Android Game Developer’s Google Drive Misconfiguration Leaks Information on Nearly One Million Users
A simple Google Drive configuration mistake by Japanese game developer Ateam resulted in the potential exposure of sensitive information for nearly one million individuals, highlighting the importance of properly securing cloud services.
The lawsuit alleges that Google spied on people who used the “incognito” mode in its Chrome browser. ADVERTISEMENT Google agreed to settle a $5 billion (€4.5 billion) privacy lawsuit that alleges the tech multinational collected personal data even when users were in “private browsing mode”. The private mode on Google’s Chrome browser is called the […]
A recent Unit 42 investigation revealed a dual privilege escalation chain impacting Google Kubernetes Engine (GKE). This exploit chain arises from specific misconfigurations in GKE’s FluentBit logging agent and Anthos Service Mesh (ASM). When combined, these issues could provide attackers with existing Kubernetes cluster access an opportunity to escalate privileges. Kubernetes, a widely adopted open-source […]
Access Management , Cybercrime , Cybercrime as-a-service Google OAuth2 Vulnerability Being Actively Abused by Attackers, Researchers Warn Chris Riotta (@chrisriotta) • December 29, 2023 Image: Shutterstock Multiple malware-as-a-service info stealers now include the ability to manipulate authentication tokens to give users persistent access to a victim’s Google account, even after a user has […]
A nearly four-year-long battle between Google and consumers in a class action lawsuit reached a preliminary settlement Tuesday over allegations that Google deceives users about their privacy when browsing in the tech giant’s so-called Incognito mode. Google and the plaintiffs are planning for a “final and definitive settlement,” according to a joint update filed with […]
Google addressed a new actively exploited Chrome zero-day Pierluigi Paganini December 20, 2023 Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with […]
Google said it patched three vulnerabilities in a version of its Chromecast media-streaming hardware discovered by security researchers earlier this year. When chained together, the bugs could allow someone to maliciously install a custom operating system and unsigned code on the Chromecast with Google TV. Patches for the bugs — tagged as CVE-2023-48424, CVE-2023-48425 and […]
Both Advanced Micro Devices and Google released AI accelerators today: AMD the Instinct MI300 and Google TPU v5e. Both are data center-grade processors that speed AI tasks, such as training large language models. AMD is playing catch-up to Nvidia, which has parleyed its gaming tech expertise into an AI processing superpower. AI typically runs on […]
Our investigations on potential security threats uncovered a malicious Google Chrome extension that we named “ParaSiteSnatcher.” The ParaSiteSnatcher framework allows threat actors to monitor, manipulate, and exfiltrate highly sensitive information from multiple sources. ParaSiteSnatcher also utilizes the powerful Chrome Browser API to intercept and exfiltrate all POST requests containing sensitive account and financial information before […]