Security News

PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google's ad service to carry out phishing campaigns on financial institutions. In this Help Net Security video, Kevin Cryan, Director of Operational Intelligence at PhishLabs, talks about how this type of attack is different from the one identified by Microsoft - threat actors use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legitimate landing URL on hover.

Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," Brandon Lum, Mihai Maruseac, and Isaac Hepworth of Google said in a post shared with The Hacker News.

Texas attorney general Ken Paxton has sued Google for allegedly collecting and using biometric data belonging to millions of Texans without proper consent. The Texas AG says that Google allegedly used products and services like Google Photos, Google Assistant, and Nest Hub Max to collect a vast array of biometric identifiers, including voiceprints and records of face geometry since 2015.

Google Search is timing out when users search for specific terms like "How many emojis on iOS," "How many emojis on Apple" or "How many emojis on Windows." BleepingComputer was able to reproduce the issue on both Google search sites and the mobile app.

At this week's event, Google presented its latest solutions as it tries to overtake Amazon and Microsoft in the cloud market. The post Google Next ’22: A new era of built-in cloud services...

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said.

Google announced today that it's introducing passkey support to its Chrome web browser and the Android operating system to simplify sign-ins across apps, websites, and devices. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don't leak in server breaches, and protect users from phishing attacks," Google said today.

In the latest attacks, phishing emails impersonate the U.S. Small Business Administration and abuse Google Forms to host phishing pages that steal the personal details of business owners. The lures used in the phishing emails are for pandemic financial support programs like the "Paycheck Protection Program", "Revitalization Fund", and "COVID Economic Injury Disaster Loan.".

Mandia spoke with reporters for the first time about his threat-intel-slash-incident-response company's new owner during a press briefing ahead of Google Cloud Next, which kicked off today in San Francisco and virtually. Google Cloud brings expertise in big data, analytics, and artificial intelligence, he added.

Google has announced more details regarding turning off support for the Google Chrome Manifest V2 extension as the company pushes more developers to transition to Manifest V3. An update from the Chrome team says that they will proceed in careful, experimental steps, ensuring a smooth end-user experience during the phase-out of Manifest V2 in June 2023. In January 2022, the Chrome Web Store stopped accepting new extensions built on Manifest V2. According to the original roll-out timeline released by Google a year ago, starting from January 2023, all extensions built on Manifest V2 would stop working on the Chrome browser.