Category: Google

As ransomware attacks become increasingly sophisticated, hackers are now targeting not just application servers but also their backup systems. This strategy is designed to prevent victims from recovering their data without paying a ransom, maximizing the attackers’ leverage.

In response to these evolving threats, Google is bolstering its cloud services with a new backup storage solution that promises to protect against ransomware. This innovative feature will ensure that backed-up data remains secure and immutable, effectively preventing unauthorized changes or deletions that could otherwise result in significant losses.

Google Cloud Backup and Disaster Recovery (DR) is set to introduce this advanced feature, which not only helps users combat ransomware but also offers substantial financial protection. This development is crucial for businesses that need to safeguard their information from potential extortion and data breaches.

Backup systems are essential when production servers fail for any reason, providing data continuity to keep operations running smoothly. However, if ransomware spreads to backup systems and corrupts them, it can render them useless.

Google’s new Backup Vault feature addresses this issue by offering robust protection against malware. This feature ensures that ransomware cannot alter or delete the stored data, nor can it copy the data to external resources.

Reports indicate that the Backup Vault has been developed as a separate tool by Alphabet Inc.’s subsidiary, Google Cloud, and operates independently from the main Google Cloud Project. This tool provides layered protection through backup immutability and indelibility, safeguarding critical assets including Compute Engine Virtual Machines, VMware Engine VMs, Oracle Databases, and SQL Server databases.

The post Google Enhances Cloud Security with New Ransomware resistant Backup Vault appeared first on Cybersecurity Insiders.

Google, the dominant force in web search, retains your search history whether you approve or not. Many users question the effectiveness of privacy tools like the Anonymous browser, which may not completely erase your browsing activity once the browser is closed.

For those concerned about privacy, here are some search engine alternatives to Google that can meet most of your online needs:

DuckDuckGo: This search engine is a strong alternative to Google, as it does not track users or build profiles based on their search history. For enhanced privacy features, DuckDuckGo offers a premium service called Privacy Pro, available for $10.

Microsoft Bing: Ideal for users who appreciate high-quality visual content, Bing excels in delivering striking images and videos. Recently, Microsoft has integrated AI technology into Bing, featuring the Copilot AI virtual assistant. Microsoft Bing collects limited metadata about users, offering a degree of privacy.

Yahoo: Once a pioneer in the search engine industry, Yahoo now provides valuable business and finance news through its Yahoo Finance section. Although it was overshadowed by Google’s rise, Yahoo still serves as a useful resource- sans not like the one observed in the golden era of Marissa Mayer regime. However, data privacy details are somewhat unclear.

AOL Search: Contrary to popular belief, AOL search engine is still operational and functions independently of Yahoo. It does not store search history on its servers and avoids including offensive content, even if it is trending.

Despite these alternatives, Google remains a leading choice for staying updated with the latest information and trends- all thanks to its Android powered smart phones. However, it has faced criticism for its monopoly and the filtering of content under the guise of national security and other concerns.

The post Alternative search engines to Google for achieving data privacy appeared first on Cybersecurity Insiders.

In episode 14 of "The AI Fix", Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to already have a fully-working copy of the computer game Doom. Graham learns how to escape from a police sniffer elephant, an AI-generates a smell with no odour, and Mark explains why the world's best LLMs think there are two Rs in "strawberry". All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

Google, the prominent American technology conglomerate, has recently issued a significant warning to users of Safari and Chrome browsers. This alert concerns a newly discovered spyware that has been disseminated by Intellexa, a software company based in Cyprus. Notably, Intellexa has recently faced a ban imposed by the U.S. government due to its misuse of surveillance technology.

Intellexa‘s ban marks it as the second company to face such a sanction, following the NSO Group, which developed the infamous Pegasus spyware. Both companies have been prohibited from operating in several countries, including Ireland, Vietnam, and the United States.

According to information obtained by Cybersecurity Insiders, Intellexa’s spyware has been actively employed for espionage on Android and iOS devices over the past nine months. The discovery of this spyware was made by Google’s Threat Analysis Group (TAG), which uncovered that the spyware was exploiting vulnerabilities in both Chrome and Safari browsers.

The attacks were traced back to Cozy Bear aka APT29, a group funded by the Kremlin. TAG’s analysis revealed that the attacks were carried out through a series of watering hole attacks targeting websites managed by Mongolian government entities between November 2023 and July 2024.

For context, the NSO Group’s Pegasus spyware gained notoriety for its role in high-profile surveillance cases, including its use by a Saudi prince to spy on Amazon founder Jeff Bezos. This incident, which involved the installation of spyware on Bezos’s smartphone to monitor his personal communications with his then-girlfriend, Lauren Sanchez, received widespread media attention. The fallout from this revelation was substantial, contributing to the publicized divorce between Bezos and his former wife, MacKenzie Scott.

As the situation develops, it remains to be seen what further implications Intellexa’s spyware might have. The unfolding details of this latest threat will likely be crucial in understanding its potential impact and the broader cybersecurity landscape.

The post Google issues warning on Russian Cyber Attack on Safari and Chrome browsers appeared first on Cybersecurity Insiders.

Google to Revise One-Time Password (OTP) Process

Google is set to introduce new rules for handling One-Time Passwords (OTPs) on Android devices. Starting soon, OTPs will be processed by Google’s spam filters with a delay of 20 seconds before reaching users. This move aims to enhance security by reducing the risk of OTP interception by fraudsters. Additionally, Google plans to remove fake or low-quality mobile applications from its Play Store to combat malware. These changes will initially affect users in India, Australia, Canada, parts of the United States, and Britain, with a broader rollout expected in the future.

WhatsApp to Introduce Usernames and PINs

WhatsApp, a subsidiary of Meta Inc., is preparing to replace mobile phone numbers with usernames and PINs for account access. This update, currently in beta testing in Singapore, Australia, and Canada, will soon be available globally. Initially, the feature will be rolled out to Apple iOS users, with plans to extend to other platforms later.

FBI and CISA Issue Joint Alert on RansomHUB

The FBI and CISA have issued a joint alert concerning RansomHUB, a ransomware group that has targeted approximately 200 companies in the past six months. Known also as Cyclops or Knight, the group is expanding its operations by incorporating members from other ransomware organizations such as BlackCat and Lockbit. Businesses are urged to strengthen their cybersecurity measures to protect against these evolving threats.

Radware Predicts Surge in DDoS Attacks

Radware has forecasted a dramatic increase in DDoS attacks, predicting 1,000 to 2,000 attacks per month for the remainder of 2024. This surge is expected to create public fear and political instability, potentially influencing the upcoming U.S. elections on November 5th, 2024. The rise in AI-driven cyber-attacks is anticipated to have significant political and social ramifications.

Rhysida Ransomware Data Still Usable, Claims Security Expert

In July 2024, the Rhysida Ransomware group announced it had stolen data from Ohio’s Franklin County following an attack on the City of Columbus. Despite claims by Columbus Mayor Andrew Ginther that the data was unusable, security researcher David Leroy Ross has argued that it contains sensitive information, such as names of domestic violence victims and police officers’ SSNs. The data was reportedly sold for $1.7 million on the dark web. The dispute is now under legal scrutiny, with Ross presenting evidence to media outlets to support his claims.

The post Trending Cybersecurity News Headlines on Google appeared first on Cybersecurity Insiders.

In episode 13 of "The AI Fix"", meat avatar Cluley learns that AI doesn't pose an existential threat to humanity and tells meat avatar Stockley how cybersex is about to get very, very weird. Our hosts also learn that men lie on their dating profiles, hear ChatGPT steal somebody's voice, and discover an AI that rick rolls its users. Graham tells Mark about AI's political ambitions and discovers what ChatGPT has in common with the reluctant ruler of the universe, while Mark introduces Graham to the Campaign to Stop Killer Robots. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

In recent discussions, we’ve explored how ransomware attacks are carried out, their common targets, and the impact on affected companies. A recent study by Malwarebytes has shed light on the specific timing of these attacks, offering new insights into their patterns.

According to Marcin Kleczynski, CEO of Malwarebytes, ransomware attacks frequently occur between 1:00 a.m. and 5:00 a.m. on weekends, particularly on Fridays. During these hours, many companies are in a state of reduced activity, with fewer IT staff available to respond to incidents.

The study also highlights a troubling trend in the sophistication and speed of ransomware spread. Previously, the interval between initial access and data encryption was about three weeks. However, in the past year, this time frame has dramatically decreased to just 6 to 13 hours. This rapid progression underscores the urgent need for swift detection and response measures to combat these attacks effectively.

Malwarebytes also noted that many ransomware groups operate from locations far from their victims. This geographic distance often limits the effectiveness of legal actions and prosecution, as jurisdictional boundaries can complicate enforcement.

In related news, cybersecurity researchers from Sophos X-Ops have identified that the perpetrators behind the Qilin Ransomware are engaging in mass credential theft from Google Chrome browsers. With Google Chrome holding approximately 62% of the browser market—thanks in part to its widespread use on Android smartphones—this issue is particularly concerning.

To mitigate these risks, Sophos advises users to employ password managers, which adhere to industry best practices for safeguarding credentials. They also recommend implementing multi-factor authentication (MFA) as an additional layer of security. For optimal protection, users should create passwords that are at least 15 characters long, combining letters, numbers, and special characters.

The post Ransomware hits in these specific timings and steals data from Google Chrome appeared first on Cybersecurity Insiders.

In episode 12 of The AI Fix, Mark and Graham meet an LLM having an existential crisis, ChatGPT speaks Welsh for no reason, Graham does an impression of a water spout, Eric Schmidt shares a new and unexpected take on "do no evil", and our hosts feel like David Attenborough as they witness herds of Waymo robotaxis honking their late-night mating calls at each other. Our hosts discover why it's OK to make AIs out of human brains, Mark takes Graham on an emotional roller coaster through the AI afterlife, and Graham comes last in a "who's the best Graham on the podcast?" competition. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

Google is preparing to introduce a new threat detection feature for its Android 14 and 15 operating systems by the end of this year. This innovative feature aims to enhance device security by preventing unauthorized access in the event of theft or snatching. When the device detects suspicious activity, such as being grabbed and the thief running or driving away, it will automatically lock the screen. To regain access, the legitimate user must enter a passcode that was set up during the initial SIM activation.

Details about this threat detection lock tool are still limited. However, according to discussions on various Android tech forums, the system will leverage data from the device’s gyroscope and accelerometer, along with other parameters, to identify unusual movement patterns. Users will be able to unlock their devices using a secret code established during the initial phone setup.

Phone thieves and snatchers should take note: this feature has the potential to block factory resets, a common tactic used by thieves to erase and repurpose stolen phones.

Initially, this feature will be available for devices running Android 15, with a gradual rollout planned for Android 14, 13, 12, and 11 devices in the following months. Starting in April 2024, it will also extend to devices running Android 10.

This remote locking feature represents the second major security enhancement introduced for Android users, now available in its Beta version across all compatible mobile devices.

And this feature will be working in tandem with Find My Device feature that was introduced to all android users in February this year.

The post Google to launch threat detection AI powered feature to all Android phones appeared first on Cybersecurity Insiders.

In episode 11 of The AI Fix, OpenAI battles a Shakespearean lawyer, Graham sings an uncanny bluegrass acrostic, Google drops the ball with a terrible AI ad, and Mark wonders why there's no sound on a video of an AI dentist. Graham finds religion with a little help from a man named "L Ron", a traffic cone saves the world, and Mark has a heated argument with belligerent ChatGPT. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.