Security News
Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The defendants' move to press sanctions against Google was denied.
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence team.
Because of this, "Not every organization is hyper-focused on the subject of diversity and inclusion," MK Palmore, a director in Google Cloud's Office of the Chief Information Security Officer, told The Register. The infosec community - still mostly male and mostly white - needs diversity to produce better outcomes, Palmore said.
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. "Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation," the Microsoft Security Threat Intelligence team said in an analysis.
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. The Chinese hackers used Google accounts to send their targets email messages with lures that tricked them into downloading custom malware from Google Drive links.
Threat actors are abusing Google's Looker Studio to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content. BleepingComputer has come across several pages of Google search results flooded with datastudio.
Google sued Dmitry Starovikov and Alexander Filippov - along with 15 other John and Jane Does - in December 2021, saying in the original complaint [PDF] that the botnet "Is distinguished from conventional botnets in its technical sophistication: unlike other botnets, the Glupteba botnet leverages blockchain technology to protect itself from disruption." Judge Cote said in her opinion and order [PDF] that the Defendants had "Attempted to negotiate a discovery plan in bad faith, requesting an exchange of electronic devices" - although they knew they could not provide the devices they said they had. According to the judge, the defendants and their lawyer told Google that pertinent discovery information was held by their former employer Valtron LLC,, a limited liability company based in Moscow.
Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said.
Google announced today that they will begin rolling out the Privacy Sandbox system on a limited number of Android 13 devices starting in early 2023. The Privacy Sandbox is a set of technologies Google introduced in February this year, aiming to limit the tracking of users while still providing advertisers with viable performance-measurement options.
Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when Google continued to collect their location information," Oregon Attorney General Ellen Rosenblum said Monday.