Security News

Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.

Crooks behind a newly identified malware campaign are targeting Windows 10 with malware that can infect systems via a technique that cleverly bypasses Windows cybersecurity protections called User Account Control. Iwamaye wrote in a blog post published Thursday, the attack chain is initiated when a Chrome browser user visits a malicious website and a "Browser ad service" prompts the user to take an action.

Since Thursday evening, Google has been investigating reports of customers having issues enrolling their Chromebooks with a network error. According to user reports, "Network not available" errors are displayed on the screen after booting into Chrome OS and trying to enroll the devices.

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited."Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," Google disclosed in the list of security fixes in today's Google Chrome release.

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. The internet giant's Threat Analysis Group has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively.

Google says this corresponds to roughly 3% of registered developers, as the rest distribute free apps that follow indirect monetization methods. The service fee is 15% for the first $1 million of earnings each year when enrolled and 30% subsequently, which gives smaller developers more help as they scale their business.

Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. "And since we believe scrutiny and transparency are key to improving security, we've launched our first Android Enterprise Vulnerability Rewards Program," said Rajeev Pathak, Senior Product Manager at Google.

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on the ripped-off channels. The cookie-stealing, cryptocurrency-scam running channel hijackers are still out there, but they've shifted from Gmail to other email providers: "mostly email.

Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors. The threat actors used social engineering and phishing emails to infect YouTube creators with information-stealing malware, chosen based on each attacker's preference.

The Chromium team has finally done it - File Transfer Protocol support is not just deprecated, but stripped from the codebase in the latest stable build of the Chrome browser, version 95. A lack of support for encrypted connections in Chrome's FTP implementation, coupled with a general disinterest from the majority of the browser's users, and more capable third-party alternatives being available has meant that the code has moved from deprecated to gone entirely.