Security News
Three U.S. senators are demanding more answers from Catholic health system Ascension and Google over "Project Nightingale," which is part of a controversial data-sharing and cloud migration initiative that has raised concerns about sharing patient information without explicit permission. In a letter sent Monday to St. Louis-based Ascension, Sen. Bill Cassidy, M.D., R-La., and Democratic senators Elizabeth Warren of Massachusetts and Richard Blumenthal of Connecticut are demanding additional answers, including a complete list of patient-level information that Google received from Ascension and the exact number of health records that the company collected in Project Nightingale.
Google published patches for over 70 software vulnerabilities in its Android security bulletin this month, finally fixing a security exploit for MediaTek chipsets said to have been in the wild for months, affecting millions of devices. Google classifies CVE-2020-0069 as an elevation of privilege bug in MediaTek's command queue driver, and only gives it a high severity ranking in its bulletin.
Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework. The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.
Google this week announced the launch of FuzzBench, a free and open source service for evaluating fuzzers. The new open source, free service aims to solve these issues by providing a framework for evaluating fuzzers in a reproducible way.
GoodRx - a mobile app that saves US consumers money on prescription drugs - has apologized and sworn to do better after a Consumer Reports investigation found that it was sharing people's data with 20 other internet-based companies. On Friday, GoodRx said in a blog post that it has "Never and will never sell our users' personal health information." Having said that, the Consumer Reports story led the company to re-examine its policies when it comes to sharing data with third parties.
Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves. Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.
Thus did the 9th Circuit Court of Appeals in San Francisco dismiss a top right-wing content creator's allegation that Google had violated its First Amendment rights by tagging dozens of its videos on abortion, gun rights, Islam and terrorism with its Restricted Mode and demonetizing them so the nonprofit can't make money from advertising. It's best known for its many 5-minute videos, some of which, starting in 2016, Google dubbed Restricted, including videos about the 10 Commandments, whether police were racist, and Israel's legal founding.
Among app developers presented with a warning message from Google asking them to curb the number of permission requests in their apps, 60 percent of those removed permissions. Google uses an automated process to determine what type of app is being uploaded and gauges how many permissions are being requested relative to similar apps uploaded to Google Play.
Facebook and Google this week announced the decision to postpone this year's BountyCon bug hunting conference due to health risks. "Out of an abundance of caution, we've decided to postpone BountyCon due to evolving public health risks related to coronavirus. While this was a difficult decision to make, our priority is the health and safety of our attendees," Facebook says.
New scanning capabilities that Google rolled out to Gmail have resulted in an increased overall detection rate of malicious documents. Of the detected malicious documents, 63% differ from day to day, and the Internet search giant has deployed a new generation of document scanners to improve its detection capabilities via deep learning.