Mozilla follows Google in losing trust in Entrust’s TLS certificates

August 1, 2024 at 08:38AM Mozilla is set to distrust Entrust as a root certificate authority following compliance failures, and Google has already taken this step. Despite Entrust’s efforts to regain trust, both companies find the proposed plan unsatisfactory. The decision is based on a history of compliance incidents and concerns about Entrust’s ability to … Read more

Forget security – Google’s reCAPTCHA v2 is exploiting users for profit

July 24, 2024 at 02:42AM Google’s reCAPTCHA service, initially designed to enhance website security, is accused by researchers at the University of California, Irvine of gathering user information and labor. The researchers argue it is disliked by users, costly, and vulnerable to bots. They estimate the service has cost over $6.1 billion in human time … Read more

Alphabet’s reported $23B bet on Wiz fizzles out

July 23, 2024 at 10:39AM Wiz has declined Alphabet’s $23 billion takeover bid, opting instead for an IPO and aiming for $1 billion in annual recurring revenue. Regulatory concerns may have played a part, given Google’s antitrust scrutiny. The cybersecurity firm, valued at $12 billion, has raised $1.9 billion in funding and acquired Gem Security, … Read more

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

July 10, 2024 at 06:52AM Google is now offering passkeys for high-risk users to enroll in the Advanced Protection Program (APP), providing a more secure and phishing-resistant alternative to passwords. This technology, based on the FIDO Authentication standard, eliminates the need for traditional passwords and is already being used by over 400 million Google accounts. … Read more

Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

July 1, 2024 at 10:06AM Google has introduced kvmCTF, a bug bounty program for the KVM hypervisor, offering significant rewards for vulnerabilities. Participants can attempt to conduct guest-to-host attacks in a lab environment, with potential payouts including $250,000 for a full VM escape. The program aims to enhance the security of widely used virtualization technology. … Read more

Android 15 Brings Improved Fraud and Malware Protections

May 16, 2024 at 09:07AM Google announced improved security features and AI-powered protections in Android 15 to keep users safe from fraud and malware. Play Protect, scanning 200 billion apps daily, will feature live threat detection and enhanced on-device AI. Android 15 will also include tightened screen sharing controls and enhanced protections against fraud and … Read more

Android to add new anti-theft and data protection features

May 15, 2024 at 04:14PM Google is expanding anti-theft and data protection features for Android 15+ devices. New features include Theft Detection Lock to secure devices during theft attempts, Offline Device Lock to prevent unauthorized access, and Remote Lock to remotely lock stolen devices. Enhanced security measures will make stolen devices difficult to sell and … Read more

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

May 14, 2024 at 10:39AM Google has released emergency fixes for a high-severity zero-day flaw in the Chrome web browser (CVE-2024-4761) actively exploited in the wild. The vulnerability affects the V8 JavaScript and WebAssembly engine and could allow data corruption, crashes, or execution of arbitrary code. Google urges users to upgrade to Chrome version 124.0.6367.207/.208 … Read more

Google, Apple gear to raise alarm if someone tries stalking you with wireless tracking tag

May 14, 2024 at 09:45AM Google and Apple are introducing an anti-stalking feature for Android 6.0+ and iOS 17.5 to alert users if someone uses a Bluetooth tag to track them. It aims to address alleged misuse of tracking devices for stalking. Apple’s Find My network has a similar alert feature for AirTags, and the … Read more

Google Patches Second Chrome Zero-Day in One Week

May 14, 2024 at 07:40AM Google has patched a second zero-day vulnerability, CVE-2024-4761, in Chrome just days after fixing CVE-2024-4671. Both flaws were exploited in attacks, with CVE-2024-4761 described as a high-severity issue. An anonymous researcher reported the vulnerability, and an exploit for it has been developed, but its effectiveness is unknown. Eight zero-days targeted … Read more