Google ads push BumbleBee malware used by ransomware gangs
The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. [...]
Stay updated on Google's info security advances, threats, and solutions. Protect your data with the latest insights from our dedicated Google security tag.
Search across headline titles and summaries.
Background for this topic.
Google is a technology company whose ecosystem includes internet services, cloud infrastructure, mobile software, browsers, and productivity platforms. In information security, the tag commonly covers vulnerabilities and security changes across these services, as well as Google’s role as an identity and data-processing provider for organizations.
Material risks include compromised Google accounts, overly permissive cloud identities or APIs, exposed stored data, and unpatched flaws in software such as Android or Chrome. Security teams should track relevant advisories, prioritize patches based on affected assets and exposure, enforce strong authentication and least-privilege access, and review logging for suspicious account or service activity. Google’s collection and processing of user, device, and organizational data also makes privacy controls, retention settings, contractual obligations, and regulatory compliance important. Its vulnerability-disclosure and threat-intelligence work can inform defensive monitoring, but does not replace asset inventory, configuration review, or tested recovery procedures.
The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. [...]
Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. [...]
Google's Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine's critical infrastructure in 2023. [...]
Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year. [...]
Google Search is currently suffering a partial outage that prevents the search engine from returning search results for some people. [...]
The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company. [...]