Google News, Articles and Updates

Google patches 37 security issues in Chrome

Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.

Bug in anti-malware defenses mistakenly blocks users' Google Docs files

Google issued a public apology on Thursday after a bug mistakenly caused its defences against malware, phishing, and spam to block some users' access to Google Docs files on 31 October.

Google bug tracker service flaw allowed access to new vulnerability reports

A private website Google used to track bugs in its own products was discovered to have its own set of flaws that could have exposed sensitive vulnerability reports - now fixed.

News Feature: Google Security interview "human solutions - the way to go."

Google has launched of a range of personal and corporate security enhancements (below) this month. Google security expert Allison Miller, spoke to SC about the organisation's approach to security and privacy concerns.

'Unverified app' warning adds anti-phishing protection to G Suite

Google claims new 'unverified app' warning will cut down on phishing attacks from within G Suite by giving users information on potentially dodgy apps and scripts.

ICO, surprisingly, doesn't lose its mind over NHS DeepMind experiment

Despite ruling that the Royal Free NHS Trust failed to comply with data protection laws in its experiment with Google DeepMind, the ICO has not slapped the trust with a fine, saying, "The Data Protection Act is not a barrier to innovation."

XSS flaw found in the Google's PHP API client enables phishing attacks

Security researchers have discovered a bug in Google's PHP client library for accessing Google APIs that could enable criminals to take advantage of the cross-site scripting flaw and carry out a phishing attack.

ICYMI: £77m phish; Czech win; ATM theft; Netflix ransom; Bank squat

In Case You Missed It: Google & Facebook phished; Czechs win exercise; ATM theft; Netflix ransom snub; Bank domains spoofed

[Updated] Google phishing attack nets one million accounts with crafty spoof

A sophisticated phishing attack against one million of its users has been stopped, and Google says that swift action prevented it from becoming much worse.

Web hacking only getting worse as webmasters fail to patch ageing code

As part of its #NoHacked campaign, Google has published figures on the state of website security, and the trend doesn't look good.

Ear, ear: Hacker could defeat Google reCAPTCHA with speech recognition

Google's reCAPTCHA anti-robot widget has been found to be susceptible to a robot attack that leverages its own online services.

Google mistakes large volume of NHS traffic to be a botnet

NHS Digital said "We are aware of the current issue concerning NHS IP addresses which occasionally results in users being directed to a simple verification form when accessing Google."

Android tops 2016 vulnerability list. Security industry says "meh!"

The Common Vulnerabilities and Exposures (CVE) statistics for 2016 are in and it doesn't make great reading for Google. Or does it? Davey Winder runs the numbers.

Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps

A newly discovered malware program that targets older versions of the Android OS has infected roughly 1.3 million Google accounts, currently breaching devices at a rate of 13,000 victims per day.

Google speech recognition was vulnerable to use-after-free attack

A specially crafted webpage could hook a dangling pointer created by Google Chrome and Chromium's speech recognition API object and use it to access a block of memory on a user's machine.

Artificial intelligence creates its own encryption

Researchers from Google's Brain division have released an academic paper which details how they were able to get neural networks to create their own encryption standard, and communicate between each other.

Google looking to reshape web defences with strict Content Security Policies

Google has released a Content Security Policy Evaluator with the aim of assisting web developers avoid leaving their web applications open to XSS attacks.

Google Play again used to host malware-laden apps; this time, Overseer

Google Play continues to be a playground for cybercriminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.

ICYMI:Seagate, DGSE, CREST and the NSA, Google encryption shaming and the NAO wags its finger at the cabinet

This week: Hackers hit Seagate, French confirmation of foreign hacking, CREST takes the reins from the NSA, Google starts encryption shaming and NAO criticises cabinet office Infosec

Project Zero hacking contest targets remote code execution flaws

Google's Project Zero unveiled an Android hacking contest that aims to discover flaws on the Nexus 6P and 5X devices.

Cross-site scripting vulnerability found on Google's French website

Sacre Bleu!: A type of XSS vulnerability has been discovered in the French version of Google

Google refuses to patch alleged login page flaw

Google is refusing to patch an alleged faulty Login Page after an independent researcher claimed to have spotted a bug.

Google says 'Allo, we're now encrypted too!'

Google's upcoming chat app is to feature opt-in encrypted chat options, which will use the same technology that forms the basis of Whatsapp and Signal.

Malicious versions of Pokémon GO found, company apologises for privacy issues

Security researchers find malicious versions of Pokemon GO app, while the firm behind new gaming frenzy Pokémon GO, Niantic, apologises for privacy mishaps.

Google encryption flaw could allow video piracy

A Google encryption vulnerability could allow bad actors to hijack video content from protected videos.

Google CEO Sundar Pichai Quora account hijacked by Zuckerberg hackers

Three weeks after hijacking Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts, the mischievous OurMine hacking group appears to have briefly seized control of Google CEO Sundar Pichai's Quora account.

No more pesky codes with Google's new and easy two-step verification

Google has introduced a new process that simplifies two-factor authentication for users to secure access to accounts and web-based services.

Google seeks to phase out Flash on Chrome by year-end

Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.

VirusTotal policy changes spark outrage among newer tech startups

Changes in policy at information sharing database, VirusTotal, mean that those who don't put in will get nothing back, but some warn that this is merely the old guard of tech world muscling out the new players.

Google denies email injection flaw can bypass filters and pwn users

Israel-based cyber-threat specialists Cyberint insists it has found a serious flaw in Google security despite the tech giant's denials that email injection can bypass security filters.