Google Unveils Major Update to Authenticator App with Cloud Sync Option. In a major update to its Authenticator app, Google has added an account synchronisation option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's iCloud Keychain and addresses a...
Read More
Google's Cloud Platform was found to have a vulnerability that could allow attackers to plant applications in a victim's account, potentially compromising it permanently and without detection. The flaw, known as GhostToken, was discovered by Israeli security firm Astrix, which alerted Google to the zero-day vulnerability in July 2022. An attacker who successfully compromised a victim's account could read their Gmail, access their files and photos,...
Read More
Chinese online fashion retailer, Shein, has been found to have had a bug in an older version of its Android application that periodically captured and transmitted clipboard contents to a remote server. The issue was discovered by the Microsoft 365 Defender Research Team in version 7.9.2 of the app, which was released on December 16, 2021. The issue has since been addressed as of May...
Read More
A new information stealer called SYS01stealer has been discovered by cybersecurity researchers, targeting critical government infrastructure employees, manufacturing companies, and other sectors. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information. The Israeli cybersecurity company Morphisec reported that the campaign was initially tied to a financially motivated cybercriminal operation dubbed Ducktail by Zscaler. However, WithSecure, which...
Read More
Six Law Firms Targeted in GootLoader and SocGholish Malware Campaigns Mar 01, 2023 - In January and February 2023, six different law firms were targeted in two separate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader is a first-stage downloader that is capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It employs search engine optimization (SEO)...
Read More
Today, Google announced that it is working with ecosystem partners to strengthen the security of firmware that interacts with Android. This is part of the company's defense-in-depth strategy, which seeks to protect the platform from malicious attacks. The Android operating system runs on what is known as the application processor (AP), but it is only one of many processors on a system-on-chip (SoC). These processors are...
Read More
