Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data
A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data
Stay updated on Google's info security advances, threats, and solutions. Protect your data with the latest insights from our dedicated Google security tag.
Search across headline titles and summaries.
Background for this topic.
Google is a technology company whose ecosystem includes internet services, cloud infrastructure, mobile software, browsers, and productivity platforms. In information security, the tag commonly covers vulnerabilities and security changes across these services, as well as Google’s role as an identity and data-processing provider for organizations.
Material risks include compromised Google accounts, overly permissive cloud identities or APIs, exposed stored data, and unpatched flaws in software such as Android or Chrome. Security teams should track relevant advisories, prioritize patches based on affected assets and exposure, enforce strong authentication and least-privilege access, and review logging for suspicious account or service activity. Google’s collection and processing of user, device, and organizational data also makes privacy controls, retention settings, contractual obligations, and regulatory compliance important. Its vulnerability-disclosure and threat-intelligence work can inform defensive monitoring, but does not replace asset inventory, configuration review, or tested recovery procedures.
A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data
Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox)
A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed
Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment.
Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains
File-stealing nasty in my Play store? Preposterous!!1 Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code.…
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app
Companies are starting to address AI misuse. At Google I/O, for example, executives promised its AI has safety measures.
Rewards range from $750 for certain MiTM scenarios to $30,000 for some ACE vulnerabilities
ESET malware researchers have discovered a new remote access trojan (RAT) on the Google Play Store, bundled with an Android screen recording app with 50,000 installs. [...]
Google has launched the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty program that will pay security researchers for flaws found in the company's Android applications. [...]
Also, more OEM Android malware, Google's bug reports (mostly) ditch CVEs, and this week's critical vulns in brief Google has settled another location tracking lawsuit, yet again being fined a relative pittance.…
Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two years. [...]