Google | Breaking Cybersecurity News | The Hacker News

Edward Snowden 's leaks last year questioned the integrity of several big and reputed companies such as Apple, Google and Microsoft that were found in relation with the NSA in its surveillance programs.  Thereafter they maintained distance with the Agency and claimed to be unaware of such government spying activities. Now, email exchanges between Google executives Sergey Brin and Eric Schmidt and former NSA director Gen. Keith Alexander , obtained through the Freedom of Information Act that in real do not reveal anything ridiculously outrageous but suggest that the tech companies behind the services you use are very closely in relationship with the NSA and have worked with them over the years. The series of emails obtained by Al Jazeera clearly indicate that the relationship between Google and the National Security Agency (NSA) was far cozier than anyone thought. This revelation questions not only the reputation of the largest Internet giant, but also the privac

About a week back we reported about a popular paid Antivirus application on the Google Play Store which was actually a scam, dubbed as ' Virus Shield '. This First paid fake app managed to become one of the most popular anti-virus app in less than a week, and apparently more than 10,000 Smartphones users purchased it in $3.99 from Google Play Store and hence scammed more than $40,000. The Virus Shield Android App claimed to protect users' personal information from harmful viruses, malware and spyware, but in actual app doesn't scan anything and was removed from the store once the fraud had been uncovered. If you were one that had downloaded the Virus Shield Antivirus app , then don't worry, just check your email inbox, because Google cares about you and reaching out all those affected android users who purchased the app, in order to refund their money in full. REFUND WITH $5 BONUS CREDIT According to Android Police , Google has decided to refund $3.99 back to us

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Google has updated its privacy terms and conditions on Monday to offer more transparency regarding its email-scanning practices. One of the world's biggest Web internet giant, Google, made it clear that the information its users submit and share with its systems is all analyzed. Last year, Google was accused of its illegal interception of all electronic communications sent to Gmail account holders and using the gathering data to sell and place advertisements in order to serve related ads to its users. Practically, the more information you let Google collect about you, the more accurate its adverts become. But Google has long insisted that its scanning practices are outlined in its terms of service. So, finally admitting the accusation, Google has made some changes in its terms of service res a new paragraph that explains the manner in which its software automatically scans and analyzes the content of Gmail messages when they are sent, received, and stored. " Our

Pwnium is the annual Hacking competition where Google invites coders from around the world to find security holes in Google Chrome. Google has announced its 4th Pwnium Hacking Contest hosted at the Canadian Security conference in March, offering more than $2.7 million in potential rewards for hacking Chrome OS-running ARM and Intel Chromebook. This year the security researchers have a choice in between an ARM-based Chromebook, the HP Chromebook 11 (WiFi) and the Acer C720 Chromebook (2GB WiFi) based on Intel's Haswell microarchitecture . The attack must be demonstrated against one of these devices running " then-current " stable version of Chrome OS. " Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers. Contests like Pwnium help us make Chromium even more secure ," Jorge Lucángeli Obes, Google Security Engineer said. Amongst the payouts are $110,000 for the browser or s

The Syrian Electronic Army (SEA) is at it again. The hacktivist group, who are known to back Syrian President Bashar al-Assad , has hacked many high profile Qatar based websites, including the Google, Facebook, Aljazeera and Government - Military websites. Starting at about 4:25 am (GMT 5:30+), the Syrian Electronic Army shared this message on Twitter: Qatar is #down and  following that, they went about switching off government and private websites using the .qa extension. The domains are managed by Qatar's Ministry of Information and Communication (ictQatar). Apparently, the Syrian Electronic Army gained access to  Qatar Domain Registrar ( portal.registry.qa ) and modifies the DNS entires to redirects the targeted websites to servers controlled by hackers serving defacement page, that include a picture of Assad and the groups logo, as shown. The List of the targeted websites is posted on Twitter by hackers - these include: moi . gov .qa facebook .qa gov .qa vodafone .qa a

If you lose your device, Google lets you secure it instantly from afar through Android Device Manager, that let you locate and remotely wipe your phones and tablets. The latest update to Android Device Manager enables remote password locking, overrides the built-in Pattern, PIN code, Face unlock or password-based security, making sure your data doesn't fall into wrong hands. To get started, go to google.com/android/devicemanager on your computer and go through your list of devices that are connected to your Google account. I tried the process with my Samsung Galaxy S4, and it worked like a charm. Google's new feature is a very useful one for those who don't have a lock on their phone and want to make sure their data is protected. A lock request will immediately secure any device connected to Wi-Fi or a cellular network, even if it's actively being used. If a thief has turned off a phone or enabled Airplane Mode, the lock will take effect as soon as a data co

Edward Snowden , a former NSA systems analyst, have revealed the NSA's sweeping data collection of U.S. phone records and some Internet traffic and the programs target foreigners and terrorist suspects mostly overseas. According to the Constitution of all countries, capturing and reading emails or text messages without privileges is illegal . Several Asian and European countries is worried about the US spying. Today a Germany's top security official has warned, " If you are worried about the US spying on you, you need to stop using Google and Facebook. " Internet users who fear their data is being intercepted by U.S. intelligence agencies such as the National Security Agency's should stay away from American websites run through American servers, Interior Minister Hans-Peter Friedrich said. " If these reports are true, it's disgusting. The United States would be better off monitoring its secret services rather than its allies. " Head of t

The National Security Agency , part of the U.S. military reportedly has a direct line into the systems of some of the world's biggest Web and tech companies, i.e Microsoft, Google, Facebook, Skype. The NSA access is part of a previously undisclosed program called PRISM , 6-year-old program which allows officials to collect real-time information and as well as stored material including search history, the content of emails, file transfers and live chats, according to reports in the Washington Post . Project PRISM may be the first of its kind and also  GCHQ , Britain's equivalent of the NSA, also has been secretly gathering intelligence from the same internet companies through an operation set up by the NSA. Later confirmed by the White House and members of Congress as saying that the government routinely seeks information in its fight to thwart domestic and international terrorism. Other services that are reportedly part of PRISM include PalTalk, Skype, and AOL.

Google will release details of any zero-day flaws it finds in software, if the affected vendor fails to issue a patch or disclose the issue itself within a week. Now, Google is shortening that timeline a good bit to just 7 days. " Based on our experience...we believe that more urgent action within 7 days is appropriate for critical vulnerabilities under active exploitation ", wrote Google Security engineers Chris Evans and Drew Hintz in a blog post . " The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised. " Right now, companies use either responsible disclosure or full disclosure when dealing with vulnerabilities . Responsible disclosure allows a company as much time as they want to patch an exploit, and the details surrounding the bug aren't revealed to the public until a patch is issued. Full disclosure, on the other hand, means the company and th

A Google security engineer has not only discovered a Windows zero-day flaw, but has also stated that Microsoft has a knack of treating outside researchers with great hostility. Tavis Ormandy , a Google security engineer, exposed the flaw on Full Disclosure , that could be used to crash PCs or gain additional access rights. The issue is less critical than other flaws as it's not a remotely exploitable one. Ormandy said on Full Disclosure, " I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation. ". He's been working on it for months, and according to a later post, he has now a working exploit that " grants SYSTEM on all currently supported versions of Windows. "  " I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools ," Ormandy adds. Microsoft acknowledged

Google has fixed a series of serious vulnerabilities in its Chrome OS , including three high-risk bugs that could be used for code execution on vulnerable machines. Bug bounties is the cash prizes offered by open source communities to anyone who finds key software bugs have been steadily on the rise for several years now. As part of its reward program, Google paid out $31,336 to a researcher who found three of the vulnerabilities . Google's post notes : " We're pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe. " The three-bug chain credited to Weinmann exploited O3D, a JavaScript API (application programming interface) designed for crafting interactive 3-D graphics-based Web applications. The API and supporting browser plug-in were created by Google, with a preliminary ve

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks. Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at ' The Hacker News ' stand together for organizations that talk about national security in a serious way. I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organiza

Government eavesdropping and security agency GCHQ is developing new tools to sift through them for nuggets of useful data from Facebook, Twitter, LinkedIn, Google+, Pinterest. All of these are the source of valuable intelligence that the UK's intelligence agencies want to know about. During a visit to Bletchley Park, UK foreign secretary William Hague launched a 'spy drive' to recruit staff for GCHQ and other intelligence agencies, a National Cipher Challenge for schools, and a £480,000 grant to the home of WW2 code-breaking. " The work involves devising algorithms, testing them and general problem solving in the broad field of language and text processing. This pioneering research work is open to specialist in mathematical/statistics, computational linguists (eg speech recognition and/or language processing) and language engineering ." Job Description explains . " Using data-mining techniques, you will help us to find meaningful patterns and relationships in large