Security News
Another link discovered by Group-IB downloaded from Google Play, the official Android app store, a fake version of the 'Secure VPN' app, which is still present on Google Play at the time of writing and has just over 10 downloads. The researchers note that the description available for SideWinder's fake Secure VPN app has been copied from the legitimate NordVPN app.
Google has quietly banned deepfake projects on its Colaboratory service, putting an end to the large-scale utilization of the platform's resources for this purpose. Colab is an online computing resource that allows researchers to run Python code directly through the browser while using free computing resources, including GPUs, to power their projects.
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The flaw, which was identified in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company Numen Cyber Labs and has since been quietly fixed by the company.
Two Russian internet service providers have received notices from Google that the global caching servers on their network have been disabled. A caching server is an ISP-bound node for fast serving Google content faster to internet subscribers and maintain high access reliability even during outages.
Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. Last year, Malwarebytes disclosed a campaign wherein malicious actors were observed delivering PHP-based web shells embedded within website favicons to load the skimmer code.
In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices. The government-backed malicious actors who purchased and used these exploits to infect Android targets with spyware are from Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, according to Google's analysis.
“Google Maps Adds Shortcuts through Houses of People Google Knows Aren’t Home Right Now.” Excellent satire.
Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as CVE-2021-22573, the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature.
Google has a plan - and a new product plus a partnership with developer-focused security shop Snyk - that attempts to make it easier for enterprises to secure their open source software dependencies. They have corresponding enriched metadata incorporating Container/Artifact Analysis data and are built with Cloud Build, which verifies the code complies with SLSA - this is Google's framework for ensuring the integrity of software artifacts throughout the software supply chain.
Researchers uncover URL spoofing flaws on Zoom, Box, Google DocsResearchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it's hosted by an organization's SaaS account. A 10-point plan to improve the security of open source softwareThe Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by securing open source security production, improving vulnerability discovery and remediation, and shortening the patching response time of the ecosystem.