The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Google

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

June 24, 2022Ravie Lakshmanan
A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in  Google Play Protect  — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group (TAG)  said  in a Thursday report. Hermit, the work of an Italian vendor named RCS Lab, was  documented  by Lookout last week, calling out its modular feature-set and its abilities to harvest sensitive information such as call logs, contacts, photos, precise location, and SMS messages. Once the threat has thoroughly insinuated itself into a device, it's also equipped to record audio and make and redirect phone calls, besides abusing its permissions to accessibility services on Android to keep tabs on various foreground apps used by the victims. Its modularity also enab
Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

May 26, 2022Ravie Lakshmanan
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru  said  in a new report published Wednesday. "The technical entry bar for the framework is purposefully kept low, which has served to create an active community of content developers and contributors, with actors in the underground economy advertising their time for the creation of bespoke tooling." The U.S. cybersecurity company said it observed command-and-control (C2) IP addresses associated with malware such as  Bumblebee ,  BlackGuard , and  RedLine Stealer  establishing connections to the downloads subdomain of Bablosoft ("downloads.bablosoft[.]com"), the maker of the Browser Automation Studio (BAS). Bablosoft was previously
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

May 24, 2022Ravie Lakshmanan
Popular video conferencing service Zoom has  resolved  as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol ( XMPP ) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google Project Zero has been credited with discovering and reporting all the four flaws in February 2022. The list of bugs is as follows - CVE-2022-22784  (CVSS score: 8.1) - Improper XML Parsing in Zoom Client for Meetings CVE-2022-22785  (CVSS score: 5.9) - Improperly constrained session cookies in Zoom Client for Meetings CVE-2022-22786  (CVSS score: 7.5) - Update package downgrade in Zoom Client for Meetings for Windows CVE-2022-22787  (CVSS score: 5.9) - Insufficient hostname validation during server switch in Zoom Client for Meetings With Zoom's chat functionality built on top
Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits

Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits

May 20, 2022Ravie Lakshmanan
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell  said . Cytrox is alleged to have packaged the exploits and sold them to different government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, who, in turn, weaponized the bugs in at least three different campaigns. The commercial surveillance company is the maker of  Predator , an implant  analogous  to that of NSO Group's  Pegasus , and is known to hav
High-Severity Bug Reported in Google's OAuth Client Library for Java

High-Severity Bug Reported in Google's OAuth Client Library for Java

May 19, 2022Ravie Lakshmanan
Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as  CVE-2021-22573 , the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature. Credited with discovering and reporting the flaw on March 12 is  Tamjid Al Rahat , a fourth-year Ph.D. student of Computer Science at the University of Virginia, who has been awarded $5,000 as part of Google's bug bounty program. "The vulnerability is that the IDToken verifier does not verify if the token is properly signed," an  advisory  for the flaw reads. "Signature verification makes sure that the token's payload comes from a valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on
Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects

Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects

May 13, 2022Ravie Lakshmanan
Google on Thursday  announced  the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out  Open Source Insights  as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers can understand how their software is put together and the consequences to changes in their dependencies," the company said. The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a  string  of  supply chain   attacks  designed to compromise developer workflows. In December 2021, a critical flaw in the ubiquitous open source  Log4j logging library  left several companies scrambling to patch their systems against potential abuse. The announcement also comes less than
Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

May 12, 2022Ravie Lakshmanan
Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick  said  in a statement. The goal, the search giant, said to keep payment information safe and secure during online shopping and protect users from  skimming attacks  wherein threat actors inject malicious JavaScript code to plunder credit card numbers and sell them on the black market. The feature is expected to roll out in the U.S. for Visa, American Express, Mastercard, and Capital One cards starting this summer. Interestingly, while Apple offers an option to mask email addresses via  Hide My Email , which enables users to create unique, random email addresses to use with apps
Google Releases Android Update to Patch Actively Exploited Vulnerability

Google Releases Android Update to Patch Actively Exploited Vulnerability

May 05, 2022Ravie Lakshmanan
Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as  CVE-2021-22600  (CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service. The issue relates to a  double-free vulnerability  residing in the  Packet  network protocol implementation in the Linux kernel that could cause memory corruption, potentially leading to denial-of-service or execution of arbitrary code. Patches were released by different Linux distributions, including  Debian ,  Red Hat ,  SUSE , and  Ubuntu  in December 2021 and January 2022. "There are indications that CVE-2021-22600 may be under limited, targeted exploitation," Google  noted  in its Android Security Bulletin for May 2022. Specifics about the nature of the attacks are
Google to Add Passwordless Authentication Support to Android and Chrome

Google to Add Passwordless Authentication Support to Android and Chrome

May 05, 2022Ravie Lakshmanan
Google today announced  plans  to implement support for passwordless logins in Android and the Chrome web browser to allow users to seamlessly and securely sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password," Google  said . Apple and Microsoft are also expected to extend the support to iOS, macOS, and Windows operating systems as well as Safari and Edge browsers. The common Fast IDentity Online ( FIDO ) sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application. This is made possible by storing a cryptographically-secured FIDO credential called a passkey on the phone that's used to log in to the online account after unlocking the device. "Once you've done this, you won't need your phone again a
Google Releases First Developer Preview of Privacy Sandbox on Android 13

Google Releases First Developer Preview of Privacy Sandbox on Android 13

May 01, 2022Ravie Lakshmanan
Google has officially  released  the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant  said  in an overview. A "multi-year effort,"  Privacy Sandbox  on Android aims to create technologies that's both privacy-preserving as well as keep online content and services free without having to resort to opaque methods of digital advertising. The idea is to limit sharing of user data with third-parties and operate without cross-app identifiers, including advertising ID, a unique, user-resettable string of letters and digits that can be used to track users as they move between apps. Google originally  announced  its plans to bring Privacy Sandbox to Android earlier this February, following
Here's a New Tool That Scans Open-Source Repositories for Malicious Packages

Here's a New Tool That Scans Open-Source Repositories for Malicious Packages

May 01, 2022Ravie Lakshmanan
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the  Package Analysis  project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the security of the software supply chain and increasing trust in open-source software. "The Package Analysis project seeks to understand the behavior and capabilities of packages available on open source repositories: what files do they access, what addresses do they connect to, and what commands do they run?," the OpenSSF  said . "The project also tracks changes in how packages behave over time, to identify when previously safe software begins acting suspiciously," the foundation's Caleb Brown and David A. Wheeler added. In a test run that lasted a month, the tool ide
Google's New Safety Section Shows What Data Android Apps Collect About Users

Google's New Safety Section Shows What Data Android Apps Collect About Users

April 27, 2022Ravie Lakshmanan
Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy,  said . "In addition, users want to understand how app developers are securing user data after an app is downloaded." The transparency measure, which is built along the lines of Apple's " Privacy Nutrition Labels ," was  first announced  by Google nearly a year ago in May 2021. The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it's being used, and how it's handled, while also highlighting what data is being shared with thi
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

April 21, 2022Ravie Lakshmanan
Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point , the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by sending a specially crafted audio file. "The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera," the researchers said in a report shared with The Hacker News. "In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations." The vulnerabilities, dubbed ALHACK, are rooted in an audio coding format originally developed and open-sourced by Apple i
Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

April 20, 2022Ravie Lakshmanan
Google Project Zero called 2021 a "record year for in-the-wild 0-days," as  58 security vulnerabilities  were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020. "The large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits," Google Project Zero security researcher  Maddie Stone   said . "Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces," Stone added. The tech giant's in-house security team characterized the exploits as similar to previous and publicly known vulnerabilities, with only two of them markedly different for the technical sophistication and use of logic bugs to escape the sandbox. B
Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw

April 14, 2022Ravie Lakshmanan
Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as  CVE-2022-1364 , the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022. As is typically the case with actively exploited zero-day flaws, the company acknowledged it's "aware that an exploit for CVE-2022-1364 exists in the wild." Additional details about the flaw and the identity of the threat actors have been withheld to prevent further abuse. With the latest fix, Google has patched a total of three zero-day vulnerabilities in Chrome since the start of the year. It's also the second type confusion-related bug in V8 to be squashed in less than a month - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusio
Google Sues Scammer for Running 'Puppy Fraud Scheme' Website

Google Sues Scammer for Running 'Puppy Fraud Scheme' Website

April 12, 2022Ravie Lakshmanan
Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies — with alluring photos and fake customer testimonials — in order to take advantage of people during the pandemic," Google's CyberCrime Investigation Group manager Albert Shin and senior counsel Mike Trinh  said . The fraudulent scheme involved Nche Noel Ntse of Cameroon using a network of rogue websites, Google Voice phone numbers, and Gmail accounts to trick people into paying thousands of dollars online for "adorable puppies" that never arrived. The purported culprit is also alleged to have run a Google Ads campaign to push the fraudulent websites on top of search results pages as part of what Google characterized as "multiple international non-delivery scams.&
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

March 25, 2022Ravie Lakshmanan
Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as  CVE-2022-1096 , the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022. Type confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that's incompatible to what was originally initialized, could have serious consequences in languages that are not  memory safe  like C and C++, enabling a malicious actor to perform out-of-bounds memory access. "When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution," MITRE's Common Weakness Enum
North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

March 24, 2022Ravie Lakshmanan
Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks  aimed at security researchers  last year. The shortcoming in question is  CVE-2022-0609 , a use-after-free vulnerability in the browser's Animation component that Google addressed as part of updates (version 98.0.4758.102) issued on February 14, 2022. It's also the first zero-day flaw patched by the tech giant since the start of 2022. "The earliest evidence we have of this exploit kit being actively deploy
Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

March 18, 2022Ravie Lakshmanan
Google's Threat Analysis Group (TAG) took the wraps off a new  initial access broker  that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform ( CVE-2021-40444 ) as part of widespread phishing campaigns that involved sending no fewer than 5,000 business proposal-themed emails a day to 650 targeted organizations globally. "Initial access brokers are the opportunistic locksmiths of the security world, and it's a full-time job," TAG researchers Vlad Stolyarov and Vlad Stolyarov  said . "These groups specialize in breaching a target in order to open the doors — or the Windows — to the malicious actor with the highest bid." Exotic Lily, first spotted in September 2021, is said to have been involved in data exfiltration and deployment of th
Google Buys Cybersecurity Firm Mandiant for $5.4 Billion

Google Buys Cybersecurity Firm Mandiant for $5.4 Billion

March 08, 2022Ravie Lakshmanan
Google is officially buying threat intelligence and incident response company Mandiant in an all-cash deal approximately valued at $5.4 billion, the two technology firms announced Tuesday. Mandiant is expected to be folded into Google Cloud upon the closure of the acquisition, which is slated to happen later this year, adding to the latter's growing portfolio of security offerings such as BeyondCorp Enterprise , VirusTotal , Chronicle , and the Cybersecurity Action Team . "Today, organizations are facing cybersecurity challenges that have accelerated in frequency, severity and diversity, creating a global security imperative," Google  said  in a statement. "To address these risks, enterprises need to be able to detect and respond to adversaries quickly; analyze and automate threat intelligence to scale threat detection across organizations; orchestrate and automate remediation; validate their protection against known threats; and visualize their IT environment i
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.