Security News

This undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. In a presentation earlier this week at the Black Hat USA 2021 security conference in Las Vegas, Nevada, Shir Tamari and Ami Luttwak from security firm Wiz, described how they found a DNS name server hijacking flaw that allowed them to spy on the dynamic DNS traffic of other customers.

CISA has announced the launch of Joint Cyber Defense Collaborative, a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats. The new initiative's goal is to allow CISA to develop cyber defense plans in collaboration with federal agencies, SLTT partners, and private sector orgs for national resilience against malicious cyber activity targeting critical infrastructure.

Google says that enforcing two-step verification on Google accounts of Chrome Web Store developers will take longer than expected. As first announced in June, Google will require all Chrome extension developers to enable 2-Step Verification to publish or update their extensions after August 2nd. "The Chrome Web Store will begin enforcing the Two Step Verification requirement in August, 2021," Chrome Trust & Safety Team members Rebecca Soares and Benjamin Ackerman said two months ago.

Google's open security team has claimed the Linux kernel code is not good enough, with nearly 100 new fixes every week, and that at least 100 more engineers are needed to work on it. Kees Cook, a Google software engineer who has devoted much of his time to security features in the Linux kernel, has posted about continuing problems in the kernel which he said have insufficient focus.

A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties. Google described the issue as a heap buffer overflow in Bookmarks.

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises.

Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target's computer and new remote access features for dropping malware and scooping up files. For starters, Raccoon Stealer has pivoted from inbox-based infections to ones that leverage Google Search.

Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer. Nandy will run his new employer's engineering and business technology functions, including the planning of product development activities.

Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website. Currently, when you visit a secure site, Google Chrome will display a little locked icon indicating that your communication with the site is encrypted, as shown below.

Google is emailing Android users to let them know that, starting late September, they will no longer be able to log in to their Google accounts on devices running Android 2.3.7 and lower. "As part of our ongoing efforts to keep our users safe, Google will no longer allow sign-in on Android devices that run Android 2.3.7 or lower starting September 27, 2021," Android Help Community Manager Zak Pollack explained.