Security News

Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks. "If a user opens a potentially suspicious or dangerous file in Google Drive, we will display a warning banner to help protect them and their organization from malware, phishing, and ransomware," Google explains.

Users were left startled as Google Drive's automated detection systems flagged a nearly empty file for copyright infringement. One of the files in Dolson's Google Drive, 'output04.

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both Zoom clients and Multimedia Router servers, which transmit audio and video content between clients in on-premise deployments.

Google has announced on Thursday that it has started warning users when they open potentially suspicious or dangerous files hosted on Google Drive. "We will display a warning banner to help protect [users] and their organization from malware, phishing and ransomware. These warnings are already available when opening Google Docs, Sheets, Slides, and Drawings," Google noted.

Typically, a web browser permits scripts on one web page to access data on a second web page only if both pages have the same origin/back-end server. Without this security policy in place, a snooper who manages to inject a malicious script into one website would be able to have free access to any data contained in other tabs the victim may have open in the browser, including access to online banking sessions, emails, healthcare portal data and other sensitive information.

An improperly implemented API that stores data on browsers has caused a vulnerability in Safari 15 that leaks user internet activity and personal identifiers. The Safari bug can then expose publicly available information from, say, a Google account.

There's a problem with the implementation of the IndexedDB API in Safari's WebKit engine, which could result in leaking browsing activity in real-time and even user identities to anyone exploiting this flaw. IndexedDB is a widely used browser API that is a versatile client-side storage system with no capacity limits.

The Austrian data protection authority has ruled that use of Google Analytics by a German company is in breach of European law in light of the Schrems II EU-US data sharing ruling. Datenschutzbehörde, or DSB, has found that a German publisher, not named in the case, was in breach of Article 44 of the General Data Protection Regulation in the use and operation of Google Analytics - commonly used throughout web publishing and ecommerce - because of its movement of personal data to the United States.

Google Drive ended 2021 as the most abused cloud storage service for malware downloads, according to security provider Netskope. In its "January 2022 Cloud and Threat Report" released Tuesday, Netskope noted that cloud storage apps gained even greater adoption in 2021.

The Commission nationale de l'informatique et des libertés, France's data protection watchdog, has slapped Facebook and Google with fines of €150 million and €60 million for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. HTTP cookies are small pieces of data created while a user is browsing a website and placed on the user's computer or other device by the user's web browser to track online activity across the web and store information about the browsing sessions, including logins and details entered in form fields such as names and addresses.