Category: Google

Alphabet Inc., the parent company of Google, is set to acquire the cybersecurity startup Wiz for a substantial $23 billion in an all-cash deal expected to close by September this year. This move comes amidst heightened scrutiny by US regulators, particularly following President Joe Biden’s directive to closely examine foreign acquisition and merger deals for potential national security risks. The acquisition of Wiz, based in Israel, underscores Alphabet’s strategic intent to bolster its capabilities in digital security, particularly in safeguarding Kubernetes and enhancing vulnerability management.

The decision to acquire Wiz follows Alphabet’s recent announcement of acquiring HubSpot, a leading marketing software company. It’s a common strategy for large firms to acquire smaller ones to reduce competition and expand market dominance.

Google plans to leverage Wiz’s technology to enhance its security offerings, building upon previous acquisitions like Mandiant in 2022 for approximately $6 billion. For high-risk accounts, Google is rolling out enhanced security measures such as passkey protection, complementing physical security keys like YubiKey. These measures are aimed at safeguarding sensitive users such as journalists, politicians, and human rights workers from state-sponsored cyber threats.

Users interested in these advanced security features can enroll in Google’s Advanced Protection Program (APP), which provides robust defense against phishing, malware, and other data breaches.

In addition to cybersecurity advancements, Alphabet is preparing to unveil details about its facial recognition technology designed for securing corporate campuses. Currently being tested by its Security and Resilience Service team in Kirkland, Washington, this technology aims to protect users, products, and locations from unauthorized access.

To address privacy concerns, Alphabet emphasizes that its facial recognition data is used immediately and is never stored in any form on its servers, a clarification intended to reassure privacy advocates.

Overall, Alphabet’s acquisition of Wiz and its ongoing advancements in digital security and privacy technologies reflect its commitment to maintaining leadership in the competitive landscape of cybersecurity and tech innovation.

The post Google Alphabet to acquire Cybersecurity business Wiz for $23 billion appeared first on Cybersecurity Insiders.

Recently, many Android phone users may have received emails about the activation and use of the ‘Find My Device’ feature. For those unfamiliar with this development, here’s a summary to safeguard the information stored on your phone in case it is lost or misplaced.

Smartphones have become indispensable in our daily lives. Whether for ordering food, navigation, or communication, they are now essential tools rather than mere commodities.

Let’s focus on Android devices to delve into the essence of this article, setting aside Apple iPhone users.

Imagine losing or misplacing your phone without remembering where. What if someone accesses the data stored on your device? They could potentially misuse it, discard the data, or even use sensitive information like messages, photos, and videos to threaten or blackmail you.

To address this scenario effectively, Google offers the ‘Find My Device’ application. This app can be downloaded onto your Android phone and requires you to log in with your Gmail ID and password. Once installed, it connects to GPS satellites via mobile data to protect your device from being misplaced or lost.

So, what exactly is ‘Google Find My Device‘?

It’s a crucial tool that, once installed and connected, allows users to track their lost or misplaced Android phones. This feature is available to be activated on smartphones running Android 11 and later versions. Unfortunately the older versions will not support this essential security tool.

Users can access the web version of Google Find My Device to locate their phone, ring it to find its location audibly, lock it with a password, or in extreme cases, erase all data remotely to protect their privacy.

Moreover, this feature extends to other connected devices like smartwatches, enhancing overall security.

One of the standout features of this Google-launched mobile security application is its capability to function even when the lost device is offline, effectively meeting our security needs and ensuring the protection of stored data.

 

The post Google find my device helps secure your information stored on the phone to the core appeared first on Cybersecurity Insiders.

In rural healthcare settings, the IT infrastructure often lags behind due to various challenges such as limited budgets, political constraints, and insufficient awareness. This vulnerability leaves hospitals susceptible to cyber-attacks, prompting governments to push for stronger defenses before it’s too late.

Tech giants like Microsoft and Google are stepping in to support rural healthcare providers in fortifying their cybersecurity. One of their initiatives involves providing essential security updates free of charge to eligible rural hospitals.

It’s estimated that there are over 1800 rural hospitals lacking basic IT infrastructure, with staff often lacking expertise or resources to address cyber threats effectively.

Google’s Threat Intelligence offers valuable expertise, particularly in decrypting information related to ransomware attacks, which have become increasingly common.

Recent cyber-attacks on NHS hospitals in London, claimed by the Qilin ransomware group, underscore the severity of the threat. Such attacks can disrupt vital services like blood transfusions, posing a serious risk to patients’ lives.

NHS is now urging healthy individuals, especially those with O type blood, to donate, as this blood type is universally compatible and crucial for emergency situations.

In the United States, Microsoft advocates for the use of genuine software like Win1dows 11 and beyond in healthcare systems. Genuine software allows for timely updates, crucial for maintaining security against evolving threats.

Hackers’ ability to surveil victimized networks underscores the importance of constant vigilance and swift action in cybersecurity.

With the concerted efforts of tech companies and healthcare organizations, there is hope for improved cybersecurity measures and better protection for vulnerable healthcare systems.

The post Microsoft and Google pledge to offer cybersecurity support to Rural Hospitals appeared first on Cybersecurity Insiders.

In an era where digital dominance reigns supreme, tech giants like Google stand as pillars of innovation and progress. However, with great power comes great vulnerability, as these companies often find themselves at the forefront of cyber warfare. As the custodian of vast amounts of sensitive data, Google has become a prime target for cyber-attacks, prompting the company to adopt robust defense mechanisms to safeguard its digital fortress.

Google, the multinational conglomerate synonymous with internet search, cloud computing, and software solutions, has faced numerous cyber threats over the years. From sophisticated phishing schemes to state-sponsored espionage, the tech behemoth has encountered a myriad of challenges in its quest to maintain cybersecurity.

One of the most prevalent forms of cyber-attacks targeting Google is the ever-evolving landscape of phishing scams. Cybercriminals employ deceptive tactics, such as spoofed emails and malicious websites, to trick users into divulging their personal information, including login credentials and financial details. Through meticulous social engineering and cunning manipulation, these adversaries attempt to breach Google’s defenses and compromise user accounts.

Moreover, Google’s expansive ecosystem, encompassing popular services like Gmail, Google Drive, and Google Workspace, presents a lucrative target for cyber attackers seeking unauthorized access to sensitive data. The interconnected nature of these platforms amplifies the risk of data breaches and cyber intrusions, compelling Google to fortify its security infrastructure through advanced encryption, multifactor authentication, and real-time threat detection mechanisms.

In addition to external threats, Google must also contend with the specter of insider threats, wherein employees or trusted entities pose a risk to the company’s cybersecurity posture. Whether through inadvertent data leaks or malicious insider actions, the insider threat landscape remains a persistent challenge for Google, necessitating stringent access controls, employee training programs, and behavioral analytics to mitigate the risk of internal breaches.

To combat the ever-present menace of cyber-attacks, Google has adopted a proactive approach to cybersecurity, leveraging cutting-edge technologies and collaborative partnerships to enhance its defensive capabilities. Through initiatives like Google’s Vulnerability Reward Program (VRP), ethical hackers are incentivized to identify and report security vulnerabilities within Google’s products and services, thereby bolstering the company’s resilience against potential threats.

Furthermore, Google’s investment in artificial intelligence (AI) and machine learning (ML) enables the company to preemptively identify and neutralize emerging cyber threats in real-time. By harnessing the power of predictive analytics and anomaly detection, Google can swiftly respond to suspicious activities and mitigate potential risks before they escalate into full-blown security incidents.

In an increasingly interconnected world fraught with cyber peril, Google remains steadfast in its commitment to safeguarding the integrity, privacy, and security of its users’ data. Through continuous innovation, collaboration, and vigilance, Google endeavors to stay one step ahead of cyber adversaries, ensuring that the digital fortress remains impregnable in the face of ever-evolving threats.

The post Safeguarding the Fortress: Google’s Battle Against Cyber Attacks appeared first on Cybersecurity Insiders.

Drones, some coloured cardboard, and a piece of tinfoil may be all the kit you need to crash a robot-driven taxi, and a rapper is accused of using Justin Bieber's name to defraud a TV company. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Ransomware attack on NHS in May 2024

A recent ransomware attack on a key technology service provider has caused significant disruptions in several major hospitals across London, rendering medical staff unable to access crucial pathology and other medical IT services.

The attack targeted a company called ‘Synnovis,’ resulting in numerous NHS hospitals losing access to essential healthcare services such as blood tests and imaging. Among the affected hospitals are Harefield Hospitals, King George Hospital NHS Foundation Trust, and Royal Brompton.

NHS England, in collaboration with the National Cyber Security Centre (NCSC) and the Department of Health and Social Care, is actively investigating the incident. Officials are confident in their ability to recover encrypted data from backups. However, the specific ransomware variant that targeted the NHS has yet to be disclosed. Reports indicate that the attackers infiltrated databases in May 2024, with the breach only being detected in the early hours of June 3, 2024.

Google Data Breach 2024 details

In a separate development, recent revelations regarding a data breach at Google have raised concerns about the security of user data stored by tech companies. A document uncovered by 404 Media reveals a series of security incidents experienced by Google between 2013 and 2019. These incidents include unauthorized data collection by various Google online services, errors made by staff and contractors, and vulnerabilities in products and third-party vendors, leading to fraudulent data access by hackers.

The document highlights troubling instances such as the collection of audio files of children speaking via Alexa, retention of users’ deleted watch history on YouTube, and transcription of license plates captured in Google Street View images.

In response to the leak, Alphabet Inc.’s subsidiary, Google, has swiftly issued a statement. They assert that over the past six years, the company has implemented numerous security measures to protect users’ data. Google deems the latest revelations as unfounded and calls for a thorough investigation into the matter.

The post Ransomware attack on NHS and Google Data Breach 2024 details appeared first on Cybersecurity Insiders.

From Slashdot:

Apple and Google have launched a new industry standard called “Detecting Unwanted Location Trackers” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.

Several Bluetooth tag companies have committed to making their future products compatible with the new standard. Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking.

This seems like a good idea, but I worry about false alarms. If I am walking with a friend, will it alert if they have a Bluetooth tracking device in their pocket?

Google is gearing up to introduce a groundbreaking feature aimed at enhancing smartphone security through the power of Artificial Intelligence (AI) in its upcoming Android 15 operating system.

The tech giant, a subsidiary of Alphabet Inc., is poised to unveil the ‘Theft Detection Lock’ safety feature, designed to thwart mobile device theft and fraud. Leveraging AI technology, this feature enables smart devices to detect instances where a phone is forcefully taken from its user and promptly locks the screen, preventing unauthorized access by thieves.

This functionality relies on monitoring motion and disruptions in motion patterns following a theft. To enable this feature, smartphones must be equipped with built-in sensors like accelerometers capable of detecting sudden movements indicative of theft, such as snatching the device and making a swift getaway on a bike or in a car.

Once these suspicious motions are identified, the device automatically activates a lock to thwart further access by unauthorized individuals.

“During the beta testing phase, this feature demonstrated promising results with participants in cities like Sao Paulo, London, Brazil, and France,” stated Dave Burke, Vice President of Engineering at Google. “Following positive feedback, we made the decision to include this feature in our upcoming Android release.”

This innovation is particularly significant for regions like Brazil and London, where smartphone theft occurs at an alarming rate, with incidents reported every 5 to 6 minutes, respectively.

Interestingly, this announcement coincides with Google’s initiative launched a year ago, wherein tech industry leaders were urged to take action against the rising trend of mobile phone thefts, which had seen a significant uptick over the preceding months.

In addition to the Theft Detection Lock, another noteworthy feature aimed at bolstering mobile security is the introduction of the Private Space Tool. This tool allows users to securely share data-intensive yet sensitive mobile applications, such as banking or social media applications, enhancing privacy and safeguarding personal information.

The post Google Android to lock screen of stolen smart phones with AI appeared first on Cybersecurity Insiders.

Google has patched another Chrome zero-day:

On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.

“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for.

Microsoft Security Analysis team recently alerted Google’s Android Security Research teams to a critical issue potentially affecting billions of Android app users. This vulnerability could lead to various cyber threats, including token thefts, code execution attacks, and other common security risks.

Responding swiftly to the alert, Google promptly released new guidelines for Android app developers to help them identify and address these security concerns. The aim is to prevent similar vulnerabilities from being introduced into future app developments.

Notably, popular apps like Xiaomi Inc’s File Manager Product and WPS Office, boasting over half a billion downloads, were identified as having these security weaknesses.

In a separate move, Google announced enhanced security measures for apps developed by governments and aimed at public welfare. Following extensive testing on its Google Play Store platform, the company will roll out official badges for apps in more than 14 countries, signifying their legitimacy as government applications.

Over the past three years, Google has banned over 2 million Android applications, including more than 37,000 that were clones of existing apps but designed for malicious purposes. A recent report revealed that Google blocked over 7,000 applications imitating mobile apps from federal agencies, involved in fraudulent activities such as data theft and financial scams.

The new badges will initially cover over 2,000 federal apps from governments in countries including Australia, Canada, Germany, France, the United Kingdom, Japan, South Korea, the United States, Brazil, Indonesia, India, and Mexico.

The beta version of this feature has been in testing since November 2023 and has been included in the developer guidelines since then.

To facilitate the smooth implementation of the badges, governments and developers are encouraged to use official government email IDs for correspondence and provide authorization proof during the application process.

The post Microsoft issues cyber threat alert to Google on Vulnerable Mobile Apps appeared first on Cybersecurity Insiders.