Security News

A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it. Mars Stealer emerged as a redesign of the Oski malware that shut down development in 2020, featuring extensive info-stealing capabilities targeting a broad spectrum of apps.

Google Chrome and Microsoft Edge have been updated to patch a security flaw an exploit for which is said to be in the wild. Chromium is at the heart of Google Chrome as well as Microsoft Edge.

Last time we reported on a Chrome zero-day flaw was back in February 2022. Anyway, back in February 2022, none of the bugs listed by Goole got a truly dangerous rating of "Critical", but one of them, dubbed CVE-2022-0609, was nevertheless accompanied by the admittedly rather vague words: "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild."

In the case of computer science professor Douglas Leith, this truth is that Google has been taking detailed notes of every telephone call and SMS message made and received on the default Android apps. In brief, Leith set up a man-in-the-middle attack on his phones to crack open the data links' HTTPS/SSL encryption.

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine.

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild. This update was available immediately when BleepingComputer checked for new updates by going into Chrome menu > Help > About Google Chrome.

North Korean threat actors exploited a remote code execution zero-day vulnerability in Google's Chrome web browser weeks before the bug was discovered and patched, according to researchers. Google TAG now revealed it believes two threat groups-the activity of which has been publicly tracked as Operation Dream Job and Operation AppleJeus, respectively-exploited the flaw as early as Jan. 4 in "Campaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries," according to a blog post published Thursday by Google TAG's Adam Weidemann.

Google on Thursday described how it apparently caught and thwarted North Korea's efforts to exploit a remote code execution vulnerability in Chrome. Exploiting the bug clears the way to compromise a victim's browser and potentially take over their computer to spy on them.

Roskomnadzor, Russia's telecommunications regulator, has banned Alphabet's news aggregator service Google News and blocked access to the news. Google.com domain for providing access to "Unreliable information" on the ongoing war in Ukraine.

A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download. The Android malware is disguised as a cartoonifier app called 'Craftsart Cartoon Photo Tools,' allowing users to upload an image and convert it into a cartoon rendering. Over the past week, security researchers and mobile security firm Pradeo discovered that the Android app includes a trojan called 'FaceStealer,' which displays a Facebook login screen that requires users to log in before using the app.