Security News

Microsoft trumps Google for 2021-22 bug bounty payouts
2022-08-12 18:00

Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers. The biggest prize awarded by Microsoft was $200,000 under the Hyper-V Bounty Program and the average award was $12,000.

Cisco Confirms Network Breach Via Hacked Employee Google Account
2022-08-11 12:51

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee's Google account. "During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized," wrote Cisco Talos in a lengthy breakdown of the attack.

Phishing attack abuses Microsoft Azure, Google Sites to steal crypto
2022-08-10 16:50

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

Google now blocks Workspace account hijacking attempts automatically
2022-08-10 16:18

Google Workspace now has stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation. The enhanced account protection capabilities are available to all Google Workspace customers, including legacy G Suite Basic and Business customers.

Google's bug bounty boss: Finding and patching vulns? 'Totally useless'
2022-08-10 16:00

Simply finding vulnerabilities and patching them "Is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team. Instead, they've got to exploit the bug: connect to Google Kubernetes Engine instances, hack it, and use the bug to steal the hidden flags.

Dissecting Google’s Titan M chip: Vulnerability research challenges
2022-08-09 04:00

The enterprise-grade Titan M security chip was custom built to help protect data. Derived from the same chip Google uses to protect its cloud data centers, it handles processes and information, such as passcode protection, encryption, and secure transactions in apps.

Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
2022-08-04 23:45

Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store. The free Phantom Wallet app that Pearlman downloaded early from Google Play was a fake.

Facebook ads push Android adware with 7 million installs on Google Play
2022-07-30 15:14

Several adware apps promoted aggressively on Facebook as system cleaners and optimizers for Android devices are counting millions of installations on Google Play store. To evade deletion, the apps hide on the victim's device by constantly changing icons and names, masquerading as Settings or the Play Store itself.

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
2022-07-30 03:40

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others.

Google delays removal of third-party cookies in Chrome through 2024
2022-07-28 16:32

Google delays removal of third-party cookies in Chrome through 2024. Google is pushing back its plan to get rid of third-party cookies in Chrome to the latter half of 2024, according to a company blog published Wednesday.