#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Google | Breaking Cybersecurity News | The Hacker News

Google fined $57 million by France for lack of transparency and consent

Google fined $57 million by France for lack of transparency and consent
Jan 21, 2019
The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data Protection Commission) said in a press release issued today. The fine was imposed following the latest CNIL investigation into Google after receiving complaints against the company in May 2018 by two non-profit organizations—None Of Your Business (NOYB) and La Quadrature du Net (LQDN). Why Has Google Been Fined? According to the CNIL, Google has been found violating two core privacy rules of the GDPR—Transparency, and Consent. First, the search engine giant makes it too difficult for users to find essential information, like the "data-processing purposes, the data storag

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Dec 10, 2018
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private information on 52.5 million users, including their name, email address, occupation, and age. The vulnerable API in question is called "People: get" that has been designed to let developers request basic information associated with a user profile. However, software update in November introduced the bug in the Google+ People API that allowed apps to view users' information even if a user profile was set to not-public. Google engineers discovered the security issue during standard testing procedures and addressed it within a week of the issue being introduced. The company said

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation

FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation
Nov 28, 2018
Google, the FBI, ad-fraud fighting company WhiteOps and a collection of cyber security companies worked together to shut down one of the largest and most sophisticated digital ad-fraud schemes that infected over 1.7 million computers to generate fake clicks used to defraud online advertisers for years and made tens of millions of dollars in revenue. Dubbed 3ve (pronounced "Eve"), the online ad-fraud campaign is believed to have been active since at least 2014, but its fraudulent activity grew last year, turning it into a large-scale business and earning their operators more than $30 million in profit. Meanwhile, the United States Department of Justice (DoJ) also unsealed Tuesday a 13-count indictment against 8 people from Russia, Kazakhstan, and Ukraine who allegedly ran this massive online advertising scheme. The 3ve botnet scheme deployed different tactics, such as creating their own botnets, creating fake versions of both websites and visitors, selling fraudulent

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Google Will Charge Android Phone Makers to Use Its Apps In Europe

Google Will Charge Android Phone Makers to Use Its Apps In Europe
Oct 17, 2018
Would you prefer purchasing an Android device that doesn't have any apps or services from Google? No Google Maps, No Gmail, No YouTube! And NOT even the Google Play Store—from where you could have installed any Android apps you want Because if you live in Europe, from now on, you have to spend some extra cash on a smartphone with built-in Google services, which were otherwise until now freely available and already included in the cost of your smartphone. For the very first time, Google has announced its plans to charge a fee to European Android phone manufacturers who want to include a free version of Google apps on their Android handsets. In short, Android phone makers will now have to pay Google for installing the Play store, Gmail, YouTube, Maps, and Chrome, that are usually considered to be core parts of the Android operating system, but are actually Google services. "Since the pre-installation of Google Search and Chrome together with our other apps helped us

From Now On, Only Default Android Apps Can Access Call Log and SMS Data

From Now On, Only Default Android Apps Can Access Call Log and SMS Data
Oct 09, 2018
A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident. Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving users more control over what type of data they choose to share with each app. The changes are part of Google's Project Strobe —a "root-and-branch" review of third-party developers access to Google account and Android device data and of its idea around apps' data access. Restricted Call Log and SMS Permissions for Apps Google announced some new changes to the way permissions are approved for Android apps to prevent abuse and potential leakage of sensitive call and text log data by third-party developers. While the apps are only supposed to request permission those are required for functioning properly, any Android app can ask permission to access y

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
Oct 08, 2018
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information. Since Google+ servers do not keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability. However, Google assured its users that the company found no evidence that any developer was aware of this bug, or that the profile data was misused by any of the 438 developers that could have had access. "However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,00

Google 'Titan Security Key' Is Now On Sale For $50

Google 'Titan Security Key' Is Now On Sale For $50
Aug 31, 2018
Google just made its Titan Security Key available on its store for $50. First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication (2FA) for online accounts with the highest level of protection against phishing attacks. Google's Titan Security Key is now widely available in the United States, with a full kit available for $50, which includes: USB security key, Bluetooth security key, USB-C to USB-A adapter, USB-C to USB-A connecting cable. What Is Google Titan Security Key? Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level. It adds an extra layer of authentication to an account on top of your password, and users can quickly log into their acc

Google Sued Over Misleading Users About Location Tracking Feature

Google Sued Over Misleading Users About Location Tracking Feature
Aug 21, 2018
Google was in the news last week for a misleading claim that "with Location History off, the places you go are no longer stored," which is not true. Now, the search engine giant is once again in the news after a San Diego man has filed the first lawsuit against Google over this issue. Last week, the Associated Press investigation revealed that the search engine giant tracks movements of millions of iPhone and Android device users, even if they have disabled the "Location History" setting to prevent it. However, it turned out that to fully opt-out of having your location activities stored by Google, you also have to disable the 'Web and App Activity' control as well, about which the company has mentioned deep into its product documentation. In response to the AP investigation, Google defended itself by saying, "there are a number of different ways that Google may use location to improve people's experience," and that "we provide c

Google Bans Cryptocurrency Mining Android Apps From the Play Store

Google Bans Cryptocurrency Mining Android Apps From the Play Store
Jul 27, 2018
Following Apple's lead in banning cryptocurrency mining apps , Google has also updated its Play Store policy this week to ban apps that mine cryptocurrencies on users' devices in the background. However, there are countless cryptocurrency mining apps, including MinerGate, AA Miner, NeoNeonMiner, and Crypto Miner, still available on the Play Store. Cryptocurrency mining is not a new concept, but the technology has recently been abused in the past year after hackers found it a great way to make millions of dollars by hijacking PCs to secretly mine cryptocurrency in the background without their users' knowledge or consent. Due to this practice, cryptocurrency mining has emerged as one of the biggest threats , raising negative sentiments towards this alternative revenue scheme, and big tech giants like Apple and Google took strict measures to put restrictions on such apps. Over a month ago, Apple updated its App Store guidelines to ban cryptocurrency mining apps and

EU Fines Google Record $5 Billion in Android Antitrust Case

EU Fines Google Record $5 Billion in Android Antitrust Case
Jul 18, 2018
Google has been hit by a record-breaking $5 billion antitrust fine by the European Union regulators for abusing the dominance of its Android mobile operating system and thwarting competitors. That's the largest ever antitrust penalty. Though Android is an open-source and free operating system, device manufacturers still have to obtain a license, with certain conditions, from Google to integrate its Play Store service within their smartphones. The European Commission levied the fine Wednesday, saying that Google has broken the law by forcing Android smartphone manufacturers to pre-install its own mobile apps and services, like Google Search, Chrome, YouTube, and Gmail, as a condition for licensing. This tactic eventually gives Google's app and services an unfair preference over other rival services, preventing rivals from innovating and competing, which is "illegal under EU antitrust rules." Google's Android operating system runs on more than 80 percen

Reminder—Third Party Gmail Apps Can Read Your Emails, "Allow" Carefully!

Reminder—Third Party Gmail Apps Can Read Your Emails, "Allow" Carefully!
Jul 03, 2018
Reminder—If you've forgotten about any Google app after using it once a few years ago, be careful, it may still have access to your private emails. When it comes to privacy on social media, we usually point fingers at Facebook for enabling third-party app developers to access users personal information—even with users' consent. But Facebook is not alone. Google also has a ton of information about you and this massive pool of data can be accessed by third-party apps you connect to, using its single sign-on service. Though Google has much stricter privacy policies about what developers can do with your data, the company still enables them to ask for complete access of your Google account, including the content of your emails and contacts. The entire Facebook's  Cambridge Analytica privacy saga highlights how crucial it is to keep track of the apps you have connected to your social media accounts and permitted to access your data. Last year, Google itself prom

Google Home and Chromecast DOWN? Reboot them to Fix the Glitch

Google Home and Chromecast DOWN? Reboot them to Fix the Glitch
Jun 28, 2018
If your Google Home, Home Mini and/or Google Chromecast streaming stick were not working properly, you are not alone. Google Home, Home Mini, and Chromecast were down globally for many users for several hours, leaving a lot of people with trouble watching TV, controlling smart home gadgets, and listening to music. Yesterday, hundreds of Chromecasts and Home users began complaining about their devices not working properly on both the official "Made by Google" Twitter account and Down Detector. Later, Google confirmed that its Home and Chromecast across the world went down due to an unspecified "issue," and that the company was investigating the issue and working on a solution, but did not provide any kind of explanation about the glitch. The issue appears to be affecting devices that work using Google's Home technology, which is a smart ecosystem that allows users to stream content to devices. "Bug confirmed... We use Chromecast in all our conf

Google Solves Update Issue for Android Apps Installed from Unknown Sources

Google Solves Update Issue for Android Apps Installed from Unknown Sources
Jun 21, 2018
If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store. For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does not recognize them as Play Store apps and they do not show up in your Google account app list as well. Late last year, Google announced its plan to set up an automated mechanism to verify the authenticity of an app by adding a small amount of security metadata on top of each Android application package (in the APK Signing Block) distributed by its Play Store. This metadata is like a digital signature that would help your Android device to verify if the origin of an app you have installed from a third-party source is a Play Store app and have not been tempered, for example, a virus is not attached to it. From early 2018, Google has already started implementing this mechanism, which doesn

Google Blocks Chrome Extension Installations From 3rd-Party Sites

Google Blocks Chrome Extension Installations From 3rd-Party Sites
Jun 12, 2018
You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome extensions on all platforms. Google announced today in its Chromium blog that by the end of this year, its Chrome browser will no longer support the installation of extensions from outside the Web Store in an effort to protect its users from shady browser extensions. "We continue to receive large volumes of complaints from users about unwanted extensions causing their Chrome experience to change unexpectedly — and the majority of these complaints are attributed to confusing or deceptive uses of inline installation on websites," says ​James Wagner, Google's extensions platform product manager. Google's browser extensions crackdown will take place in three ph

Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly

Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly
May 11, 2018
Security of Android devices has been a nightmare since its inception, and the biggest reason being is that users don't receive latest security patch updates regularly. Precisely, it's your device manufacturer (Android OEMs) actually who takes time to roll out security patches for your devices and sometimes, even has been caught lying about security updates , telling customers that their smartphones are running the latest updates. Since Google did not have direct control over the OEM branded firmware running on billions of devices, it brought some significant changes to the Android system architecture last year with Project Treble gain more control over the update process. Although Google and device manufacturers have made some progress in the past year, the problem with the security update remains because of OEMs not delivering all patches regularly and on a timely basis, leaving parts of the Android ecosystem exposed to hackers. But here's good news—starting wi

Google Redesigns Gmail – Here's a List of Amazing New Features

Google Redesigns Gmail – Here's a List of Amazing New Features
Apr 25, 2018
Google has finally been rolling out its new massively redesigned Gmail  for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail's history. This huge revamped version of the email service now offers plenty of new features such as confidential mode, offline support, email snoozing and more, to make Gmail more smarter, secure, and easier to use. In this article, I have listed details of the most significant changes that you need to know and how to use them. Give it a quick read. New 'Confidential Mode' Features For Security & Privacy Are you afraid of sending sensitive documents in an email due to fear of hacking or being forwarded? Well, now you can simply click the lock icon at the bottom of an email to enable the new Confidential Mode, which lets you add a bunch of extra layers of security (as mentioned below) to the emails of your choice. 1) Self-Destructing Emails:  This feature lets you se

Gmail for iOS Adds Anti-Phishing Feature that Warns of Suspicious Links

Gmail for iOS Adds Anti-Phishing Feature that Warns of Suspicious Links
Aug 14, 2017
Phishing — is an older style of cyber-attack but remains one of the most common and efficient attack vectors for attackers, as a majority of banking malware and various ransomware attacks begin with a user clicking on a malicious link or opening a dangerous attachment in an email. Phishing has evolved than ever before in the past few years – which is why it remains one of those threats that we have been combating for many years. We have seen phishing campaigns that are so convincing and effective that even tech-savvy people can be tricked into giving away their credentials to hackers. And some that are " almost impossible to detect " and used to trick even the most careful users on the Internet. To help combat this issue, Google has introduced a security defence for it's over a billion users that will help users weed out phishing emails from their Gmail inbox. Google has rolled out new anti-phishing security checks for its Gmail app for iPhone users that will

Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users

Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users
Aug 03, 2017
From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business model—instead of investing, spammers have started a new wave of phishing attacks aimed at hijacking popular browser extensions. Just two days ago, we reported how cyber criminals managed to compromise the Chrome Web Store account of a German developer team and hijacked Copyfish extension , and then modified it with ad-injection capabilities to distribute spam correspondence to users. Now just yesterday, another popular Chrome extension ' Web Developer ' was hijacked by some unknown attackers, who updated the software to directly inject advertisements into the web browser of over its 1 million users. Chris Pederick , the creator of Web Developer Chrome extension that offers various w

How Hackers Cash Out Thousands of Bitcoins Received in Ransomware Attacks

How Hackers Cash Out Thousands of Bitcoins Received in Ransomware Attacks
Jul 28, 2017
Digital currencies have emerged as a favourite tool for hackers and cyber criminals, as digital currency transactions are nearly anonymous, allowing cyber criminals to use it in underground markets for illegal trading, and to receive thousands of dollars in ransomware attacks— WannaCry , Petya , LeakerLocker , Locky and Cerber to name a few. Also, every other day we hear about some incidents of hacking of crypto currency exchange or digital wallets, in which hackers stole millions of dollars in Bitcoin or Ethereum. The latest back-to-back series of thefts of Ethereum —one of the most popular and increasingly valuable cryptocurrencies—in which around half a billion dollars in total were stolen is the recent example of how much hackers are after crypto currencies. It's obvious that after ripping off hundreds of thousands of cryptocurrencies from exchanges, wallets and ransomware victims, cyber criminals would not hold them in just digital form—the next step is to cash the
Cybersecurity Resources