Google has lost a member of its Information Security team. These past few weeks have been a tumultuous time in terms of Information Security, with recent allegations against Facebook including the Cambridge Analytica scandal, but it’s unclear the reasoning behind his departure.
Not long after Telegram was pulled from Apple’s App Store when the company learned it was serving child pornography, the encrypted messaging app has lost a Supreme Court appeal in Russia, and been ordered to share its encryption keys with KGB successor, the Federal Security Service (FSB) …
Google has discovered security flaws in competitors products several times in the past, and those discoveries have become the source of some friction. In recent years, that’s included Microsoft, and now Google has discovered yet another issue.
A Google engineer recently spoke at a conference and stated that only roughly 10 percent of all Google account holders have enabled two-factor authentication. That is a surprisingly low percentage of users not taking every step possible to protect their Google and email accounts.
Why haven’t you enabled two-step authentication on your Google account?
Online security is an increasingly big deal in our day-to-day lives, and there are two easy methods of keeping our data secure. First, a strong password, and secondly, two-factor authentication. If used properly, these can do wonders for keeping your online data safe, but so few actually use them as they should…
Spectre and Meltdown took the entire technology industry by storm last week, but fortunately companies are working towards patching the vulnerabilities. For Chrome OS, most recent devices are patched against Meltdown, with Google posting a complete list on the current status of mitigations.
Following yesterday’s disclosure of the CPU Speculative Execution issue raging through the tech industry by the Project Zero team, Google is now detailing the mitigations for the security flaw. In a blog post, the company also discusses the impact to processor and cloud performance.
Over the past 24 hours, the tech industry has been rocked by a wide-ranging CPU vulnerability. Discovered by Google’s Project Zero security team last year, details of the exploits have now officially emerged. Meanwhile, Google has provided a full list of mitigation status for its products from Android to enterprise services.
The Department of Homeland Security found that almost all apps used by emergency professionals have vulnerabilities.
Of the 33 popular first responder apps tested, all but one was found to raise potential security and privacy concerns – and more than half had ‘critical flaws’ …
In recent years, Google has expanded the scope of Safe Browsing to Gmail on the web and third-party Android apps, while protecting against more kinds of threats. The latest update adds additional protections in the forms of user warnings against Android apps that collect user and device data without permission.
Security researchers at Kaspersky Lab say that a number of popular dating apps are vulnerable to up to three types of attack, potentially revealing anything from user location to full identity and employer …
Last year, Google announced a new method for 2-Step Verification that is built into Android and available on iOS. The Google Prompt replaces the hackable SMS method and was recently updated to include more detailed information. Today, Google announced that the Prompt will become the default method for new sign-ups.
WPA2 – the encryption standard that secures all modern wifi networks – has been cracked. An attacker could now read all information passing over any wifi network secured by WPA2, which is most routers, both public and private.
All platforms are vulnerable, but the paper notes that Android 6.0 and later – along with Linux – is a particularly easy target, an attack against these devices being described as ‘trivial’ …
U.S. Customs and Border Protection has advised a Senator that while it has the power to search electronic devices and examine all data stored on them, these powers do not extend to searching data stored in the cloud …
The ban on laptops and tablets in cabin baggage on certain flights into the USA is over in all but name as a fourth airline is exempted. It’s clear by this stage that the ban was simply an aggressive way to force airports and airlines to adopt tougher security screening measures.
It’s been more than two months since the U.S. government banned tablets and laptops from cabin baggage on flights from 10 airports, and there has been much talk since of extending the ban.
An iPad bomb plot was said to have been one factor behind the original ban. The Trump administration last month considered extending the ban to all flights from Europe, with the plan said to be ‘under active consideration‘ before it was reportedly rejected.
Now, however, it appears that an even more widespread ban is on the table …
A set of Android vulnerabilities discovered by security researchers would allow an attacker complete control of a device, when locked and the screen is switched off.
The image above illustrates just one attack vector, clickjacking – where the user thinks they are okaying one thing while invisibly okaying something else. For illustrative purposes, the researchers have made the real action visible behind the overlay, but in real use (seen in the video below) the permission box would be invisible to the user …
Security researchers have discovered a surprising new way for attackers to gain control of a machine: malicious subtitles. The vulnerability is device-independent, meaning it could be used to gain control of anything from a smartphone to a PC or Mac.
According to Google, last week’s phishing scam that imitated a Docs invite was quickly countered by existing security measures. The company is now announcing changes aimed at developers to prevent future attacks.
Nobody wants to risk buying a stolen item. Even if you leave aside the morality issue, buying stolen devices creates a market for further thefts. And with smartphones, a stolen device can be be rendered useless by a combination of remote locking and blocks by carriers.
Wireless trade body CTIA has now created a free online tool to allow anyone to instantly check whether a phone is registered as lost or stolen …
A U.S. ban on carrying laptops and tablets in the cabin of inbound international flights may be extended to European countries, including the UK. Any electronic device larger than a phone would have to be placed in hold baggage.
The U.S. government currently applies the ban to flights from 10 airports, mostly Middle Eastern and North African. The measure was introduced last month, the Department of Homeland Security stating that it was in response to intelligence suggesting that terrorists planned to smuggle explosives inside consumer electronics items …
The Android Security team has just published its year in review of the mobile operating system for 2016. Sifting through the report, major highlights include improvements in dangerous app detection and increased collaboration with partners on monthly patches. Google also shared some of its security plans for the year ahead.
Dubai International is one of the airports affected by the ban
The U.S. government has announced a ban on carrying tablets, laptops and other ‘large electronic devices’ in cabin baggage on flights to the USA from 10 airports. The measure is said to be in response to intelligence on terrorism threats from eight countries, mostly Middle Eastern and North African, reports the BBC.
Thousands of Twitter users have this morning had their accounts hijacked and used to tweet a swastika and Nazi hashtags. The attack appears to be in support of Turkey’s President, urging support for a referendum which could allow President Erdoğan to remain in power until 2029.
The Verge reports that many verified and high-profile Twitter accounts were compromised, and that the hijack appears to have been carried out via a third-party app.
Accounts operated by Amnesty International, Duke University, Reuters Japan, and BBC North America were among those hijacked. Several users have noted that all hijacked tweets appear to have been linked to Twitter Counter, a Netherlands-based analytics application. Twitter Counter was previously targeted in a November 2016 attack that caused some high-profile accounts to spread spam.
Twitter confirmed that a third-party app was behind the hack, so checking which apps have permission to access your Twitter account is one important step to take. Here’s a quick checklist to check the security of Twitter and other services …
