Tag: google
UN drafts US-led AI resolution
The United Nations has drafted a resolution aimed at bringing the rest of the world in line with existing US artificial intelligence (AI) security guidelines. These follow those already developed by the US Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). Both emphasize the importance of “secure-by-design” and “secure-by-default” principles for AI systems. The UN Assembly called on all Member States and stakeholders “to refrain from or cease the use of artificial intelligence systems that are impossible to operate in compliance with international human rights law.” The Assembly added that the same rights that people have offline must also be protected online throughout the life cycle of artificial intelligence systems.
Beware of fake Google docs
An under-the-radar attack that creates fake Google docs is now playing havoc across multiple sectors in the US and UK, particularly in healthcare. Companies’ increasing reliance on widely-used off-the-shelf external software may save costs and create efficiencies in the short-term, but it also offers new inroads for the current generation of increasingly devious and skilled cybercriminals Cybersecurity firm Netskope has identified a new Google Docs threat in the wild, AZORult infostealer. It is designed to steal sensitive information such as user credentials, browser information, credit card details and crypto-wallet data. A comprehensive study conducted by Netskope’s research team has uncovered a campaign where an attacker created fake Google Docs pages on Google sites from which to download malicious payloads.
Google’s Improvements to Chrome’s ‘Safe Browsing’ Mode – March 18th
Google announced major security-focused revamps to Chrome's 'Safe Browsing' mode, which enables the service to work while checking against a server-side malware-site list in real-time. The added safety feature to Google Chrome's 'Safe Browsing' mode is a massive improvement compared to the browsing mode cross-checking against lists of malware-infected sites that were manually added every two hours.
Google’s Gemini AI Restricted to Answer Global Election Questions – March 13th
Google announced that the Gemini AI chatbot will be restricted to answering any global election-related questions to avoid any potential missteps. Users have found political questions toward Gemini to result in the answer "I'm still learning how to answer this question. In the meantime, try Google Search."
Nation-state spyware goes mainstream
Commercial surveillance technology targeting smartphones, once the province of spymasters, is now becoming widely available on the open market. It is not only high-profile individuals such as politicians who are now threatened but also business people and ordinary smartphone users. Half of the known zero-day exploits (a previously unknown vulnerability) used against Google and Android devices can be attributed to commercial surveillance vendors (CSVs), according to a new 50-page report from Google, Buying Spying: Insights into Commercial Surveillance Vendors. “The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices,” says Google.
JP Morgan Chase Combats 45 Billion Cyber Attacks Daily – January 18th
On Wednesday, January 17th, JPMorgan Chase's asset and wealth management division head, Mary Callahan Erdoes, said during the World Economic Forum in Davos that the firm faces a staggering 45 billion breach attempts daily. Mary explained on a panel session that they have more security engineers than Google and Amazon, out of necessity, as threat actors increasingly get "smarter, savvier, quicker, more devious and mischievous."
Researchers Uncover a Tesla Autopilot Exploit – January 2nd
Researchers from the Technische Universität Berlin managed to hack into Tesla's autopilot system, granting them access to internal hardware and hidden capabilities. The university's researchers using inexpensive tools amounting to $600 hacked into Tesla's ARM64-based circuit board of the car's autopilot system. The researchers' hack on Tesla allowed them access to arbitrary code, user data, cryptographic keys, system parts, a deleted GPS coordinates video, and the hidden "Elon-mode" allowing the cars to have a fully hands-free self-driving feature.
The UK is at ‘High Risk’ of Ransomware Attacks – December 14th
The Joint Committee on National Security Strategy (JCNSS) published a report "A hostage to fortune: ransomware and UK National Security," which revealed the UK's lack of planning against ransomware attacks. Targeted mainly at the critical cyber infrastructure of the UK government, the JCNSS report warns that a severe attack could disrupt the core of government services, healthcare, and child protection, which could lead to bringing the country to a 'standstill'.
Google’s Vulnerability Rewards Program (VRP) Expansion – October 27th
Google's Vulnerability Rewards Program (VRP), a program made to reward researchers who find system vulnerabilities, has been expanded for generative AI. Google explained the expansion of the VRP as a reaction to the risks brought by AI, and the magnified implications it has for traditional digital security.
Google responds to increase in malware-related money theft – October 13th
Google has warned users of Android devices to take specific precautionary measures to prevent malware infection. This warning comes after a reported increase in malware aimed at stealing information and money. Precautionary measures advised by the service provider include turning on Google Play Protect, updating software, and removing untrusted apps.
Google to adapt email sender guidelines for heightened security – October 4th
In response to the increasingly hostile cyber environment, Google will tighten bulk email sending regulations next year. Reports say that the server plans to send new email sender guidelines in February, which will require senders of bulk email to authenticate their emails and adhere to stricter spam regulations.
Cloud security compromised by constant upgrades
There is mounting evidence that companies may have been naive in accepting Big Tech’s optimistic assurances that sensitive data can be stored more securely in the cloud than on the company’s own servers. In its latest Attack Surface Threat report, Silicon Valley-based cybersecurity firm Palo Alto Networks reveals that the cloud has now become “the dominant attack surface”, with four out of five security vulnerabilities observed in organizations across all sectors coming from a cloud environment.