Security News

Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year. As the data shows, the average period software vendors needed to issue security fixes reported by Project Zero last year was 52 days, down from 80 days three years ago.

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation laws in the country, almost a month after a similar decision was reached in Austria. Of the data protection decree, which govern the transfers of personal data to third countries or international entities.

Google has released the February 2022 Android security updates, addressing two critical vulnerabilities, one being a remote escalation of privilege that requires no user interaction. The vulnerability is tracked as CVE-2021-39675, carrying a "Critical" severity rating, and affects only Android 12, the latest version of the popular OS. These flaws are typically leveraged by sophisticated spyware vendors that independently discover and privately use zero-days in mobile operating systems.

After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication, Google announced that an additional 150 million users now have 2FA enabled. Google first announced that it strives to push all its users to start using 2FA in May 2021, as part of a broader move to secure as many accounts as possible from attacks that use compromised credentials or guess passwords to hijack accounts.

Google is adding a new defensive layer to protect enterprise workloads running in Google Cloud. It's called Virtual Machine Threat Detection, and will help select Security Command Center customers detect cryptomining malware inside their virtual machines.

Google has announced the public preview of a new Virtual Machine Threat Detection system that can detect cryptocurrency miners and other malware without the need for software agents. A significant problem for developers and enterprises using cloud-based virtual machines is the constant targeting of threat actors who breach servers to install cryptominers.

A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data - i.e., IP address - to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "Persons behind the IP address."

Many distinguished font creators provide open source fonts available for personal and commercial use, and numerous free-and-properly-licensed font collections do exist, including the well-known Google Fonts. Google Fonts not only "Solves" your licensing issues by offering open source fonts that you are allowed to use commercially, it can also solve your "How to serve it" hassles, too.

The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer malware that targets and swoops down on financial data. Once downloaded, the app installs Vultur banking trojan, which steals financial and banking data on the compromised device - but can do much more.

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Subsequently, when a user visits a participating site, the Topics selects three of the interests - one topic from each of the past three weeks - to share with the site and its advertising partners.