security Stories June 3, 2020

Google is a big proponent for 2-Step Verification, and is today improving the experience on iPhones. You can now sign-in to a Google Account on iOS using USB/NFC security keys.

expand full story

security Stories January 9, 2020

Ring fires employees for spying on customer videos stored in the cloud

Video doorbell company Ring, a subsidiary of Amazon, says that it has fired employees for spying on customer videos stored on its cloud servers. Although the doorbell cameras are intended for outdoor coverage, the company also sells cameras for use inside the home …

security Stories June 20, 2019

Update: Google told The Verge that it has now fixed the problem.

We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest. We’ve since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.

Used Nest cams allow the original owner to spy on whoever buys them. The problem was discovered by a former owner of the popular Nest Cam Indoor.

Worryingly, the behavior survives the official reset procedure, and right now there appears to be no fix available for it …

expand full story

security Stories February 5, 2019

Safer Internet Day is officially today, but Google is spending the entire week discussing security and launching new features. The first is a Password Checkup Chrome extension that will advise users to reset credentials breached on third-party sites, while Cross Account Protection extends first-party tools to re-secure breached Google Sign In apps.

expand full story

security Stories January 29, 2019

Targeting elections is now a common tactic aimed at disrupting democracy around the world. Last year, Google announced voter education, Ads Transparency, and security trainings ahead of European Parliament elections in May. The company today provided an update, including Jigsaw expanding its Project Shield DDoS protections.

expand full story

security Stories September 28, 2018

Facebook admits cyber attack may have exposed info from 50 million accounts to hackers

Just after confirming the controversial practice of using 2FA phone numbers to send targeted ads to  Facebook users, the platform has discovered a flaw that’s left at least 50 million accounts compromised to attackers.

security Stories September 7, 2018

A ‘sophisticated’ attack on British Airways’ mobile app and website has exposed the names, email addresses and full credit card details of 380,000 customers.

Of particular concern is the fact that the attackers captured the three-digit CVV security codes on the backs of cards, something that should not normally be possible …

expand full story

security Stories September 3, 2018

A Google engineer found that he was able to hack the supposedly secure doors at the search giant’s Sunnyvale offices. He was able to unlock doors without the RFID key, and even lock out employees who did have their key …

expand full story

security Stories August 24, 2018

Google and other tech giants discussing countermeasures to election disinformation

Google is one of more than a dozen tech giants meeting today to discuss countermeasures for state-sponsored disinformation campaigns on their platforms during the run-up to the 2018 midterm elections …

security Stories August 14, 2018

Banks secretly monitoring how you use your phone and computer to detect fraud

Banks are secretly gathering up to 2,000 data points on how you use your phone and computer to help detect fraud. The data used can be anything from the angle at which you typically hold your phone to whether or not you use a numeric keypad when typing numbers on your computer …

security Stories August 8, 2018

Researchers funded by the Department of Homeland Security say that they have discovered major security vulnerabilities likely to affect millions of US smartphones.

The flaws have been found in unspecified phones sold by Verizon, AT&T, T-Mobile, Sprint and other carriers …

expand full story

security Stories August 7, 2018

November’s midterm election will be the first time it’s ever been possible for US citizens to vote using a smartphone app.

Despite an extremely limited rollout, and tests revealing no issues, some election officials and security experts have expressed horror at the potential risks …

expand full story

security Stories August 1, 2018

G Suite can now alert admins of accounts targeted by government-based attackers

Since 2012, Google has warned users being targeted by what the company suspects are government-based attackers. Coinciding with today’s climate, Google is now adding a feature to alert G Suite administrators when there has been such an attempt on an account they manage.

security Stories July 25, 2018

TSA testing 3D scanner that will let you leave your laptop and tablet in your hand-baggage

Going through Security is one of the more tedious aspects of air travel, especially given the need to remove laptops, tablets and liquids from bags, which makes the process even slower …

security Stories July 23, 2018

Two-factor authentication is increasingly becoming a requirement to protect online accounts from phishing attacks. With methods ranging from SMS to prompts, one of the more secure forms involves Security Keys, with Google highlighting the success of rolling out these devices.

expand full story

security Stories July 18, 2018

Venmo’s default settings expose ‘alarming’ personal data, shows analysis of 200M transactions

A security researcher who analyzed more than 200 million Venmo transactions said that she was able to learn ‘an alarming amount’ about the private lives of users thanks to a privacy weakness in the app.

security Stories July 9, 2018

Timehop hacked: users advised to take urgent steps to protect their cellphone numbers

Timehop, an app which resurfaces memories from your past social media posts, says that it has been hacked. Names, email addresses and phone numbers have been obtained, and the company urges users to take urgent steps to protect their cellphone numbers …

security Stories June 26, 2018

If you’re in the market for a new wireless router, you’d be well advised to look out for models which support a new security standard. After relying on WPA2 for security for more than a decade, the Wi-Fi Alliance has just begun certifying products that use its replacement: WPA3 …

expand full story

security Stories May 11, 2018

Updates are easily the biggest problem facing the Android ecosystem, and Google is working hard to fix that. Project Treble has proven that it’s capable of making updates easier, and now Google is stepping up requirements for OEMs when it comes to security patches.

expand full story

security Stories April 26, 2018

Google will make 3rd-party logins more secure in May with a new account verification feature

Google takes security very seriously, especially when it comes to logging in to your account. Today, the company has announced a new sign-in feature that should help out with upping the security even further.

security Stories April 12, 2018

Updates on Android have long been a mess. Despite Google’s best efforts to improve security and make updates easier for everyone, it’s rare that an OEM can actually keep up with everything Google is doing. According to a new report, though, some have just been saying they’re up to date, without actually putting in the work…

expand full story

security Stories April 2, 2018

ACLU & others call for tech companies – including Google – to sign four-point ‘security pledge’

The American Civil Liberties Union (ACLU) and six other campaign groups have responded to the Facebook privacy controversy by calling on tech companies to sign a ‘security pledge.’ The pledge asks companies to make four promises to their customers and users …

security Stories March 23, 2018

Crashing apps happen on all platforms, but on Android, they can be more common because of the numbers of variables developers have to work around. To get data on why an app is crashing, developers often collect crash reports once the user reopens an app. However, some developers are getting a warning from Google to change the way those reports are being collected…

expand full story

security Stories March 21, 2018

Director of Information Security Engineering leaves Google as industry-wide privacy concerns grow

Google has lost a member of its Information Security team. These past few weeks have been a tumultuous time in terms of Information Security, with recent allegations against Facebook including the Cambridge Analytica scandal, but it’s unclear the reasoning behind his departure.

security Stories March 20, 2018

Telegram loses Supreme Court appeal in Russia, must hand over encryption keys

Not long after Telegram was pulled from Apple’s App Store when the company learned it was serving child pornography, the encrypted messaging app has lost a Supreme Court appeal in Russia, and been ordered to share its encryption keys with KGB successor, the Federal Security Service (FSB) …

security Stories February 19, 2018

Google exposes security flaw in Microsoft Edge, no ETA on patch 90 days after discovery

Google has discovered security flaws in competitors products several times in the past, and those discoveries have become the source of some friction. In recent years, that’s included Microsoft, and now Google has discovered yet another issue.

security Stories January 22, 2018

A Google engineer recently spoke at a conference and stated that only roughly 10 percent of all Google account holders have enabled two-factor authentication. That is a surprisingly low percentage of users not taking every step possible to protect their Google and email accounts.

Why haven’t you enabled two-step authentication on your Google account?

expand full story

Online security is an increasingly big deal in our day-to-day lives, and there are two easy methods of keeping our data secure. First, a strong password, and secondly, two-factor authentication. If used properly, these can do wonders for keeping your online data safe, but so few actually use them as they should…

expand full story

security Stories January 10, 2018

Spectre and Meltdown took the entire technology industry by storm last week, but fortunately companies are working towards patching the vulnerabilities. For Chrome OS, most recent devices are patched against Meltdown, with Google posting a complete list on the current status of mitigations.

expand full story

security Stories January 4, 2018

Following yesterday’s disclosure of the CPU Speculative Execution issue raging through the tech industry by the Project Zero team, Google is now detailing the mitigations for the security flaw. In a blog post, the company also discusses the impact to processor and cloud performance.

expand full story

security Stories January 3, 2018

Over the past 24 hours, the tech industry has been rocked by a wide-ranging CPU vulnerability. Discovered by Google’s Project Zero security team last year, details of the exploits have now officially emerged. Meanwhile, Google has provided a full list of mitigation status for its products from Android to enterprise services.

expand full story

security Stories December 19, 2017

The Department of Homeland Security found that almost all apps used by emergency professionals have vulnerabilities.

Of the 33 popular first responder apps tested, all but one was found to raise potential security and privacy concerns – and more than half had ‘critical flaws’ …

expand full story

security Stories December 1, 2017

In recent years, Google has expanded the scope of Safe Browsing to Gmail on the web and third-party Android apps, while protecting against more kinds of threats. The latest update adds additional protections in the forms of user warnings against Android apps that collect user and device data without permission.

expand full story

security Stories October 25, 2017

Security researchers at Kaspersky Lab say that a number of popular dating apps are vulnerable to up to three types of attack, potentially revealing anything from user location to full identity and employer …

expand full story

security Stories October 18, 2017

Google defaulting from SMS to phone-based Prompt for new 2-Step Verification users

Last year, Google announced a new method for 2-Step Verification that is built into Android and available on iOS. The Google Prompt replaces the hackable SMS method and was recently updated to include more detailed information. Today, Google announced that the Prompt will become the default method for new sign-ups.

security Stories October 16, 2017

WPA2 – the encryption standard that secures all modern wifi networks – has been cracked. An attacker could now read all information passing over any wifi network secured by WPA2, which is most routers, both public and private.

All platforms are vulnerable, but the paper notes that Android 6.0 and later – along with Linux – is a particularly easy target, an attack against these devices being described as ‘trivial’ …

expand full story

security Stories July 14, 2017

U.S. Border Protection can search devices but not cloud accounts, as searches climb dramatically

U.S. Customs and Border Protection has advised a Senator that while it has the power to search electronic devices and examine all data stored on them, these powers do not extend to searching data stored in the cloud …

security Stories July 6, 2017

Cabin baggage ban on laptops & tablets over in all but name after latest exemption

The ban on laptops and tablets in cabin baggage on certain flights into the USA is over in all but name as a fourth airline is exempted. It’s clear by this stage that the ban was simply an aggressive way to force airports and airlines to adopt tougher security screening measures.

security Stories May 31, 2017

It’s been more than two months since the U.S. government banned tablets and laptops from cabin baggage on flights from 10 airports, and there has been much talk since of extending the ban.

An iPad bomb plot was said to have been one factor behind the original ban. The Trump administration last month considered extending the ban to all flights from Europe, with the plan said to be ‘under active consideration‘ before it was reportedly rejected.

Now, however, it appears that an even more widespread ban is on the table …

expand full story

security Stories May 26, 2017

A set of Android vulnerabilities discovered by security researchers would allow an attacker complete control of a device, when locked and the screen is switched off.

The image above illustrates just one attack vector, clickjacking – where the user thinks they are okaying one thing while invisibly okaying something else. For illustrative purposes, the researchers have made the real action visible behind the overlay, but in real use (seen in the video below) the permission box would be invisible to the user …

expand full story

security Stories May 24, 2017

PSA: Many major media players vulnerable to attack via malicious subtitles files [Video]

Security researchers have discovered a surprising new way for attackers to gain control of a machine: malicious subtitles. The vulnerability is device-independent, meaning it could be used to gain control of anything from a smartphone to a PC or Mac.

security Stories May 12, 2017

According to Google, last week’s phishing scam that imitated a Docs invite was quickly countered by existing security measures. The company is now announcing changes aimed at developers to prevent future attacks.

expand full story

Nobody wants to risk buying a stolen item. Even if you leave aside the morality issue, buying stolen devices creates a market for further thefts. And with smartphones, a stolen device can be be rendered useless by a combination of remote locking and blocks by carriers.

Wireless trade body CTIA has now created a free online tool to allow anyone to instantly check whether a phone is registered as lost or stolen …

expand full story

security Stories April 25, 2017

A U.S. ban on carrying laptops and tablets in the cabin of inbound international flights may be extended to European countries, including the UK. Any electronic device larger than a phone would have to be placed in hold baggage.

The U.S. government currently applies the ban to flights from 10 airports, mostly Middle Eastern and North African. The measure was introduced last month, the Department of Homeland Security stating that it was in response to intelligence suggesting that terrorists planned to smuggle explosives inside consumer electronics items …

expand full story

security Stories March 22, 2017

The Android Security team has just published its year in review of the mobile operating system for 2016. Sifting through the report, major highlights include improvements in dangerous app detection and increased collaboration with partners on monthly patches. Google also shared some of its security plans for the year ahead.

expand full story

security Stories March 21, 2017

Tablets & laptops banned from cabin baggage on flights to USA from 10 airports

The U.S. government has announced a ban on carrying tablets, laptops and other ‘large electronic devices’ in cabin baggage on flights to the USA from 10 airports. The measure is said to be in response to intelligence on terrorism threats from eight countries, mostly Middle Eastern and North African, reports the BBC.

security Stories March 15, 2017

Thousands of Twitter users have this morning had their accounts hijacked and used to tweet a swastika and Nazi hashtags. The attack appears to be in support of Turkey’s President, urging support for a referendum which could allow President Erdoğan to remain in power until 2029.

The Verge reports that many verified and high-profile Twitter accounts were compromised, and that the hijack appears to have been carried out via a third-party app.

Accounts operated by Amnesty International, Duke University, Reuters Japan, and BBC North America were among those hijacked. Several users have noted that all hijacked tweets appear to have been linked to Twitter Counter, a Netherlands-based analytics application. Twitter Counter was previously targeted in a November 2016 attack that caused some high-profile accounts to spread spam. 

Twitter confirmed that a third-party app was behind the hack, so checking which apps have permission to access your Twitter account is one important step to take. Here’s a quick checklist to check the security of Twitter and other services …

expand full story

security Stories March 7, 2017

Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for Android devices, in addition to one targeting Apple’s iOS. A zero-day exploit is one unknown to Google or security researchers, so cannot be protected against.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

The CIA is also said to have teams working on attacking Windows and Samsung TVs, ‘which are turned into covert microphones.’

Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware it uses to attack devices …

expand full story

Powered by WordPress VIP