Google to Drop Trust For WoSign in September
Google has finalized its plan to remove trust in Chrome for all certificates issued by Chines CA WoSign, a result of the certificate authority run afoul of the intricate rules that govern CAs. As far back as 2015, officials began noticing certificates issued by WoSign that had one or more problems and violated rules established […]
Google Adds New Anti-Phishing Feature to G Suite
Google is rolling out a new security feature for enterprises customers of its G Suite hosted apps that allows administrators to choose exactly which apps have access to user data. The feature is designed as a barrier against phishing attacks, many of which try to fool or confuse users into giving attackers access to sensitive […]
Android Trojan That Can Inject Code, Root Devices, Removed From Play Store
Researchers have discovered a new Android trojan in the Google Play app store that has the ability to root devices and can inject malicious code into system runtime libraries. The Dvmap trojan is thought to be the first such piece of malware that’s capable of injecting code into system libraries at runtime, and researchers at […]
Google Play Protect Adds App Scanning to Android
Google is introducing a new system that scans all of the apps on Android devices continuously, looking for unwanted behavior, malware, and other problems. The new Play Protect framework is Google’s latest attempt to shore up the security of the Android ecosystem. Any apps that are in the Play store already are subject to a […]
Google to Streamline Android Update Process
For a decade, Android users have had to rely on a byzantine update process involving Google, device manufacturers, and carriers in order to get security patches and new versions of the operating system. Google is now trying to streamline this process and get updates into users’ hands more quickly through a plan called Project Treble. […]
Google Working on Fix for Android Permission Weakness
Google is planning to fix a weakness in some versions of Android that enables malicious apps to take advantage of a special permission in the operating system to install ransomware, show malicious ads, or tae other unwanted actions. The permission was introduced in Android 6.0 and it can allow an app to be displayed on […]
Chrome Will Label More HTTP Pages Insecure
Google is continuing its assault on the unencrypted web, with a change coming to Chrome later this year that will mark any HTTP page on which a user enters data as “not secure”. In January, Google released Chrome 56, the first version of the browser that included a warning for pages that send confidential data […]
Google Patches Unicode Domain Phishing Bug in Chrome
Google has patched a dangerous issue in Chrome that enabled attackers to spoof legitimate domains in the browser by using unicode characters rather than normal ones. That vulnerability is the result of the way that Chrome handles some unicode characters and it’s not necessarily a new issue. Security experts have known about the underlying problem […]
Unicode Domain Phishing Attack Resurfaces
Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies on the fact that the […]