Security News

Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. Key elements of the Settlement include changes to Google's disclosures regarding its data collection practices, the deletion of billions of data records, implementing measures to curb the future accumulation of personal information, and eliminating mechanisms that enabled the tracking of users in Incognito mode without their knowledge.

Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or...

Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. Non-compliance may result in email delivery issues, including rejected emails or emails being automatically sent to recipients' spam folders.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries and drivers, as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from Google's recent rundown of the 97 zero-days exploited in-the-wild in 2023 is that there's a notable increase in targeting enterprise-specific technologies.

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. Google fixed the two zero-days in the Google Chrome stable channel, version 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 for Linux users, which will roll out worldwide over the coming days.

Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. While 61 of the 97 zero-days affected end-user products last year, this number isn't increasing as rapidly as its enterprise counterparts.

Google's Threat Analysis Group and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. Among these, the FIN11 threat group exploited three separate zero-day vulnerabilities, while at least four ransomware groups exploited another four zero-days.

Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. HUMAN discovered the first PROXYLIB carrier app in May 2023, a free Android VPN app named "Oko VPN." The researchers later found the same library used by the LumiApps Android app monetization service.

As recently released research by HUMAN Security's Satori Threat Intelligence team has revealed, researchers Google removing a single free VPN app from its Play Store due to it making devices part of a proxy network used for ad fraud revealed a more widespread problem: the library responsible for the proxy node enrollment has subsequently been found in many more apps, as well as one mobile software development kit. "The LumiApps SDK is available freely for anyone to incorporate into their apps, and they advertise it as a way to make money from your app without resorting to ads. If a developer wanted to monetize their app, they could certainly consider using LumiApps and be unaware of what the code was doing in the background, enrolling the device of the user as a node in a residential proxy network without the user's knowledge. Since the SDK is freely available on the LumiApps website, and advertised both on the dark web and on social media sites, anyone can build it into their apps if they register for an account."