Security News
Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive...
The Danish data protection authority has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. The matter was brought to the agency's attention roughly four years ago by a concerned parent and activist, Jesper Graugaard, who protested how student data is sent to Google without any consideration about the potential for misuse or the impact it could have on those persons in the future.
Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. These files are commonly distributed through third-party sites, allowing you to install apps outside of Google Play.
Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. "Easy to use from the command line with simple, understandable output, Prowler offers standard reporting formats like CSV and JSON, enabling users to thoroughly examine findings across any cloud provider, all in a uniform format. Its seamless integrations with Security Hub and S3 facilitate easy incorporation with other SIEMs, databases, and more. The ability to write custom checks and develop custom security frameworks is crucial for our expanding community," Toni de la Fuente, the creator of Prowler, told Help Net Security.
Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Google's TAG has been following the activities of 40 commercial spyware vendors to detect exploitation attempts, protect users of its products, and help safeguard the broader community by reporting key findings to the appropriate parties.
Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++. C++, a popular general purpose programming language, has arguably fallen out of fashion due to concerns over safety. Lars Bergstrom, director of Android platform tools and libraries and chair of the Rust Foundation Board, announced the grant and said that the funding will "Improve the ability of Rust code to interoperate with existing legacy C++ codebases."
Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Based on the test results and whether it causes significant issues with the displaying of websites, Google will begin to gradually phase out third-party cookies for the rest of its users starting in the third quarter of 2024.
An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but remain available on third-party app stores, are disguised as messaging or news apps.
Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. As previously reported by BleepingComputer, after the January 2024 Google Play system updates came out, some owners of various Google Pixel models experienced internal storage access problems, the inability to open apps or the camera, or even take screenshots.
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google...