Security News

Google this week announced improved malware protection capabilities for all users who are enrolled in its Advanced Protection Program. Aimed at providing high-risk users such as politicians and their staff, business executives, journalists, and activists with an additional layer of protection for their accounts, the Advanced Protection Program was launched in October 2017.

A campaign group is suing Google for up to £2.5bn over claims that YouTube breaks EU data protection laws by harvesting information about children under 13 - and is hoping to turn it into a UK class-action-style case. In a particulars of claim filed at London's High Court and seen by The Register, McCann said Google "Failed to obtain valid parental consent for the processing of personal data of children under 13 years of age, as required by law".

Roid 11 is the seventh operating system release to include enterprise features since the introduction of the work profile in 2014 to separate work data on employees' personal devices. The new platform iteration, Google says, brings the work profile privacy protections to enterprise-issued devices.

Google patched a critical vulnerability in the Media Framework of its Android operating system, which if exploited could lead to remote code execution attacks on vulnerable devices. "The most severe of these issues is a critical security vulnerability in the Media Framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," according to the Android security update.

A researcher has disclosed the details of a cross-site scripting vulnerability in Google Maps that earned him $10,000. The flaw affected the Google Maps feature that allows users to create their own map.

Google on Tuesday announced an expansion of its Confidential Computing portfolio, with the general availability of Confidential VMs and the addition of Confidential GKE Nodes. Introduced in July in beta, Confidential VMs were the first product in the Google Cloud Confidential Computing portfolio, and Google is making them available to all Google Cloud customers in the coming weeks.

Researchers have discovered more than 300 apps on the Google Play Store breaking basic cryptography code using a new tool they developed to dynamically analyze it. The research sheds new light on how easy it is for popular mobile apps-the ones analyzed had from hundreds of thousands of downloads to more than hundreds of millions-to break basic security rules, researchers noted in their work.

A researcher earned a double-payment totaling $10,000 for a cross-site scripting bug he found in Google Maps. Minutes after Shachar was notified of the patch and bounty payment award, he said he found a bypass for the Google Maps fix.

If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps. If you have not enabled two-step authentication, your Google account is at a much higher risk of being hacked; if you have enabled the service, you're familiar with Google Authenticator.

"The nature of product abuse is constantly changing," wrote Google's Marc Henson, lead and program manager for Trust & Safety, and Anna Hupa, senior strategist, in a blog this week. "The final reward amount for a given abuse risk report also remains at the discretion of the reward panel. When evaluating the impact of an abuse risk, the panels look at both the severity of the issue as well as the number of impacted users."