#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

gmail | Breaking Cybersecurity News | The Hacker News

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Nov 30, 2023 Machine Learning / Email Security
Google has revealed a new multilingual text vectorizer called  RETVec  (short for Resilient and Efficient Text Vectorizer) to  help detect  potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the  project's description  on GitHub. "The RETVec model is trained on top of a novel character encoder which can encode all UTF-8 characters and words efficiently." While huge platforms like Gmail and YouTube rely on text classification models to spot phishing attacks, inappropriate comments, and scams, threat actors are known to devise counter-strategies to bypass these defense measures. They have been observed resorting to adversarial text manipulations, which range from the use of homoglyphs to keyword stuffing to invisible characters. RETVec , which works on over 100 languages o
Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Mar 01, 2023 Encryption / Email Security
Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after  piloting the feature  in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen  said . To that end, users can send and receive emails or create meeting events within their organizations or to other external parties in a manner that's encrypted "before it reaches Google servers." The company is also making available a decrypter utility in beta for Windows to decrypt client-side encrypted files and emails exported via its Data Export tool or Google Vault. macOS and Linux versions of the decrypter are expected to be released in the future. The development follows the  rollout of CSE  to other products such as Google Drive, Docs, Slides, Sheets, and Meet. The solution, the tech behemoth said, is aim
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Feb 09, 2024Static Code Analysis
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without clear prioritization - and miss a significant portion of the attack surface altogether. The primary issue arises from the detection and prioritization methods used by traditional Static Code Analysis (SCA) tools for vulnerabilities. These methods lack the organizational-specific context needed to make an informed scoring decision: the score, even if critical, might not  actually  be critical for an organization because its infrastructure works in a unique way - affecting the actual impact the vulnerability might have.  In other words, since these tools depend on a relatively naive methodol
Google Takes Gmail Security to the Next Level with Client-Side Encryption

Google Takes Gmail Security to the Next Level with Client-Side Encryption

Dec 18, 2022 Encryption / Email Security
Google on Friday announced that its client-side encryption for Gmail is in beta for Workspace and education customers as part of its efforts to secure emails sent using the web version of the platform. The development comes at a time when concerns about online privacy and data security are at an all-time high, making it a welcome change for users who value the protection of their personal data. To that end, Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply to sign up for the beta until January 20, 2023. It's not available to personal Google Accounts. "Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers," the company  said  in a post. "Customers retain control over encryption keys and the identity service to access those keys." It is important to know that the latest safeguards offered by Gmail is different from end-to-end encryption.
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

May 26, 2020
Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020," cybersecurity firm ESET said in a report shared with The Hacker News. "We identified at least three targets: two Ministries of Foreign Affairs in Eastern Europe and a national parliament in the Caucasus region." Turla , also known as Snake, has been active for over a decade with a long history of the watering hole and spear-phishing campaigns against embassies and military organizations at least since 2004. The group's espionage platform started off as Agent.BTZ , in 2007, before it evolved to ComRAT , in addition to gaining additional capabilities to achieve persistence and to steal data from a local network. It
From Now On, Only Default Android Apps Can Access Call Log and SMS Data

From Now On, Only Default Android Apps Can Access Call Log and SMS Data

Oct 09, 2018
A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident. Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving users more control over what type of data they choose to share with each app. The changes are part of Google's Project Strobe —a "root-and-branch" review of third-party developers access to Google account and Android device data and of its idea around apps' data access. Restricted Call Log and SMS Permissions for Apps Google announced some new changes to the way permissions are approved for Android apps to prevent abuse and potential leakage of sensitive call and text log data by third-party developers. While the apps are only supposed to request permission those are required for functioning properly, any Android app can ask permission to access y
Google Redesigns Gmail – Here's a List of Amazing New Features

Google Redesigns Gmail – Here's a List of Amazing New Features

Apr 25, 2018
Google has finally been rolling out its new massively redesigned Gmail  for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail's history. This huge revamped version of the email service now offers plenty of new features such as confidential mode, offline support, email snoozing and more, to make Gmail more smarter, secure, and easier to use. In this article, I have listed details of the most significant changes that you need to know and how to use them. Give it a quick read. New 'Confidential Mode' Features For Security & Privacy Are you afraid of sending sensitive documents in an email due to fear of hacking or being forwarded? Well, now you can simply click the lock icon at the bottom of an email to enable the new Confidential Mode, which lets you add a bunch of extra layers of security (as mentioned below) to the emails of your choice. 1) Self-Destructing Emails:  This feature lets you se
Cybersecurity Resources