Blog

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Actualités
Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data from Disney's internal Slack messaging channels. The breach exposed
Read More

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Actualités
Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized if guest registration is enabled, which is the default configuration for Traccar 5, Horizon3.ai
Read More

New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards

Actualités
Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia. The malware "has
Read More

New Linux Malware ‘sedexp’ Hides Credit Card Skimmers Using Udev Rules

Actualités
Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team. "This advanced threat, active since 2022, hides
Read More

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures

Actualités
Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said the probe was focused on a lack of content moderation on the instant messaging service, which the
Read More

Private AI For All: Our End-To-End Approach to AI Privacy on Android (Google Online Security Blog)

Actualités
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy, and Giles Hogben, Senior Director, Privacy Engineering, Android Your smartphone holds a lot of your personal information to help you get things done every day. On Android, we are seamlessly integrating the latest artificial intelligence (AI) capabilities, like Gemini as a trusted assistant – capable of handling life's essential tasks. As such, ensuring your privacy and security on Android is paramount. As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles. We’ve always safeguarded your data with an integrated stack of world-class secure infrastructure and technology, delivering…
Read More

Post-Quantum Cryptography: Standards and Progress (Google Online Security Blog)

Actualités, Sécurité
Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures. In progress since 2016, this achievement represents a major milestone towards standards development that will keep information on the Internet secure and confidential for many years to come. Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards. You can also read more about PQC and Google's role in the standardization process in this 2022 post from Cloud CISO Phil Venables. What is PQC? Encryption is central to keeping information…
Read More

Private AI For All: Our End-To-End Approach to AI Privacy on Android (Google Online Security Blog)

Actualités, Sécurité
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy, and Giles Hogben, Senior Director, Privacy Engineering, Android Your smartphone holds a lot of your personal information to help you get things done every day. On Android, we are seamlessly integrating the latest artificial intelligence (AI) capabilities, like Gemini as a trusted assistant – capable of handling life's essential tasks. As such, ensuring your privacy and security on Android is paramount. As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles. We’ve always safeguarded your data with an integrated stack of world-class secure infrastructure and technology, delivering…
Read More

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Actualités
Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic
Read More

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

Actualités
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to
Read More