hacking Google account | Breaking Cybersecurity News | The Hacker News

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year. According to a report published by Google's Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with " credential phishing emails " that tried to trick victims into handing over access to their Google account. Google's TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation. The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said. These warnings u...

Google has rolled out a new feature for Android users to keep its users account more secure: Native Android Push Notification when a new device accesses your Google account. Google has already been offering email notification for newly added devices, but since people usually ignore emails, the tech giant will now send a push notification to your device screen, giving you a chance to change your password immediately before an intruder gets in. Although it's a little change, the company believes people pay four times more attention on push notifications on their devices compared to email notification. The new feature " increases transparency to the user of what actions they've performed and allows them to flag any suspicious activity they may be seeing on the device, " the company says in its official blog post . So, from now on, when a new device is added to your Google account, or, in other words, when a new device accesses your account, you will receive a ...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Less than 24 hours after Google launched the new Phishing alert extension Password Alert , a security researcher was able to bypass the feature using deadly simple exploits. On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users' account. However, security expert Paul Moore easily circumvented the technology using just seven lines of simple JavaScript code that kills phishing alerts as soon as they started to appear, defeating Google's new Password Alert extension. Google shortly fixed the issue and released a new update to Password Alert extension that blocked the Moore's exploit. However, Moore discovered another way to block the new version of Password Alert, as well. The first proof of concept exploit by Moore relied on a JavaScript that looks for instances of warning screen every five mil...

A critical cross-site scripting ( XSS ) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain. The Google Apps admin console allows administrators to manage their organization's account. Administrators can use the console to add new users, configure permissions, manage security settings and enable Google services for your domain. The feature is primarily used by many businesses, especially those using Gmail as the e-mail service for their domain. The XSS flaw allowed attackers to force the admin to do the following actions: Creating new users with "super admin" rights Disabling two-factor authentication ( 2FA ) and other security measures from existing accounts or from multiple domains Modifying domain settings so that all incoming e-mails are redirected to addresses controlled by the attacker Hijack an account/email by resett...