#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Google | Breaking Cybersecurity News | The Hacker News

Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability
Feb 25, 2017
This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10. While the Windows vulnerability has yet to be patched by the company, Google today released the details of another unpatched Windows security flaw in its browser, as Microsoft did not act within its 90-day disclosure deadline. The vulnerability (CVE-2017-0037), discovered and disclosed by Google Project Zero team's researcher Ivan Fratric, is a so-called " type confusion flaw " in a module in Microsoft Edge and Internet Explorer that potentially leads to arbitrary code exec

US Judge Ordered Google to Hand Over Emails Stored On Foreign Servers to FBI

US Judge Ordered Google to Hand Over Emails Stored On Foreign Servers to FBI
Feb 07, 2017
In this world of global mass surveillance by not the only US, but also intelligence agencies across the world, every other country wants tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in their country to keep their citizen data within boundaries. Last year, Microsoft won a case which ruled that the US government cannot force tech companies to hand over their non-US customers' data stored on servers located in other countries to the FBI or any other federal authorities. However, a new notable ruling just goes against the court judgment last year, raising concerns regarding people's privacy. A US magistrate reportedly ruled Friday that Google has to comply with FBI search warrants seeking customer emails stored on servers outside of the United States, according to RT . U.S. Magistrate Judge Thomas Rueter in Philadelphia noted that transferring emails from outside servers so FBI could read them locally as part of a domestic f

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Google becomes its own Root Certificate Authority

Google becomes its own Root Certificate Authority
Jan 28, 2017
In an effort to expand its certificate authority capabilities and build the "foundation of a more secure web," Google has finally launched its root certificate authority. In past few years, we have seen Google taking many steps to show its strong support for sites using HTTPS, like: Giving more preference to HTTPS websites in its search rankings than others. Warning users that all HTTP pages are not secure. Starting an industry-wide initiative, Certificate Transparency − an open framework to log, audit, and monitor certificates that CAs have issued. However, Google has been relying on an intermediate Certificate Authority (Google Internet Authority G2 - GIAG2) issued by a third party, with the latest suppliers being GlobalSign and GeoTrust, which manages and deploys certificates to Google's products and services. Google announced Thursday the creation of its own certified, and independent Root Certificate Authority called Google Trust Services , allowing

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Google 'Android Things' — An Operating System for the Internet of Things

Google 'Android Things' — An Operating System for the Internet of Things
Dec 21, 2016
Google announced a Developers Preview of " Android Things " — an Android-based operating system platform for smart devices and Internet of Things (IoT) products. The Android-based Internet of Things OS is designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they're already familiar with. As the Developers page of Android Things says: " If you can build an app, you can build a device ." The Android-based Internet of Things operating system is supposed to run on products like security cameras, connected speakers, and routers. Android Things is a rebranded version Google Brillo , an Android-based IoT OS that Google announced in 2015, with added tools like Android Studio, the Android Software Development Kit (SDK), Google Play Services, and Google Cloud Platform. Unlike Brillo, development on Android Things can be achieved with " the same developer tools as stan

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google
Nov 02, 2016
Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix. Microsoft criticized Google's move, saying that the public disclosure of the vulnerability — which is being exploited in the wild — before the company had time to prepare a fix, puts Windows users at "potential risk." The result? Windows Vista through current versions of Windows 10 is still vulnerable , and now everybody knows about the critical vulnerability. Now, Microsoft said that the company would be releasing a patch for the zero-day flaw on 8th November, as part of its regular round of monthly security updates. Russian Hackers are actively exploiting critical Windows kernel bug Microsoft acknowledged the vulnerability in a blog

Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable
Nov 01, 2016
Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready. Yes, the critical zero-day is unpatched and is being used by attackers in the wild. Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix. According to a blog post by Google's Threat Analysis Group, the reason behind going public is that it has seen exploits for the vulnerability in the wild and according to its internal policy , companies should patch or publicly report such bugs after seven days. Windows Zero-Day is Actively being Exploited in the Wild The zero-day is a local privilege escalation vulnerability that exists in the Windows operating system kernel. If exploited, the flaw can be used to escape the sandbox protection and execute malicious code on the compromised system.

WikiLeaks Promises to Publish Leaks on US Election, Arms Trade and Google

WikiLeaks Promises to Publish Leaks on US Election, Arms Trade and Google
Oct 04, 2016
Wikileaks completed its 10 years today, and within this timespan, the whistleblower site has published over 10 million documents, and there's more to come. In the name of celebration of its 10th Anniversary, Wikileaks promises to leak documents pertaining to Google, United States presidential election and more over the next ten weeks. Speaking by video link to an anniversary news conference at the Volksbuhne Theater in Berlin on Tuesday morning, WikiLeaks founder Julian Assange eagerly announced his plans to release a series of publications every week for the next 10 weeks. The upcoming leaks will include "significant material" related to Google, the US presidential election, military operations, arms trading and, the hot topic of past few years, mass surveillance. Assange also promised to publish all documents related to the US presidential race before the election day on November 8. "There is an enormous expectation in the United States," Assange said f

Google to Launch 'Andromeda OS' — An Android-Chrome OS Hybrid

Google to Launch 'Andromeda OS' — An Android-Chrome OS Hybrid
Sep 27, 2016
Google's long-rumored Android-Chrome hybrid operating system is expected to debut at the company's upcoming hardware event on October 4. The company has been working to merge the two OSes for roughly 3 years with a release planned for 2017, but an "early version" to show things off to the world in 2016. Android + Chrome = Andromeda The hybrid OS, currently nicknamed 'Andromeda,' could be come on a new Pixel laptop as well as Huawei Nexus tablet from Google by Q3 2017, if not sooner, according to new leaks from 9to5Google and Android Police . Andro id + Ch rome = Andromeda The laptop, officially codenamed " Bison " and nicknamed "Pixel 3," is a reference to the "Chromebook Pixel," but since this edition is not running Chrome operating system, one can not call it a "Chromebook" anymore. Andromeda is separate from the company's Fuchsia OS , which is focused on Internet-of-Thing (IoT) devices. Moreove

Android Will Alert You When A New Device Logs-in Your Google Account

Android Will Alert You When A New Device Logs-in Your Google Account
Aug 02, 2016
Google has rolled out a new feature for Android users to keep its users account more secure: Native Android Push Notification when a new device accesses your Google account. Google has already been offering email notification for newly added devices, but since people usually ignore emails, the tech giant will now send a push notification to your device screen, giving you a chance to change your password immediately before an intruder gets in. Although it's a little change, the company believes people pay four times more attention on push notifications on their devices compared to email notification. The new feature " increases transparency to the user of what actions they've performed and allows them to flag any suspicious activity they may be seeing on the device, " the company says in its official blog post . So, from now on, when a new device is added to your Google account, or, in other words, when a new device accesses your account, you will receive a

Microsoft Wins! Govt Can't Force Tech Companies to Hand Over Data Stored Overseas

Microsoft Wins! Govt Can't Force Tech Companies to Hand Over Data Stored Overseas
Jul 15, 2016
Especially after the Snowden revelations of global  mass surveillance by US intelligence agencies at home and abroad, various countries demanded tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in respective countries in order to keep their citizen data within boundaries. The US government has powers to comply US-based tech companies with the court orders to hand over their customers' data stored on servers, even if the data centers are beyond US borders. Now, the recent court decision has proven that the data centers and servers located outside the US boundaries are safe haven. The Second Circuit Court of Appeals in New York ruled Thursday that the United States government cannot force tech companies to give the FBI or other federal authorities access to their non-US customers' data stored on servers located in other countries. US Government Can't go Beyond its Boundaries to Collect Data Yes, the Stored Communicatio

Check 'My Activity' Dashboard to know how much Google knows about you

Check 'My Activity' Dashboard to know how much Google knows about you
Jun 30, 2016
It's no secret that Google knows a lot about you. The company tracks almost everything you do on the Internet, including your searches, music you listen to, videos you watch, and even the places you travel to, and it does this for targeting relevant ads to its users and better improve its service. Now the technology giant has a plan to make it easier to control all the data the company collects throughout all your different devices. Google has rolled out a new My Activity page that shows a searchable history of pretty much everything you do online, including previously visited websites, voice searches, searched things and places, watched Netflix programs, and all activities you did on each of its products. "My Activity is a central place to view and manage activity like searches you've done, websites you've visited, and videos you've watched," Google says. "Your activity is listed as individual items, starting with the most recent. These items

Google CEO Sundar Pichai's Quora Account Hacked

Google CEO Sundar Pichai's Quora Account Hacked
Jun 27, 2016
Nobody is immune to being Hacked! After hacking Mark Zuckerberg's Twitter and Pinterest accounts, Hacking group OurMine has successfully hacked the Quora account Google CEO Sundar Pichai and then cross-posted to his Twitter account. The hack became apparent when OurMine posted messages on Quora through Pichai's account, which then appeared on his official Twitter feed late Sunday night — Thanks to the two accounts being linked. All the tweets in question have since been removed from Pichai's Twitter feed. Unlike Mark Zuckerberg, the three-man team Saudi hackers group did not use password exposed by 2012 LinkedIn data breach; rather they claimed to have discovered a vulnerability in Quora, which is a Q&A community launched in 2010. The group behind OurMine claims it is "testing security" of accounts and teaching people to secure their online accounts better. "We are just testing people security (sic), we never change their passwords, we did it

Google Wins Epic Java Copyright Case Against Oracle

Google Wins Epic Java Copyright Case Against Oracle
May 27, 2016
Google has finally won six-year long $9-billion legal battle with Oracle over the use of Java APIs in Android. Oracle filed its lawsuit against Google in 2010, claiming that the company illegally used 11,500 lines of Java code in its Android operating system, violating copyrights owned by Oracle. However, a federal jury of ten people concluded Thursday that Google's use of Java constituted "Fair Use" under US copyright law and delivered a verdict in favor of Google. The case was a big deal as the court decision could have the potential to change the way future apps are written for the Android operating system that is being used by almost 80% of the world's mobile devices. Also Read:   Google 'Android N' Will Not Use Oracle's Java APIs Oracle, who owns Java, had been seeking $9 Billion in damages for the use of application programming interfaces (APIs), which govern how code communicates with other bits of code. However, Google argued that

Google to Face a Record $3.4 Billion AntiTrust Fine in Europe

Google to Face a Record $3.4 Billion AntiTrust Fine in Europe
May 16, 2016
Google faces a record anti-trust penalty of about 3 BILLION Euros (US$3.4 Billion) from the European Commission in the coming days, according to reports. After 7-years of the investigation, the European Commission filed anti-trust charges against Google last year for violating antitrust laws. The European Union accused the search engine giant that it had abused its dominance in search by unfairly prioritize and displaying its own comparison shopping service at the top of its search results at the expense of rival products. British newspaper The Sunday Telegraph reports that the European Union is currently preparing a fine of about 3 Billion Euros ($3.4 billion), which is almost triple the amount (1.06 Billion Euro) that Intel was levied several year ago over violating antitrust law. According to the newspaper's sources, the EU officials, led by Margrethe Vestager , are planning to openly announce the fine against Google as early as next month, although the exact figure

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

Google makes it mandatory for Chrome Apps to tell Users what Data they collect
Apr 19, 2016
In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser's User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google's new User Data Policy will now force app developers, who use the Chrome We

Google has also been Ordered to Unlock 9 Android Phones

Google has also been Ordered to Unlock 9 Android Phones
Mar 30, 2016
The legal battle between Apple and the FBI (Federal Bureau of Investigation) over a locked iPhone that belonged to one of the San Bernardino shooters may be over, but the Department of Justice (DoJ) are back in front of a judge with a similar request. The American Civil Liberties Union (ACLU) has discovered publicly available court documents that revealed the government has asked Google's assistance to help the Feds hack into at least nine locked Android smartphones citing the All Writs Act . Yes, Apple is not the only company facing government requests over privacy and security — Google is also in the list. The Google court documents released by the ACLU show that many federal agencies have been using the All Writs Act – the same ancient law the DoJ was invoking in the San Bernardino case to compel Apple to help the FBI in the terrorist investigation. Additionally, the ACLU also released 54 court cases in which the federal authorities asked Apple for assistance to help t

Russia Rejects Google's Appeal and Orders to Stop Pre-Installing its own Android Apps

Russia Rejects Google's Appeal and Orders to Stop Pre-Installing its own Android Apps
Mar 16, 2016
The Giant search engine Google has lost an anti-monopoly appeal in Russia against ruling related to its Android mobile OS The Moscow Arbitration Court on Monday ruled that Google had violated its dominant position with the help of its free open source mobile platform " Android " by forcing its own apps and services like Youtube, Google Map, and others, on users — reducing competition. The complaint was brought against Google last February by competing search engine Yandex — Russian Counterpart of Google — which had argued that Google broke competition rules by requiring handset manufacturers to pre-install its apps on Android phones and tablets. Yandex-1, Google-0 According to the survey conducted by Liveinternet data in September 2013, Yandex accounted 57.4% of the Russian search market, while Google shared 34.9%. This stats reflected in the share market, as their shares were 62.2 and 26 percent respectively. These statistical analyzes really worried

Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle

Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle
Feb 18, 2016
In the escalating battle between the Federal Bureau of Investigation (FBI) and Apple over iPhone encryption, former National Security Agency (NSA) contractor Edward Snowden and Google chief executive Sundar Pichai just sided with Apple's refusal to unlock iPhone . Yesterday, Apple CEO Tim Cook refused to comply with a federal court order to help the FBI unlock an iPhone owned by one of the terrorists in the mass shootings in San Bernardino , California, in December. Here's What the FBI is Demanding: The federal officials have asked Apple to make a less secure version of its iOS that can be used by the officials to brute force the 4-6 digits passcode on the dead shooter's iPhone without getting the device's data self-destructed. Cook called the court order a "chilling" demand that "would undermine the very freedoms and liberty our government is meant to protect." He argued that to help the FBI unlock the iPhone would basically

It Works! Google's Quantum Computer is '100 Million Times Faster' than a PC

It Works! Google's Quantum Computer is '100 Million Times Faster' than a PC
Dec 09, 2015
Announcing the results of its experiment, Google says Quantum Computer is More than 100 Million times faster than a regular PC. Two years ago, Google and NASA ( National Aeronautics and Space Administration ) bought a D-Wave 2X quantum computer , which they have been experimenting at the U.S. space agency's Ames Research Center in Mountain View, California for the past two years. The goal is to create a better way to solve highly complex problems in seconds rather than years. Also Read:  Fastest Operating System for Quantum Computing Developed By Researchers Now, a Google's Quantum AI team appears to have announced the results of its latest test on D-Wave 2X quantum computer, demonstrating that quantum annealing can outperform simulated annealing by over 108 times – that is 100,000,000 times faster . What is  Quantum Computers? Quantum computers can theoretically be so much faster because they take advantage of quantum mechanics. While traditiona

Google's $85 Chromebit Lets You Turn Any Monitor or TV into a Computer

Google’s $85 Chromebit Lets You Turn Any Monitor or TV into a Computer
Nov 18, 2015
Google and Asus are finally ready to release their new micro Chrome OS computer called the Chromebit — that retails at a great price, just $85. That is quite cheap for what is essentially a portable computer that you can take anywhere in your pocket. Also Read:   CHIP — The World's First $9 Computer . Announced back in March, the Chromebit is a fully featured Computer-on-a-Stick that plugs into TV or any screen and turns it into what Google calls a " full-fledged Chrome OS-based computer. " All you need to do is: Plug the Chromebit into any HDMI port Hook up the power cable, a Bluetooth keyboard and a mouse Your instant computer is ready It has a smarter clinch on the business end so that you can easily plug the Chromebit into practically any HDMI port without the need for any extension cable. Also Read:   Mouse Box — An Entire Computer inside a Mouse . Despite its low price of just $85, the Chromebit offers you a complete Chrome OS experience,
Cybersecurity Resources