Google

now browsing by tag

 
 

Google to #remove #apps found #violating #Accessibility Services, creating #cyber security #issues

Source: National Cyber Security – Produced By Gregory Evans

To better help users with disabilities, Android has a set of Accessibility Services that developers can use to improve their applications.

Google has warned app developers not to use its Accessibility Services – designed for users with disabilities – for other purposes that may create security issues, adding that it will remove such apps from its Play Store. To better help users with disabilities, Android has a set of Accessibility Services that developers can use to improve their applications.

“Google is most likely cracking down on Accessibility Services use due to security reasons. While applications like LastPass use the available APIs to identify password fields in other apps, this level of access can be used maliciously,” tech portal Android Police reported on Monday.

Google has sent an email to developers, stating that “unless developers can describe how the app properly uses the Accessibility Services to help users who are disabled, it will need to remove all requests for accessibility services or it will be taken off of the Play Store”, 9to5Google reported.

Apps like LastPass, Universal Copy, Clipboard Actions, Cerberus, Tasker and Network Monitor Mini use Accessibility Services.
The new directive could have major ramifications for several apps, especially those intended for customisation or power users.

“All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts,” Google said.

The post Google to #remove #apps found #violating #Accessibility Services, creating #cyber security #issues appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches

Source: National Cyber Security – Produced By Gregory Evans

Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect.

Hardly a week goes by without a new data breach being discovered, exposing victims to account hijacking if they used the same username and password on multiple online accounts.

While data breaches are bad news for internet users, Google’s study finds that phishing is a much more dangerous threat to its users in terms of account hijacking.

In partnership with the University of California Berkeley, Google pointed its web crawlers at public hacker forums and paste sites to look for potential credential leaks. They also accessed several private hacker forums.

The blackhat search turned up 1.9 billion credentials exposed by data breaches affecting users of MySpace, Adobe, LinkedIn, Dropbox and several dating sites. The vast majority of the credentials found were being traded on private forums.

Despite the huge numbers, only seven percent of credentials exposed in data breaches match the password currently being used by its billion Gmail users, whereas a quarter of 3.8 million credentials exposed in phishing attacks match the current Google password.

The study finds that victims of phishing are 400 times more likely to have their account hijacked than a random Google user, a figure that falls to 10 times for victims of a data breach. The difference is due to the type of information that so-called phishing kits collect.

Phishing kits contain prepackaged fake login pages for popular and valuable sites, such as Gmail, Yahoo, Hotmail, and online banking. They’re often uploaded to compromised websites, and automatically email captured credentials to the attacker’s account.

Phishing kits enable a higher rate of account hijacking because they capture the same details that Google uses in its risk assessment when users login, such as victim’s geolocation, secret questions, phone numbers, and device identifiers.

The researchers find that 83 percent of 10,000 phishing kits collect victims’ geolocation, while 18 percent collect phone numbers. By comparison, fewer than 0.1 percent of keyloggers collect phone details and secret questions.

The study finds that 41 percent of phishing kit users are from Nigeria based on the geolocation of the last sign-in to a Gmail account used to receive stolen credentials. The next biggest group is US phishing-kit users, who account for 11 percent.

Interestingly, the researchers found that 72 percent of the phishing kits use a Gmail account to send captured credentials to the attacker. By comparison, only 6.8 percent used Yahoo, the second most popular service for phishing-kit operators. The phishing kits sent were sending 234,887 potentially valid credentials every week.

Gmail users also represent the largest group of phishing victims, accounting for 27 percent of the total in the study. Yahoo phishing victims follow at 12 percent. However, Yahoo and Hotmail users are the largest group of leaked credential victims, both representing 19 percent, followed by Gmail at 12 percent.

They also found most victims of phishing were from the US, whereas most victims of keyloggers were from Brazil.

The researchers note that two-factor authentication can mitigate the threat of phishing, but acknowledges that ease of use is an obstacle to adoption.

The post Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

GOOGLE ALERTS PRO-DEMOCRACY CANDIDATES OF HACKING ATTEMPTS

Source: National Cyber Security – Produced By Gregory Evans

Activist and pro-democrat Jason Chao said that he, along with other pro-democrat election candidates, received notifications from social media, email, and instant messaging service providers, including an alert from Google, about unauthorized login attempts. In a press conference Chao held yesterday, the activist lamented that Google warned them that “government…

The post GOOGLE ALERTS PRO-DEMOCRACY CANDIDATES OF HACKING ATTEMPTS appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Slipped Malware Into The Google Play Store

Source: National Cyber Security – Produced By Gregory Evans

Six cybersecurity firms came together today to announce that they successfully took down a network of apps that turned Android smartphones into cyber weapons. Mashable reports that the malware, called WireX, was hidden in about 300 apps available for download in the Google Play Store. While they appeared to be…

The post Hackers Slipped Malware Into The Google Play Store appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google will push users to abandon SMS two-step verification to avoid security risks

Source: National Cyber Security – Produced By Gregory Evans

Google Inc. is pushing users to switch from messaging-based two-step login verification to a phone-based service instead as a way to bypass the security risks of Simple Messaging Service authentication services. Beginning this week, Google will invite users of its existing so-called SMS 2-SV service to use a different login…

The post Google will push users to abandon SMS two-step verification to avoid security risks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google Bolsters Security Features in WebView for Android

Source: National Cyber Security – Produced By Gregory Evans

Google has added a couple of security updates to the WebView feature in Android for displaying web content inside a mobile application. The updates are designed to better protect mobile applications from browser-borne threats and will become available in the WebView that is integrated with Android O, the next version…

The post Google Bolsters Security Features in WebView for Android appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google will pay hackers $200,000 for finding bug in Android

Source: National Cyber Security – Produced By Gregory Evans

Google will pay hackers $200,000 for finding bug in Android

Alphabet’s Google will start paying hackers up to $200,000 who report vulnerabilities in its mobile operating system Android. Android is known for its poor security issues, especially with the older versions of the OS. Although, the latest build of Android are vastly secure than what Google was putting out on…

The post Google will pay hackers $200,000 for finding bug in Android appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

INTERNET GIANTS DUPED Google and Facebook lose ‘£77million after falling for phishing scam sending cash to Lithuanian conman’

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ GOOGLE and Facebook have admitted they were conned out of an alleged $100million (£77million) in a phishing scam. The two world’s biggest companies fell victim after a Lithuanian man allegedly tricked …

The post INTERNET GIANTS DUPED Google and Facebook lose ‘£77million after falling for phishing scam sending cash to Lithuanian conman’ appeared first on Become007.com.

View full post on Become007.com

Google Researcher Reveals Flaw In Android And iOS That Can Be Hacked Via Wi-Fi

Source: National Cyber Security – Produced By Gregory Evans

No software is 100 percent watertight. A serious bug can pop up anytime that will leave your devices vulnerable. Just like what a Google Project Zero researcher has discovered. Gal Beniamini found a serious security flaw in Wi-Fi chipsets of …

The post Google Researcher Reveals Flaw In Android And iOS That Can Be Hacked Via Wi-Fi appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google patches Chrome bug from fizzled Pwn2Own hack

Google yesterday updated Chrome to patch several vulnerabilities, including a bug in the browser’s JavaScript engine that a Chinese team tried to exploit at a recent hacking contest. The update to version 57.0.2987.133 contained fixes for five vulnerabilities, one marked … View full post on National Cyber Security Ventures