Security News

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials. Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.

For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop version of the browser, CVE-2020-16010 in the mobile version. The former was found and reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero, the latter by Maddie Stone, Mark Brand, and Sergei Glazunov of Google Project Zero.

Google this week announced the availability of a new set of monthly patches for the Android operating system, containing fixes for a total of 30 vulnerabilities. The first part of the update, the 2020-11-01 security patch level addresses a total of 17 vulnerabilities in the Android runtime, Framework, Media Framework, and System components.

Onix announced it has signed an expanded agreement with Google Cloud to accelerate its growth and grow customer adoption of Google Cloud products and solutions. Under this agreement, Onix will leverage its world-class services team to drive the adoption of Google Cloud with its current and future customers.

Folksam, one of the largest insurance companies in Sweden, today disclosed a data breach affecting around 1 million Swedes after sharing customers' personal info with multiple technology giants. The insurer discovered the data breach after an internal audit according to Jens Wikström, Head of Marketing and Sales at Folksam, and reported the incident to the Swedish Data Protection Authority.

Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Less than two weeks ago, Google released patches for other high-severity flaws in Chrome, including CVE-2020-15999, an actively exploited zero-day in FreeType.

Scammers are leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. According to reports,, the recent attack stems from Google Drive's legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc.

Google today released Chrome 86.0.4240.183 for Windows, Mac, and Linux to address 10 security vulnerabilities including a remote code execution zero-day exploited in the wild. Today, Google patched another zero-day in Chrome for Android exploited in the wild, a sandbox escape vulnerability tracked as CVE-2020-16010.

Bad news for those who have bought into the Nest Secure home surveillance system - Google has surprised many by halting further deployments. The Secure package consists of motion sensors for doors and windows that communicate with the Hub, a modern-day version of the traditional home alarm keypad but with NFC Tag key fobs and smartphone alerts.

Google researchers have made public a Windows kernel zero day vulnerability that is being exploited in the wild in tandem with a Google Chrome flaw that has been patched on October 20. CVE-2020-17087 is a vulnerability in the Windows Kernel Cryptography Driver, and "Constitutes a locally accessible attack surface that can be exploited for privilege escalation."