Security News
Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022. This update was available immediately when BleepingComputer checked for new updates by going into Chrome menu > Help > About Google Chrome.
Google on Friday pledged to update its location history system so that visits to medical clinics and similarly sensitive places are automatically deleted. Google keeps a log of its users whereabouts, via its Location History functionality, and provides some controls to delete all or part of those records, or switch it off.
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. The updates are also expected to automatically group multiple passwords for the same sites as well as introduce an option to manually add passwords.
One of the commissioners of the U.S. Federal Communications Commission has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "Its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently unchecked access to that sensitive data," Brendan Carr, a Republican member of the FCC, wrote in a letter to Apple and Google's chief executives.
Google's Threat Analysis Group on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, politicians, and other high-risk users. "The hack-for-hire landscape is fluid, both in how the attackers organize themselves and in the wide range of targets they pursue in a single campaign at the behest of disparate clients," Shane Huntley, director of Google TAG, said in a report.
Google has added API security tools and Workspace admin alerts about potentially risky configuration changes such as super admin passwords resets. Google's answer to these problems includes two API security features available in preview: one that identifies API misconfigurations and another that detects bots.
Google's Threat Analysis Group has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide. Hack-for-hire groups target individuals and organizations in data theft and corporate espionage campaigns, with past victims including politicians, journalists, human rights and political activists, and various other high-risk users from all over the world.
Google Workspace has been updated to notify admins of highly sensitive changes to configurations, including those made to single sign-on profiles and admin accounts. These newly added alerts are available to all Google Workspace customers, including legacy G Suite Basic and Business customers.
Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The agency said the transfer of personal information violates the data protection legislation because the U.S. is a "Country without an adequate level of protection," while highlighting the "Possibility for U.S. government authorities and intelligence agencies to access personal data transferred without due guarantees."
A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group said in a Thursday report.