised the alarm about a "Government-backed entity based in North Korea" targeting - and hacking into - computer systems belonging to security researchers. Google's Threat Analysis Group, a team that monitors global APT activity, said the ongoing campaign is aimed at security researchers working on vulnerability research and development at different companies and organizations.
Two major browsers -Microsoft Edge and Google Chrome - are rolling out default features, which they say will better help notify users if their password has been compromised as part of a breach or database exposure. Microsoft on Thursday said that its next version of Edge will generate alerts if a user password is found in an online leak.
If you've ever been tempted to change your Google account password, but weren't sure how, don't let that confusion stop you. Jack Wallen walks you through the process.
This use of Google Forms by cybercriminals is not new and is routinely observed in credential phishing campaigns to bypass email security content filters. In this attack, the use of Google Forms may also prompt an ongoing dialogue between the email recipient and the attacker - setting them up as a victim for a future BEC trap, researchers say.