#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter
CrowdSec

Google | Breaking Cybersecurity News | The Hacker News

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

May 26, 2023 Data Safety / Cloud Security
A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data," Israeli cloud security firm Dig  said . Cloud SQL  is a fully-managed solution to build MySQL, PostgreSQL, and SQL Server databases for cloud-based applications. The multi-stage attack chain identified by Dig, in a nutshell, leveraged a gap in the cloud platform's security layer associated with SQL Server to escalate the privileges of a user to that of an administrator role. The elevated permissions subsequently made it possible to abuse another critical misconfiguration to obtain system administrator rights and take full control of the database server.
New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

May 26, 2023 ICS/SCADA Security
A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware  COSMICENERGY , adding it was uploaded to the VirusTotal public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild. "The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units ( RTUs ), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia," the company  said . COSMICENERGY is the latest addition to  specialized   malware  like Stuxnet, Havex, Triton, IRONGATE, BlackEnergy2, Industroyer, and PIPEDREAM, which are capable of sabotaging critical systems and wreaking havoc. Mandiant said that there are circumstantial links that it may have bee
cyber security

external linkWing Security Launches Free SaaS Discovery Tool to Tackle Shadow IT Risks

websitewww.wing.securitySaaS Security / Attack Surface
Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

May 25, 2023 Software Security / Supply Chain
Google on Wednesday announced the  0.1 Beta version  of  GUAC  (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant is  making available  the open source framework as an API for developers to integrate their own tools and policy engines. GUAC  aims to aggregate software security metadata from different sources into a graph database that maps out relationships between software, helping organizations determine how one piece of software affects another. "Graph for Understanding Artifact Composition ( GUAC ) gives you organized and actionable insights into your software supply chain security position," Google  says  in its documentation. "GUAC ingests software security metadata, like SBOMs, and maps out the relationship between software so that you can fully understand your software security position." In other words, it's designed to bring together Software Bill of M
Data Stealing Malware Discovered in Popular Android Screen Recorder App

Data Stealing Malware Discovered in Popular Android Screen Recorder App

May 24, 2023 Mobile Security / Data Safety
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality is believed to have been introduced in version 1.3.8, which was released on August 24, 2022. "It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code," ESET security researcher Lukáš Štefanko  said  in a technical report. "The malicious code that was added to the clean version of iRecorder is based on the open source  AhMyth  Android RAT (remote access trojan) and has been customized into what we named AhRat." iRecorder was  first flagged  as harboring the AhMyth trojan on October 28, 2022, by
Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024

Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024

May 19, 2023 Online Privacy / Tech News
Google has announced plans to officially flip the switch on its twice-delayed  Privacy Sandbox  initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024. "This will support developers in conducting real world experiments that assess the readiness and effectiveness of their products without third-party cookies," Anthony Chavez, vice president of Privacy Sandbox at Google,  said . Prior to rolling this out, Google said it would introduce the ability for third-party developers to simulate the process for a configurable subset of their users (up to 10%) in Q4 2023. Google further emphasized that the plans have been designed and developed with regulatory oversight and input from the U.K.'s Competition and Markets Authority ( CMA ), which is overseeing the implementation to
Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

May 17, 2023 SIM Swapping / Server Security
A financially motivated cyber actor has been observed abusing Microsoft Azure  Serial Console  on virtual machines (VMs) to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name  UNC3944 , which is also known as Roasted 0ktapus and Scattered Spider. "This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM," the threat intelligence firm  said . The emerging adversary, which first came to light late last year, is known to  leverage SIM swapping attacks  to breach telecommunications and business process outsourcing (BPO) companies since at least May 2022. Subsequently, Mandiant also  found  UNC3944 utilizing a loader named STONESTOP to install a malicious signed driver dubbed POORTRY that's designed to terminate processes associated
Google Announces New Privacy, Safety, and Security Features Across Its Services

Google Announces New Privacy, Safety, and Security Features Across Its Services

May 10, 2023 Privacy / Safety / Security
Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant's latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and transparency over their personal data. Here is a short list of the newly introduced features - Improved data control and transparency Gmail Dark Web Scan Report Effortlessly Delete Maps Search History AI-Powered Safe Browsing Content Safety API Expansion About this Image Spam View in Google Drive Among the newly introduced features, the first on the list is improved data control and transparency. Google has unveiled an update for its Android operating system that allows users to better control location sharing through apps installed on their devices. "Starting with location data, you will be informed in permission requests when an app shares your information with third-pa
Why Honeytokens Are the Future of Intrusion Detection

Why Honeytokens Are the Future of Intrusion Detection

May 10, 2023 Intrusion Detection / Honeypot
A few weeks ago, the 32nd edition of RSA, one of the world's largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on  the state of cybersecurity . During his keynote, Mandia stated: "There are clear steps organizations can take beyond common safeguards and security tools to strengthen their defenses and increase their chances of detecting, thwarting or minimizing attack [...] Honeypots , or fake accounts deliberately left untouched by authorized users,  are effective at helping organizations detect intrusions or malicious activities that security products can't stop ". "Build honeypots" was one of his seven pieces of advice to help organizations avoid some of the attacks that might require engagement with Mandiant or other incident response firms. As a reminder, honeypots are  decoy systems  that are set up to lure attackers and divert their attentio
Apple and Google Join Forces to Stop Unauthorized Location-Tracking Devices

Apple and Google Join Forces to Stop Unauthorized Location-Tracking Devices

May 03, 2023 Privacy / Technology
Apple and Google have  teamed up  to work on a  draft industry-wide specification  that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. "The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and iOS platforms," the companies said in a joint statement. While these trackers are primarily designed to keep tabs on personal belongings like keys, wallets, luggage, and other items, such devices have also been abused by bad actors for  criminal or nefarious purposes , including instances of  stalking, harassment, and theft . The goal is to standardize the alerting mechanisms and minimize opportunities for misuse across Bluetooth location-tracking devices from different vendors. To that end, Samsung, Tile, Chipolo, eufy Security, and Pebblebee have all come on board. In doi
APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

May 01, 2023 Threat Analysis / Cyber Attack
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency  attributed  the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "Windows Update" and purportedly contain instructions in the Ukrainian language to run a PowerShell command under the pretext of security updates. Running the script loads and executes a next-stage PowerShell script that's designed to collect basic system information through commands like  tasklist  and  systeminfo , and exfiltrate the details via an HTTP request to a  Mocky API . To trick the targets into running the command, the emails impersonate system administrators of the targeted government entities using fake Microsoft Outlook email accounts created with the employees'
Google Blocks 1.43 Million Malicious Apps, Bans 173,000 Bad Accounts in 2022

Google Blocks 1.43 Million Malicious Apps, Bans 173,000 Bad Accounts in 2022

May 01, 2023 Mobile Security / Android
Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions through  developer-facing features  like Voided Purchases API, Obfuscated Account ID, and Play Integrity API. The addition of identity verification methods such as phone number and email address to join Google Play contributed to a reduction in accounts used to publish apps that go against its policies, Google pointed out. The search behemoth further said it "prevented about 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years." "In 2022, the  App Security Improvements program  helped developers fix ~500K security weaknesses affecting ~300K apps with a combined install base of approximately 250B installs," it  noted . In contrast,
Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Apr 27, 2023 Botnet / Cyber Crime
Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called  CryptBot  and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau  said  the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was  first discovered  in the wild in December 2019. The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Goog
Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

Apr 25, 2023 Artificial Intelligence / Threat Detection
Google's cloud division is following in the  footsteps of Microsoft  with the launch of  Security AI Workbench  that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model ( LLM ) that's "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment point-in-time incident analysis, threat detection, and analytics to counter and prevent new infections by delivering intelligence that's  trusted, relevant, and actionable . To that end, the Security AI Workbench spans a wide range of new AI-powered tools, including  VirusTotal Code Insight  and  Mandiant Breach Analytics for Chronicle , to analyze potentially malicious scripts and alert customers of active breaches in their environments. Users, like with Microsoft's GPT-4-based  Security Copilot , can "conversationally search, analyze, and investigate
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Apr 25, 2023 Password Security / Authentication
Search giant Google on Monday unveiled a major update to its  12-year-old  Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords ( TOTPs ) to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," Google's Christiaan Brand  said . The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's  iCloud Keychain  and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones. Even worse, as Google puts it, users who lose access to their devices completely "lost their ability to sign in to any service on which they'd set up 2FA using Authenticator." The cloud sync feature is optional, meaning users can opt to u
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Apr 19, 2023 Cyber War / Cyber Attack
Elite hackers associated with  Russia's military intelligence service  have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group (TAG), which is  monitoring  the activities of the actor under the name  FROZENLAKE , said the  attacks   continue  the "group's 2022 focus on targeting webmail users in Eastern Europe." The state-sponsored cyber actor, also tracked as APT28, Fancy Bear, Forest Blizzard, Iron Twilight, Sednit, and Sofacy, is both highly prolific and proficient. It has been active since at least 2009, targeting media, governments, and military entities for espionage. The latest intrusion set, starting in early February 2023, involved the use of reflected cross-site scripting ( XSS ) attacks on various Ukrainian government websites to redirect users to phishing domains and capture their credentials. The disclosure
Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

Apr 19, 2023 Browser Security / Zero-Day
Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as  CVE-2023-2136 , is  described  as a case of  integer overflow  in  Skia , an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,"  according  to the NIST's National Vulnerability Database (NVD). The tech giant, which also fixed seven other security issues with the latest update, said it's aware of active exploitation of the flaw, but did not disclose additional details to prevent further abuse. The development marks the second Chrome zero-day vulnerability to be exploited by malicious actors th
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose

Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose

Apr 17, 2023 Surveillance / Privacy
Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper  Calcalist , citing unnamed sources, adding the company "hasn't been fully active for a while" and that it "has been in a difficult situation for several months." The company's board of directors are looking to sell off its intellectual property, the report further added. QuaDream, which specializes in hacking Apple devices that don't require any action on the part of the victim, is also said to have fired all its employees, with the firm undergoing significant downsizing, according to Haaretz and The Jerusalem Post . News of the purported shutdown comes as the firm's spyware framework – dubbed REIGN – was outed as  having been used  against journalists, political opposition figures, and NGO workers across
Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

Apr 17, 2023 Cyber Threat / Cloud Security
A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control ( GC2 ) amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the  geological  and  geographical-themed  moniker  HOODOO , which is also known by the names  APT41 , Barium, Bronze Atlas, Wicked Panda, and  Winnti . The starting point of the attack is a phishing email that contains links to a password-protected file hosted on Google Drive, which, in turn, incorporates the Go-based GC2 tool to read commands from Google Sheets and exfiltrate data using the cloud storage service. "After installation on the victim machine, the malware queries Google Sheets to obtain attacker commands," Google's cloud division  said  in its sixth Threat Horizons Report. "In addition to exfiltration via Drive,
Cybersecurity Resources