Security News

Zoom announced that Zoom for Home is expanding to smart displays including Amazon Echo Show, Portal from Facebook, and Google Nest Hub Max, bringing Zoom to widely-used devices and broadening their capabilities to the work environment. Zoom on Portal is expected to be available publicly in September; Zoom on Echo Show and Zoom on Assistant-enabled Smart Displays, including Google Nest Hub Max are expected to be available by the end of the year.

Google released a patch for an email spoofing vulnerability affecting Gmail and G Suite seven hours after it was publicly disclosed, but the tech giant knew about the flaw since April. "I chose to send to another G Suite account to demonstrate that Google's strong mail filtering and anti-spam techniques do not block or detect this attack," the researcher explained.

UPDATED Around 90 Australian public schools will be without email for up to a week after students responded to mistaken use of a mailing list with horrible content, which in turn sparked a Reply-All storm that asked for the circulation of email nasties to stop. The Directorate quickly came to the conclusion that "Students gained access to system email distribution lists and inappropriately used these to send emails to their peers."

Facebook on Thursday launched its voting information center as internet platforms unveiled fresh moves to protect the November US election from manipulation and interference. The move comes amid a coordinated effort by Facebook, Google and other online platforms to curb the spread of disinformation and thwart efforts to manipulate voters.

Google announced on Wednesday that it's preparing to run an experiment in Chrome 86 as part of its fight against URL spoofing. Research conducted recently by Google and the University of Illinois at Urbana-Champaign showed that 60 percent of users were tricked when a URL path contained a misleading brand name.

Microsoft failed to properly address an elevation of privilege vulnerability in the Windows Local Security Authority Subsystem Service, the Google Project Zero researcher who discovered the issue says. "LSASS doesn't correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials," Project Zero security researcher James Forshaw noted in May. At the time, the researcher explained that the issue is related to a legacy AppContainer capability providing access to the Security Support Provider Interface, likely meant to facilitate the installation of line of business applications within enterprise environments.

Google this week announced that an update for Chrome 84 includes 15 security patches, including for a serious vulnerability for which the tech giant awarded a $10,000 bug bounty. This vulnerability is CVE-2020-6542, a high-severity use-after-free bug in ANGLE, the Chrome component responsible for translating OpenGL ES API calls to hardware-supported APIs available for the operating system.

TikTok has been collecting unique identifiers from millions of Android devices without their users' knowledge using a tactic previously prohibited by Google because it violated people's privacy, new research has found. The app bundled the MAC address with other device data and sent it to ByteDance upon the app's first installation and opening on a new device, according to the report.

Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy rules since Chrome 73. Tracked as CVE-2020-6519, the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites.

After Google Home users started receiving mysterious alerts when their fire alarms went off or their plates smashed in their homes, Google acknowledged that it accidentally rolled out a feature causing the smart devices to record sounds without the voice prompt. Google for its part said that the alerts are part of a subscription service called "Nest Aware," first launched in May. As part of this service, users of Google cameras, speakers and displays can pay for the devices to detect any "Critical" sound in their home and send them an alert on their phones while they are away from their homes.