Security News

Tech giants Apple and Google have joined forces to develop an interoperable contact-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. Zero Use of Location Data Unlike existing apps developed by different countries that use real-time location tracking to enforce quarantine rules, the proposed system doesn't involve tracking user locations or other identifying data.

Large campaigns that are spreading malicious browser extensions are abusing Google Ads and well-known cryptocurrency brands to draw in victims. Extensions can be installed to add widgets or other functionality to web browsers; they offer the ability to do everything from setting a special search wallpaper to displaying continuous weather data to language translation.

Contact tracing has been an often-used method of trying to curb the spread of an infectious disease by finding the people who have contracted it. As the coronavirus outbreak continues to spread, Apple and Google have come up with a plan to more easily implement contact tracing by building the necessary technology into their respective operating systems.

Google has ousted 49 Chrome extensions from its Chrome Web Store because they contained malicious code, a ritual that should be familiar after a decade of purges. Some of the extensions, he said, were supported by fake five-star reviews; some internet good samaritans also tried to warn others that the extensions were malicious.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. "Essentially, the extensions are phishing for secrets - mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto.

Google has decided to keep support for the File Transfer Protocol in Chrome a bit longer, after initially saying it would completely remove it in Chrome 82. Due to the lack of support for secure connections or proxies, the implementation of FTP in Chrome creates security risks for users.

Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication. Specified in RFC 2617, Basic Authentication is a method of logging applications into online services using a simple username and password combination sent in an HTTP header.

Google and Apple unveiled a joint initiative Friday to develop a coronavirus smartphone "Contact tracing" tool that could potentially alert people when they have crossed paths with an infected person. "All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world's most pressing problems," the companies said in a joint statement.

Despite the companies' insistence that privacy will be "Of utmost importance," some in the security space remain wary of data privacy concerns around the newly announced technology. Many such coronavirus tracking apps are already available, such as COVID Symptom Tracker and Private Kit SafePaths.

Cloudflare is nixing Google's reCAPTCHA tool and replacing it with what the network services company's CEO calls "a better CAPTCHA" service, hCaptcha. Cloudflare said the main driver for the swap was that Google is now charging for use of its reCAPTCHA tool - but customer privacy and availability were other factors.