Security News

Google's Threat Analysis Group, a team of security experts who defend Google users from state-sponsored attacks, has detected state hackers from several countries targeting the bug, including the Sandworm, APT28, and APT40 threat groups from Russia and China. In an early September attack, Russian Sandworm hackers delivered Rhadamanthys infostealer malware in phishing attacks using fake invitations to join a Ukrainian drone training school.

Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. Google's Threat Analysis Group, a team of security experts who defend Google users from state-sponsored attacks, has detected state hackers from several countries targeting the bug, including the Sandworm, APT28, and APT40 threat groups from Russia and China.

A new Google Search malvertizing campaign targets users looking to download the popular Notepad++ text editor, employing advanced techniques to evade detection and analysis. [...]

Find out what security teams should do now, and hear what Cloudflare's CEO has to say about this DDoS. Google, AWS and Cloudflare have reported the exploitation of a zero-day vulnerability named HTTP/2 Rapid Reset and tracked as CVE-2023-44487, which is currently used in the wild to run the largest Distributed Denial of Service attack campaigns ever seen. The HTTP/2 Rapid Reset attack works by leveraging HTTP/2's stream cancellation feature: The attacker sends a request and cancels it immediately.

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts...

Google announced today that passkeys are now the default sign-in option across all personal Google Accounts across its services and platforms. "We've received really positive feedback from our users, so today we're making passkeys even more accessible by offering them as the default option across personal Google Accounts," said Google product managers Christiaan Brand and Sriram Karra.

Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome's V8 JavaScript engine and Google Cloud's Kernel-based Virtual Machine. The exploit writers should make their exploitation attempts against a V8 version running on Google infrastructure.

In a bid to upgrade user experience, the Chrome team is developing an "Organise Tabs" feature, soon to be seen at the top left corner of the browser, adjacent to the tab search function. This new feature may potentially introduce an automatic tab group creation once tabs are systematically categorised.

Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google's recent announcement of stricter anti-spam rules for bulk senders. "By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com," the Microsoft Defender for Office 365 team said.

Google has committed to being a little less creepy with user data in response to proceedings from the German Federal Cartel Office. The commitments are all about how Google processes user data and gives those users more control over what the ad giant is doing with their information.