Google paid $12 million in bug bounties last year to security researchers
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024.
cyberveille.decio.ch
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.
Cybercrime: A Multifaceted National Security Threat
Google Threat Intelligence Group discusses the current state of cybercrime, and why it must be considered a national security threat.
Google launches customizable Web Store for Enterprise extensions
Google has officially launched its Chrome Web Store for Enterprises, allowing organizations to create a curated list of extensions that can be installed in employees' web browsers.
Malicious extensions circumvent Google’s remote code ban
This blog post looks into how 62 malicious extensions circumvent Google’s restrictions of remote code execution in extensions. One group of extensions is associated with the company Phoenix Invicta, another with Technosense Media. The largest group around Sweet VPN hasn’t been attributed yet.
'AI mafia' gang bombards London restaurant with scathing fake Google reviews to extort £10,000
A shell-shocked owner woke to find a barrage of one-star reviews had dragged her Google rating from 4.9 to 2.3 virtually overnight.
Google Calendar Notifications Bypassing Email Security Policies
Google Calendar is a tool for organizing schedules and managing time, designed to assist individuals and businesses in planning their days efficiently.
How to Lose a Fortune with Just One Bad Click
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from…
On These Apps, the Dark Promise of Mothers Sexually Abusing Children
Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock
The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.
ClickFix tactic: The Phantom Meet
Analyse the ClickFix tactic and related campaigns. Uncover a ClickFix campaign impersonating Google Meet and cybercrime infrastructure.
New Google Project Aims to Become Global Clearinghouse for Scam, Fraud Data
Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.
Europe’s privacy watchdog probes Google over data used for AI training
Meta and X have already paused some AI training over same set of concerns.
Fake Google Authenticator Website Installs Malware
See how adversaries are impersonating Google Authenticator in Google Ads to deliver the DeerStealer information-stealing malware.
Google fixes Android kernel zero-day exploited in targeted attacks
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.
Google ads push fake Google Authenticator site installing malware
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.
Google Leak Reveals Thousands of Privacy Incidents
An internal Google database obtained by 404 Media shows Google recording childrens' voices, saving license plates from Street View, and many other self-reported incidents, large and small.
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
- On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
Google ads lead to major malvertising campaign
Scammers go mainstream by hijacking top Google searches and replacing them with malicious ads.
An update on the threat landscape
Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service providers need it to function and individuals need to communicate safely. Google’s Threat Analysis Group (TAG) has been working around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information.
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.
An Anonymous Source Shared Thousands of Leaked Google Search API Documents with Me; Everyone in SEO Should See Them
On Sunday, May 5th, I received an email from a person claiming to have access to a massive leak of API documentation from inside Google’s Search division.
Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data
Discover how SMS scammers are exploiting cloud storage to host scam websites with the intention of stealing sensitive information
Google shares update on passkeys and new ways to protect accounts
For World Password Day, we’re sharing updates to passkeys across our products and sharing more ways we’re keeping people safe online.
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
APT44 is a threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations.
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
- On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
Google ads lead to major malvertising campaign
Scammers go mainstream by hijacking top Google searches and replacing them with malicious ads.
An update on the threat landscape
Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service providers need it to function and individuals need to communicate safely. Google’s Threat Analysis Group (TAG) has been working around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information.
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.