Google shares plans for blocking third-party cookies in Chrome
Google has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative. [...]
Stay updated on Google's info security advances, threats, and solutions. Protect your data with the latest insights from our dedicated Google security tag.
Search across headline titles and summaries.
Background for this topic.
Google is a technology company whose ecosystem includes internet services, cloud infrastructure, mobile software, browsers, and productivity platforms. In information security, the tag commonly covers vulnerabilities and security changes across these services, as well as Google’s role as an identity and data-processing provider for organizations.
Material risks include compromised Google accounts, overly permissive cloud identities or APIs, exposed stored data, and unpatched flaws in software such as Android or Chrome. Security teams should track relevant advisories, prioritize patches based on affected assets and exposure, enforce strong authentication and least-privilege access, and review logging for suspicious account or service activity. Google’s collection and processing of user, device, and organizational data also makes privacy controls, retention settings, contractual obligations, and regulatory compliance important. Its vulnerability-disclosure and threat-intelligence work can inform defensive monitoring, but does not replace asset inventory, configuration review, or tested recovery procedures.
Google has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative. [...]
Hackers leveraged a medium-severity security issue now identified as CVE-2023-37580 since June 29, nearly a month before the vendor addressed it in version 8.8.15 Patch 41of the software on July 25. [...]
Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead
Zimbra Patched the Cross-Site Scripting Vulnerability on July 25A zero-day flaw in the Zimbra Collaboration email server proved to be a bonanza for hackers as four distinct threat actors exploited the bug to steal email data and user credentials, says Google. Most of the exploit activity occurred after Zimbra had posted a hotfix on July 5.
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens
A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption.…
Nitrogen serves as initial-access malware, using obfuscated Python libraries for stealth
A pair of lawsuits are part of a wider strategy to establish guardrails preventing AI-powered scams, frauds, and harassment, Google's general counsel says.
2922 projects contained at least one unique secret, including from AWS, Redis and Google
Mandiant/Google Cloud’s Jill C. Tyson and Dark Reading's Terry Sweeney on how companies can better plan and prepare for the Security and Exchange Commission’s new cybersecurity disclosure rule.
Stolen and compromised credentials continue to be the crux of major health data security incidents involving cloud environments. But stronger credential management practices and a focused approach to "least privilege engineering" would help, said Taylor Lehmann of Google Cloud.
Plus: Chocolate Factory launches second lawsuit against false DMCA takedowns Google has sued three scammers for offering a fake download of its Bard AI chatbot that contained malware capable of stealing credentials for small business' social media accounts.…
Mandiant/Google Cloud's Jill C. Tyson and Dark Reading's Terry Sweeney on how companies can better plan and prepare for the Securities and Exchange Commission's new cybersecurity disclosure rule.
You can soon right-click on any YouTube video in Microsoft Edge or Google Chrome and save the frame (capture the screenshot of the video) in the original resolution and PNG format. [...]