Security News

In the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers. In other words, now matter how quickly you update against a zero-day once the patch is announced, you know that someone - and you have to hope that it wasn't you! - has already been attacked and pwned, even if they're accustomed to patching promptly themselves.

Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. It is possible to install the update immediately simply by going into the Chrome menu > Help > About Google Chrome.

The bug hunters at Google's Project Zero team have released their latest time-to-fix data and Linux is smashing the opposition. Between 2019 and 2021 open-source developers fixed Linux issues in an average of 25 days, compared to 83 for Microsoft and Oracle pulling last place at 109 days, albeit from a very low number of cases.

Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year. As the data shows, the average period software vendors needed to issue security fixes reported by Project Zero last year was 52 days, down from 80 days three years ago.

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation laws in the country, almost a month after a similar decision was reached in Austria. Of the data protection decree, which govern the transfers of personal data to third countries or international entities.

Google has released the February 2022 Android security updates, addressing two critical vulnerabilities, one being a remote escalation of privilege that requires no user interaction. The vulnerability is tracked as CVE-2021-39675, carrying a "Critical" severity rating, and affects only Android 12, the latest version of the popular OS. These flaws are typically leveraged by sophisticated spyware vendors that independently discover and privately use zero-days in mobile operating systems.

After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication, Google announced that an additional 150 million users now have 2FA enabled. Google first announced that it strives to push all its users to start using 2FA in May 2021, as part of a broader move to secure as many accounts as possible from attacks that use compromised credentials or guess passwords to hijack accounts.

Google is adding a new defensive layer to protect enterprise workloads running in Google Cloud. It's called Virtual Machine Threat Detection, and will help select Security Command Center customers detect cryptomining malware inside their virtual machines.

Google has announced the public preview of a new Virtual Machine Threat Detection system that can detect cryptocurrency miners and other malware without the need for software agents. A significant problem for developers and enterprises using cloud-based virtual machines is the constant targeting of threat actors who breach servers to install cryptominers.

A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data - i.e., IP address - to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "Persons behind the IP address."