Security News

DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users. A standalone web browser is also in the works, currently in beta and only available for macOS. The company announced today that all its Chrome, Firefox, Brave, and Microsoft Edge apps and browser extensions will now actively block Google sign-in prompts displayed on sites.

Scammers using Google Ads, stolen blog articles, and a "Popunder" ad scheme on adult websites pulled in more than $275,000 a day by generating millions of ad impressions every month. Once on the Txxx iframe page, the user may click on a video or thumbnail, which triggers a real click on a Google Ad on the popunder page underneath, he wrote.

Microsoft has confirmed today that Samsung and Google have fixed an Intune enrollment issue affecting Galaxy S22 smartphones running Android 13. On affected S22 devices, Android users cannot complete enrollment if they create a Work Profile for Bring Your Own Device provisioning.

Google is trying to help enterprise and educational users of Gmail better secure their messages. Adding to the encryption already used by Google Drive, Google Meet, Google Docs, Google Sheets and Google Slides, the new Gmail encryption is designed to keep data private and confidential while at the same time meeting regulatory and compliance requirements for security.

A massive advertising fraud campaign using Google Ads and 'popunders' on adult sites is estimated to have generated millions of ad impressions on stolen articles, making the fraudsters an estimated $275k per month. The campaign was discovered by Malwarebytes, who reported it to Google and took it down for violating policies forbidding Google Ads on adult sites.

Google has added client-side encryption for some email customers, allowing enterprise and education Gmail users to send and receive encrypted messages. It allows Gmail customers - not the cloud provider - to retain control over encryption keys, thus ensuring Google servers can't access the keys or decrypt customer data in the body of the email or delivered as an attachment.

The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "Upscaled" campaign, months after Google disrupted the malicious activity. Specifically, the botnet is designed to search the public Bitcoin blockchain for transactions related to wallet addresses owned by the threat actor so as to fetch the encrypted C2 server address.

Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. "Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers," the company said in a post.

The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. Nozomi now reports that blockchain transactions, TLS certificate registrations, and reverse engineering Glupteba samples show a new, large-scale Glupteba campaign that started in June 2022 and is still ongoing.

Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.The company says that the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.