Fake Signal and Telegram Apps in the Google Play Store - Schneier on Security
Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets
experienced attackers could easily create an exploit capable of remotely compromising vulnerable devices without triggering the targets’ attention.
Google AI chatbot Bard sends shares plummeting after it gives wrong answer - The Guardian
Google’s riposte to ChatGPT has got off to an embarrassing start after its new artificial intelligence-powered chatbot gave a wrong answer in a promotional video, as investors wiped more than $100bn (£82bn) off the value of the search engine’s parent company, Alphabet.
Google to pay nearly $400 million over deceptive location tracking practices - The Record by Recorded Future
https://therecord.media/google-to-pay-nearly-400-million-over-deceptive-location-tracking-practices/
Google has agreed to pay a $391.5 million settlement with 40 states over revelations that it continued to track users’ locations even when told explicitly not to.
The AP found that Google misled users into believing they could turn location tracking off within their account settings when in fact the company continued to collect location information within its Web & App Activity feature, which is automatically turned on when a user creates a Google account or uses an Android phone.
North Korea-backed hackers have a clever way to read your Gmail - Ars Technica
The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post. The extension can’t be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise. The extension isn’t available in Google’s Chrome Web Store, Microsoft’s add-ons page, or any other known third-party source and doesn’t rely on flaws in Gmail or AOL Mail to get installed.
Volexity President Steven Adair said in an email that the extension gets installed “by way of spear phishing and social engineering where the victim is fooled into opening a malicious document.
Report: Mercenary spyware exploited Google Chrome zero-day to target journalists - The Record by Recorded Future
A zero-day vulnerability in Google Chrome was discovered when attackers exploited it to target users in the Middle East, including journalists, cybersecurity firm Avast said Thursday.
The company attributed the attacks to a secretive Israeli firm known as Candiru — named after a notorious parasitic fish — that sells spyware to governments.
Google Says It Will Automatically Delete Location Data Collected From Visits to Health Facilities — Pixel Envy
Messages, Dialer apps sent text, call info to Google • The Register
https://www.theregister.com/2022/03/21/google_messages_gdpr/
Google’s Messages and Dialer apps for Android devices have been collecting and sending data to Google without specific notice and consent, and without offering the opportunity to opt-out, potentially in violation of Europe’s data protection law.
2FA app with 10,000 Google Play downloads loaded well-known banking trojan | Ars Technica
A fake two-factor-authentication app that has been downloaded some 10,000 times from Google Play surreptitiously installed a known banking-fraud trojan that scoured infected phones for financial data and other personal information, security firm Pradeo said.