Security News
Windstream Enterprise has added new Google Assistant and Amazon Alexa voice command features to its SD-WAN solution, enabling network administrators to work more efficiently. WE already includes Google Assistant and Amazon Alexa integration in its award-winning OfficeSuite UC® solution.
An unsealed warrant in a case involving alleged pedophile R&B star R. Kelly has shown how the Feds can get Google to hand over the details of people who make specific web search queries. Fast forward to this week, and Robert Snell of Detroit News uncovered the aforementioned search warrant [PDF] showing how Homeland Security investigators in June enlisted Google and Verizon Wireless to connect Williams, who lives in the state of Georgia, to the scene of the crime in Florida.
Google has added improved malware protection for all Google Chrome users who are also enrolled in the company's Advanced Protection Program. Google's Advanced Protection Program is a free service that aims to protect the accounts of users including but not limited to activists, journalists, business leaders, and political teams who have a higher risk of being targeted by online attacks.
The White Ops team of researchers, including Cirling, Michael Gethers, Lisa Gansky and Dina Haines, - who named the investigation "RAINBOWMIX," inspired by the 8-16 bit color palate running throughout the retro game apps - found that these fraudulent apps were downloaded more than 14 million times by unsuspecting users. "Most of the RAINBOWMIX apps have a"C-shaped rating distribution curve," the team reported.
Google this week revealed that it's working on redesigning the security alerts for Google accounts and that it will make them available directly in the applications users are logged into. The company has already built numerous protections into Google accounts and other Google products, with Safe Browsing delivering protection for over 4 billion devices, Gmail blocking in excess of 100 million daily phishing attempts, and Google Play Protect scanning more than 100 billion apps per day.
Google has released patches addressing high-severity flaws in its System component. Two elevation of privilege issues, the most serious of the flaws, exist in the Android System component, the core of the operating system that's on Android phones.
Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes - including a critical bug - and a feature that checks if users have any compromised passwords.
Google on Friday announced the Android Partner Vulnerability Initiative, an effort aimed at improving patching of security issues specific to Android OEMs. Through the new initiative, the tech giant also expects to improve transparency around vulnerabilities identified by Google's own researchers, but which impact device models coming from the company's Android partners. Google already provides security researchers with various programs through which they can report security issues, such as the Android Security Rewards Program, which is for reporting vulnerabilities in Android code, and the Google Play Security Rewards Program, for reporting bugs in popular third-party Android apps.
Google has announced two new security initiatives: one is aimed at helping bug hunters improve the security of various browsers' JavaScript engines, the other at helping Android OEMs improve the security of the mobile devices they ship. "JavaScript engine security continues to be critical for user safety, as demonstrated by recent in-the-wild zero-day exploits abusing vulnerabilities in v8, the JavaScript engine behind Chrome. Unfortunately, fuzzing JavaScript engines to uncover these vulnerabilities is generally quite expensive due to their high complexity and relatively slow processing of input," noted Project Zero's Samuel Groß.
Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software. The Mountain View ads giant said it will hand folks each up to $5,000 in Google Compute Engine credits to conduct fuzzing tests on JS interpreters, earmarking $50,000 total for the program.