Security News

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity...

To keep Gmail users' inboxes "Safer and more spam-free", Google is introducing new requirements for bulk senders. "Last year we started requiring that emails sent to a Gmail address must have some form of authentication. And we've seen the number of unauthenticated messages Gmail users receive plummet by 75%, which has helped declutter inboxes while blocking billions of malicious messages with higher precision," said Neil Kumaran, group product manager, Gmail Security & Trust.

Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds. Starting February 1st, 2024, Google will require senders dispatching over 5,000 messages daily to Gmail accounts to set up SPF/DKIM and DMARC email authentication for their domains to strengthen defenses against email spoofing and phishing attempts.

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. The emails were sent out last night, with customers reporting receiving three separate emails from Amazon Prime for each alleged gift card purchase.

The URLs needed to share chat histories have been indexed. Of course Google's Bard chatbot is currently being re-educated to better understand privacy.…

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a...

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. Today, Google TAG's Maddie Stone revealed that the CVE-2023-5217 zero-day vulnerability was exploited to install spyware.

The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format.The source of the vulnerability is a flawed implementation of the Huffman coding algorithm, which may allow attackers to trigger a heap buffer overflow and to execute arbitrary code.

Google has assigned a new CVE ID to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.The decision to tag it as a Chrome bug caused confusion within the cybersecurity community, prompting questions regarding Google's choice to categorize it as a Google Chrome issue rather than identifying it as a flaw in libwebp.

Google is notifying Gmail users that the webmail's Basic HTML view will be deprecated in January 2024, and users will require modern browsers to continue using the service. The basic HTML view is a stripped-down version of Gmail that does not offer users chat, spell checking, keyboard shortcuts, adding or importing contacts, setting custom "From" addresses, or using rich text formatting.