Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Gmail. Show all posts
WebSockets
Blockchain codebase Credentials Crypto Cybersecurity dataexfiltration dependency devtools Firewall Gmail Hacking malware phishing PyPI python scripts SMTP Spoofing Threatactors WebSockets

Malicious PyPI Packages Exploit Gmail to Steal Sensitive Data

 

Cybersecurity researchers have uncovered a disturbing new tactic involving malicious PyPI packages that use Gmail to exfiltrate stolen data and communicate with threat actors. The discovery, made by security firm Socket, led to the removal of the infected packages from the Python Package Index (PyPI), although not before considerable damage had already occurred.

Socket reported identifying seven malicious packages on PyPI, some of which had been listed for more than four years. Collectively, these packages had been downloaded over 55,000 times. Most were spoofed versions of the legitimate "Coffin" package, with deceptive names such as Coffin-Codes-Pro, Coffin-Codes, NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, and Coffin-Grave. Another package was titled cfc-bsb.

According to the researchers, once installed, these packages would connect to Gmail using hardcoded credentials and initiate communication with a command-and-control (C2) server. They would then establish a WebSockets tunnel that leverages Gmail’s email server, allowing the traffic to bypass traditional firewalls and security systems.

This setup enabled attackers to remotely execute code, extract files, and gain unauthorized access to targeted systems.

Evidence suggests that the attackers were mainly targeting cryptocurrency assets. One of the email addresses used by the malware featured terms like “blockchain” and “bitcoin” — an indication of its intent.

“Coffin-Codes-Pro establishes a connection to Gmail’s SMTP server using hardcoded credentials, namely sphacoffin@gmail[.]com and a password,” the report says.
“It then sends a message to a second email address, blockchain[.]bitcoins2020@gmail[.]com politely and demurely signaling that the implant is working.”

Socket has issued a warning to all Python developers and users who may have installed these packages, advising them to remove the compromised libraries immediately, and rotate all sensitive credentials.

The researchers further advised developers to remain alert for suspicious outbound connections:

“especially SMTP traffic”, and warned them not to trust a package just because it was a few years old.
“To protect your codebase, always verify package authenticity by checking download counts, publisher history, and GitHub repository links,” they added.

“Regular dependency audits help catch unexpected or malicious packages early. Keep strict access controls on private keys, carefully limiting who can view or import them in development. Use isolated, dedicated environments when testing third-party scripts to contain potentially harmful code.”
Read more »
storage
Avast Email Scams Gmail malware Spam storage

Don’t Delete Spam Emails Too Quickly — Here’s Why


 

Most of us delete spam emails as soon as they land in our inbox. They’re irritating, unwanted, and often contain suspicious content. But what many people don’t know is that keeping them, at least briefly can actually help improve your email security in the long run.


How Spam Helps Train Your Email Filter

Email services like Gmail, Outlook, and others have systems that learn to detect unwanted emails over time. But for these systems to improve, they need to be shown which emails are spam. That’s why it’s better to mark suspicious messages as spam instead of just deleting them.

If you’re using a desktop email app like Outlook or Thunderbird, flagging such emails as “junk” helps the program recognize future threats better. If you're reading emails through a browser, you can select the unwanted message and use the “Spam” or “Move to Junk” option to send it to the right folder.

Doing this regularly not only protects your own inbox but can also help your co-workers if you’re using a shared office mail system. The more spam messages you report, the faster the system learns to block similar ones.


No Need to Worry About Storage

Spam folders usually empty themselves after 30 days. So you don’t have to worry about them piling up unless you want to manually clear them every month.


Never Click 'Unsubscribe' on Random Emails

Some emails, especially promotional ones, come with an unsubscribe button. While this can work with genuine newsletters, using it on spam emails is risky. Clicking “unsubscribe” tells scammers that your email address is real and active. This can lead to more dangerous emails or even malware attacks.


How to Stay Safe from Email Scams

1. Be alert. If something feels off, don’t open it.

2. Avoid acting quickly. Scammers often try to pressure you.

3. Don’t click on unknown links. Instead, visit websites directly.

4. Never open files from unknown sources. They can hide harmful programs.

5. Use security tools. Good antivirus software can detect harmful links and block spam automatically.


Helpful Software You Can Use

Programs like Bitdefender offer full protection from online threats. They can block viruses, dangerous attachments, and suspicious websites. Bitdefender also includes a chatbot where you can send messages to check if they’re scams. Another option is Avast One, which keeps your devices safe from fake websites and spam, even on your phone. Both are easy to use and budget-friendly.

While it may seem odd, keeping spam emails for a short time and using them to train your inbox filter can actually make your online experience safer. Just remember — never click links or download files from unknown senders. Taking small steps can protect you from big problems.

Read more »
WhatsApp
AI tools Gmail Google Privacy WhatsApp

Gmail Users Face a New Dilemma Between AI Features and Data Privacy

 



Google’s Gmail is now offering two new upgrades, but here’s the catch— they don’t work well together. This means Gmail’s billions of users are being asked to pick a side: better privacy or smarter features. And this decision could affect how their emails are handled in the future.

Let’s break it down. One upgrade focuses on stronger protection of your emails, which works like advanced encryption. This keeps your emails private, even Google won’t be able to read them. The second upgrade brings in artificial intelligence tools to improve how you search and use Gmail, promising quicker, more helpful results.

But there’s a problem. If your emails are fully protected, Gmail’s AI tools can’t read them to include in its search results. So, if you choose privacy, you might lose out on the benefits of smarter searches. On the other hand, if you want AI help, you’ll need to let Google access more of your email content.

This challenge isn’t unique to Gmail. Many tech companies are trying to combine stronger security with AI-powered features, but the two don’t always work together. Apple tried solving this with a system that processes data securely on your device. However, delays in rolling out their new AI tools have made their solution uncertain for now.

Some reports explain the choice like this: if you turn on AI features, Google will use your data to power smart tools. If you turn it off, you’ll have better privacy, but lose some useful options. The real issue is that opting out isn’t always easy. Some settings may remain active unless you manually turn them off, and fully securing your emails still isn’t simple.

Even when extra security is enabled, email systems have limitations. For example, Apple’s iCloud Mail doesn’t use full end-to-end encryption because it must work with global email networks. So even private emails may not be completely safe.

This issue goes beyond Gmail. Other platforms are facing similar challenges. WhatsApp, for example, added a privacy mode that blocks saving chats and media, but also limits AI-related features. OpenAI’s ChatGPT can now remember what you told it in past conversations, which may feel helpful but also raises questions about how your personal data is being stored.

In the end, users need to think carefully. AI tools can make email more useful, but they come with trade-offs. Email has never been a perfectly secure space, and with smarter AI, new threats like scams and data misuse may grow. That’s why it’s important to weigh both sides before making a choice.



Read more »
Workspace
Beta Enterprise Compliance CSE Cybersecurity Encryption Gmail Privacy S/MIME Security Workspace

Google Rolls Out Simplified End-to-End Encryption for Gmail Enterprise Users

 

Google has begun the phased rollout of a new end-to-end encryption (E2EE) system for Gmail enterprise users, simplifying the process of sending encrypted emails across different platforms.

While businesses could previously adopt the S/MIME (Secure/Multipurpose Internet Mail Extensions) protocol for encrypted communication, it involved a resource-intensive setup — including issuing and managing certificates for all users and exchanging them before messages could be sent.

With the introduction of Gmail’s enhanced E2EE model, Google says users can now send encrypted emails to anyone, regardless of their email service, without needing to handle complex certificate configurations.

"This capability, requiring minimal efforts for both IT teams and end users, abstracts away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls," Google said today.

The rollout starts in beta with support for encrypted messages sent within the same organization. In the coming weeks, users will be able to send encrypted emails to any Gmail inbox — and eventually to any email address, Google added.

"We're rolling this out in a phased approach, starting today, in beta, with the ability to send E2EE emails to Gmail users in your own organization. In the coming weeks, users will be able to send E2EE emails to any Gmail inbox, and, later this year, to any email inbox."

To compose an encrypted message, users can simply toggle the “Additional encryption” option while drafting their email. If the recipient is a Gmail user with either an enterprise or personal account, the message will decrypt automatically.

For users on the Gmail mobile app or non-Gmail email services, a secure link will redirect them to view the encrypted message in a restricted version of Gmail. These recipients can log in using a guest Google Workspace account to read and respond securely.

If the recipient already has S/MIME enabled, Gmail will continue to use that protocol automatically for encryption — just as it does today.

The new encryption capability is powered by Gmail's client-side encryption (CSE), a Workspace control that allows organizations to manage their own encryption keys outside of Google’s infrastructure. This ensures sensitive messages and attachments are encrypted locally on the client device before being sent to the cloud.

The approach supports compliance with various regulatory frameworks, including data sovereignty, HIPAA, and export control policies, by ensuring that encrypted content is inaccessible to both Google and any external entities.

Gmail’s CSE feature has been available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers since February 2023. It was initially introduced in beta for Gmail on the web in December 2022, following earlier launches across Google Drive, Docs, Sheets, Slides, Meet, and Calendar.
Read more »
Technology
Cyberhackers Cybersecurity CyberThreat Gmail Google Google Drive Google Meet Technology

Gmail Upgrade Announced by Google with Three Billion Users Affected

 


The Google team has officially announced the launch of a major update to Gmail, which will enhance functionality, improve the user experience, and strengthen security. It is anticipated that this update to one of the world’s most commonly used email platforms will have a significant impact on both individuals as well as businesses, providing a more seamless, efficient, and secure way to manage digital communications for individuals and businesses alike.

The Gmail email service, which was founded in 2004 and has consistently revolutionized the email industry with its extensive storage, advanced features, and intuitive interface, has continuously revolutionized the email industry. In recent years, it has grown its capabilities by integrating with Google Drive, Google Chat, and Google Meet, thus strengthening its position within the larger Google Workspace ecosystem by extending its capabilities. 

The recent advancements from Google reflect the company’s commitment to innovation and leadership in the digital communication technology sector, particularly as the competitive pressures intensify in the email and productivity services sector. Privacy remains a crucial concern as the digital world continues to evolve. Google has stressed the company’s commitment to safeguarding user data, and is ensuring that user privacy remains of the utmost importance. 

In a statement released by the company, it was stated that the new tool could be managed through personalization settings, so users would be able to customize their experience according to their preferences, allowing them to tailor their experience accordingly. 

However, industry experts suggest that users check their settings carefully to ensure their data is handled in a manner that aligns with their privacy expectations, despite these assurances. Those who are seeking to gain a greater sense of control over their personal information may find it prudent to disable AI training features. In particular, this measured approach is indicative of broader discussions regarding the trade-off between advanced functionality and data privacy, especially as the competition from Microsoft and other major technology companies continues to gain ground. 

Increasingly, AI-powered services are analyzing user data and this has raised concerns about privacy and data security, which has led to a rise in privacy concerns. Chrome search histories, for example, offer highly personal insights into a person’s search patterns, as well as how those searches are phrased. As long as users grant permission to use historical data, the integration of AI will allow the company to utilize this historical data to create a better user experience.

It is also important to remember, however, that this technology is not simply a tool for executive assistants, but rather an extremely sophisticated platform that is operated by one of the largest digital marketing companies in the world. In the same vein, Microsoft's recent approach to integrating artificial intelligence with its services has created a controversy about user consent and data access, leading users to exercise caution and remain vigilant.

According to PC World, Copilot AI, the company's software for analyzing files stored on OneDrive, now has an automatic opt-in option. Users may not have been aware that this feature, introduced a few months ago, allowed them to consent to its use before the change. It has been assured that users will have full Although users have over their data they have AI-driven access to cloud-stored files, the transparency of such integrations is s being questioned as well as the extent of their data. There remain many concerns among businesses that are still being questioned. Businesses remain concerned aboutness, specifically about privacy issues.

The results of Global Data (cited by Verdict) indicate that more than 75% of organizations are concerned about these risks, contributing to a slowdown in the adoption of artificial intelligence. A study also indicates that 59% of organizations lack confidence in integrating artificial intelligence into their operations, with only 21% reporting an extensive or very extensive deployment of artificial intelligence. 

In the same way that individual users struggle to keep up with the rapid evolution of artificial intelligence technologies, businesses are often unaware of the security and privacy threats that these innovations pose. As a consequence, industry experts advise organizations to prioritize governance and control mechanisms before adopting AI-based solutions to maintain control over their data. CISOs (chief information security officers) might need to adopt a more cautious approach to mitigate potential risks, such as restricting AI adoption until comprehensive safeguards have been implemented. 

The introduction of AI-powered innovations is often presented as seamless and efficient tools, but they are supported by extensive frameworks for collecting and analyzing data. For these systems to work effectively, they must have well-defined policies in place that protect sensitive data from being exposed or misused. As AI adoption continues to grow, the importance of stringent regulation and corporate oversight will only increase. 

To improve the usability, security and efficiency of Gmail, as well as make it easier for both individuals and businesses, Google's latest update has been introduced to the Gmail platform. There are several features included in this update, including AI-driven features, improved interfaces, and improved search capabilities, which will streamline email management and strengthen security against cybersecurity threats. 

By integrating Google Workspace deeper, businesses will benefit from improved security measures that safeguard sensitive information while enabling teams to work more efficiently and effectively. This will allow businesses to collaborate more seamlessly while reducing cybersecurity risks. The improvements added by Google to Gmail allow it to be a critical tool within corporate environments, enhancing productivity, communication, and teamwork. With this update, Google confirms Gmail's reputation as a leading email and productivity tool. 

In addition to optimizing the user experience, integrating intelligent automation, strengthening security protocols, and expanding collaborative features, the platform maintains its position as a leading digital communication platform. During the rollout over the coming months, users can expect a more robust and secure email environment that keeps pace with the changing demands of today's digital interactions as the rollout progresses.
Read more »
Spam
Cyber Security Emails Gmail Outlook Spam

Why You Shouldn’t Delete Spam Emails Right Away

 



Unwanted emails, commonly known as spam, fill up inboxes daily. Many people delete them without a second thought, assuming it’s the best way to get rid of them. However, cybersecurity experts advise against this. Instead of deleting spam messages immediately, marking them as junk can improve your email provider’s ability to filter them out in the future.  


The Importance of Marking Emails as Spam  

Most email services, such as Gmail, Outlook, and Yahoo, use automatic spam filters to separate important emails from unwanted ones. These filters rely on user feedback to improve their accuracy. If you simply delete spam emails without marking them as junk, the system does not learn from them and may not filter similar messages in the future.  

Here’s how you can help improve your email’s spam filter:  

• If you use an email app (like Outlook or Thunderbird): Manually mark unwanted messages as spam if they appear in your inbox. This teaches the software to recognize similar messages and block them.  

• If you check your email in a web browser: If a spam message ends up in your inbox instead of the spam folder, select it and move it to the junk folder. This helps train the system to detect similar threats.  

By following these steps, you not only reduce spam in your inbox but also contribute to improving the filtering system for other users.  


Why You Should Never Click "Unsubscribe" on Suspicious Emails  

Many spam emails include an option to "unsubscribe," which might seem like an easy way to stop receiving them. However, clicking this button can be risky.  

Cybercriminals send millions of emails to random addresses, hoping to find active users. When you click "unsubscribe," you confirm that your email address is valid and actively monitored. Instead of stopping, spammers may send you even more unwanted emails. In some cases, clicking the link can also direct you to malicious websites or even install harmful software on your device.  

To stay safe, avoid clicking "unsubscribe" on emails from unknown sources. Instead, mark them as spam and move them to the junk folder.  


Simple Ways to Protect Yourself from Spam  

Spam emails are not just a nuisance; they can also be dangerous. Some contain links to fake websites, tricking people into revealing personal information. Others may carry harmful attachments that install malware on your device. To protect yourself, follow these simple steps:  

1. Stay Alert: If an email seems suspicious or asks for personal information, be cautious. Legitimate companies do not ask for sensitive details through email.  

2. Avoid Acting in a Hurry: Scammers often create a sense of urgency, pressuring you to act quickly. If an email claims you must take immediate action, think twice before responding.  

3. Do Not Click on Unknown Links: If an email contains a link, avoid clicking it. Instead, visit the official website by typing the web address into your browser.  

4. Avoid Opening Attachments from Unknown Senders: Malware can be hidden in email attachments, including PDFs, Word documents, and ZIP files. Open attachments only if you trust the sender.  

5. Use Security Software: Install antivirus and anti-spam software to help detect and block harmful emails before they reach your inbox.  


Spam emails may seem harmless, but how you handle them can affect your online security. Instead of deleting them right away, marking them as spam helps email providers refine their filters and block similar messages in the future. Additionally, never click "unsubscribe" in suspicious emails, as it can lead to more spam or even security threats. By following simple email safety habits, you can reduce risks and keep your inbox secure.

Read more »
QR code security
2FA Cyber Security cybercriminals Gmail Google Google Security Tools QR code QR code security

Google to Introduce QR Codes for Gmail 2FA Amid Rising Security Concerns

 

Google is set to introduce QR codes as a replacement for SMS-based two-factor authentication (2FA) codes for Gmail users in the coming months. While this security update aims to improve authentication methods, it also raises concerns, as QR code-related scams have been increasing. Even Google’s own threat intelligence team and law enforcement agencies have warned about the risks associated with malicious QR codes. QR codes, short for Quick Response codes, were originally developed in 1994 for the Japanese automotive industry. Unlike traditional barcodes, QR codes store data in both horizontal and vertical directions, allowing them to hold more information. 

A QR code consists of several components, including finder patterns in three corners that help scanners properly align the code. The black and white squares encode data in binary format, while error correction codes ensure scanning remains possible even if part of the code is damaged. When scanned, the embedded data—often a URL—is extracted and displayed to the user. However, the ability to store and quickly access URLs makes QR codes an attractive tool for cybercriminals. Research from Cisco Talos in November 2024 found that 60% of emails containing QR codes were spam, and many included phishing links. While some emails use QR codes for legitimate purposes, such as event registrations, others trick users into revealing sensitive information. 

According to Cisco Talos researcher Jaeson Schultz, phishing attacks often use QR codes for fraudulent multi-factor authentication requests to steal login credentials. There have been multiple incidents of QR code scams in recent months. In one case, a 70-year-old woman scanned a QR code at a parking meter, believing she was paying for parking, but instead, she unknowingly subscribed to a premium gaming service. Another attack involved scammers distributing printed QR codes disguised as official government severe weather alerts, tricking users into downloading malicious software. Google itself has warned that Russian cybercriminals have exploited QR codes to target victims through the Signal app’s linked devices feature. 

Despite these risks, users can protect themselves by following basic security practices. It is essential to verify where a QR code link leads before clicking. A legitimate QR code should provide additional context, such as a recognizable company name or instructions. Physical QR codes should be checked for tampering, as attackers often place fraudulent stickers over legitimate ones. Users should also avoid downloading apps directly from QR codes and instead use official app stores. 

Additionally, QR-based payment requests in emails should be verified through a company’s official website or customer service. By exercising caution, users can mitigate the risks associated with QR codes while benefiting from their convenience.
Read more »
Yahoo
Astaroth Phishing Authentication Cyber Attacks CyberCrime Cybersecurity CyberThreat Dark Web Gmail PHaas Telegram URL Yahoo

2FA Under Attack as Astaroth Phishing Kit Spreads

 


Astaroth is the latest phishing tool discovered by cybercriminals. It has advanced capabilities that allow it to circumvent security measures such as two-factor authentication (2FA) when used against it. In January 2025, Astaroth made its public debut across multiple platforms, including Gmail, Yahoo, and Office 365, with sophisticated technologies such as session hijacking and real-time credentials interceptions, which compromise user accounts across multiple platforms. 

SlashNext researchers claim Astaroth makes use of a reverse proxy called an evilginx-style proxy to place itself between legitimate login pages and users. As a result, the tool is capable of intercepting and capturing sensitive credentials, such as usernames, passwords, 2FA tokens, and session cookies, without triggering security alerts, thereby making the tool effective. 

It has been demonstrated that attackers who have obtained these session cookies will be able to hijack authenticated sessions, bypass additional security protocols, and gain unauthorized access to user accounts once they have acquired these cookies. Astaroth demonstrates the evolution of cyber threats and the sophistication of phishing techniques that compromise online security. This development highlights how cybercriminals have been evolving their methods of phishing over the years.

Clearly, Astaroth highlights how cybercriminals' tactics have evolved over the last decade, as phishing has evolved into a lucrative business. The sophistication of sophisticated attacks has now reached a point where it is now marketed like commercial software products, with regular updates, customer support, and testing guarantees attached to them. 

The attacker can intercept real-time credentials and use reverse proxy techniques in order to hijack authenticated sessions in order to bypass even the most robust phishing defences, such as Multi Factor Authentication (MFA), which are designed to protect against phishing attacks. Due to the widespread availability of phishing kits such as Astaroth, which significantly reduces the barrier to entry, less experienced cybercriminals are now capable of conducting highly effective attacks given that the barriers to entry have been significantly lowered. 

The key to mitigating these threats is to adopt a comprehensive, multilayered security strategy that is both comprehensive and multifaceted. It must have a password manager, endpoint security controls, real-time threat monitoring, and ongoing employee training to ensure that employees are aware of cybersecurity threats in real time. 

As an additional consideration, implementing Privillege Access Management (PAM) is equally vital, since it prevents unauthorized access to critical systems, even if login credentials are compromised, through the use of PAM. Business owners remain vulnerable to increasingly sophisticated phishing techniques that can circumvent the traditional defenses of their organisations without appropriate proactive security measures. 

The Astaroth phishing kit has been developed to enable a more effective method of bypassing multi-factor authentication (MFA). By using an evilginx reverse proxy, it intercepts authentication processes in real time as they are happening. By using Astaroth, attackers will be able to steal authenticated sessions and hack them seamlessly with no technical knowledge. Astaroth is different from traditional phishing tools, which capture only static credentials; instead, it dynamically retrieves authorization tokens, 2FA tokens, and session cookies. This tool is a man-in-the-middle attack that renders conventional anti-phishing defenses and multi-factor authentication protections ineffective by acting as an intermediary. 

Discovered by SlashNext Threat Researchers on cybercrime marketplaces, Astaroth is marketed as a tool that can be used easily. It is a 2-in-1 solution that sells for $2000 and includes six months of continuous updates, which includes the newest bypass techniques, as well as pre-purchase testing to demonstrate its effectiveness in real-world attacks if the buyer wants to establish credibility within cybercriminal networks. There is no doubt that the sophistication of phishing kits such as Astaroth, as well as the implementation of behaviour-based authentication, endpoint security controls, and continuous threat monitoring, are critical to organizations in order to defend themselves from these ever-evolving cyber threats that are continually evolving. 

As a means of expanding the company's customer base, Astaroth's developers have publicly revealed the methodologies they use to bypass security measures, such as reCAPTCHA or BotGuard, as a way of demonstrating the kit's effectiveness at circumventing automatic security measures. Cybercriminals in cybercrime forums and underground marketplaces are actively promoting Astaroth among their communities and are primarily distributing it through Telegram, leading to its widespread adoption among cybercriminals world-wide. 

There are several advantages to using these platforms, the most important of which is their accessibility, along with the anonymity they provide. This makes monitoring, tracking, and disrupting the sale and distribution of phishing kits very challenging for law enforcement agencies. There is a particular application known as Telegram which is commonly used by cybercriminals to communicate and to distribute their illicit activities due to its end-to-end encryption, private groups, and minimal oversight. This makes it very difficult for law enforcement to trace illicit activities on Telegram. 

It may not only facilitate the proliferation of Astaroth on the dark web, but also on underground marketplaces - both of which allow threat actors to engage in peer-to-peer transactions without disclosing their identities to each other. The fact that these platforms are decentralized, along with the fact that cryptocurrency payments are used in conjunction with them, adds more layers of protection for cybercriminals, making it even more difficult for authorities to take enforcement action against them. Astaroth continue to be embraced by cybercriminal communities and is lowering the barrier to entry for less-experienced attackers, which in turn is promoting phishing-as-a-service (PhaaS) models which are becoming more prevalent as a consequence. 

Due to the complexities posed by sophisticated phishing kits like Astaroth, security professionals emphasize the need for proactive security measures, which include real-time threat intelligence, endpoint detection, and multi-layered authentication strategies, as well as real-time threat intelligence. Aside from offering custom hosting solutions, Astaroth also offers bulletproof hosting, which will make Astaroth more resilient against legal authorities’ efforts to take down its websites. 

Cybercriminals are able to conduct attacks with minimal disruption in jurisdictions with weak regulatory oversight when using the phishing kit since it operates in jurisdictions that lack regulatory oversight. As a Field CTO of SlashNext, J Stephen Kowski believes that the emergence of Astaroth with regards to authentication is one of the most important implication that could be borne out by the fact that even the most robust authentication systems can be compromised if the attackers obtain the two-factor authentication (2FA) codes and session information during the authentication process in real time. 

Thomas Richards, Principal Consultant and Network and Red Team Practice Director at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, has emphasized the sophistication and severity of the Astaroth phishing kit. According to Richards, this phishing kit demonstrates an advanced level of complexity, making it increasingly difficult for users to identify and avoid such attacks. "Traditional security awareness training often instructs users to recognize phishing attempts by looking for red flags such as suspicious URLs, grammatical errors, or lack of SSL certification. 

However, Astaroth’s highly sophisticated approach significantly reduces these indicators, making detection far more challenging," Richards stated. Furthermore, the infrastructure supporting these attacks is often hosted by providers that do not cooperate with law enforcement agencies, complicating efforts to dismantle these operations. In response to this growing threat, the United States and several European nations have imposed sanctions on countries that provide bulletproof hosting services, which are frequently exploited by cybercriminals to evade legal action. 

Richards advises users to exercise extreme caution when receiving emails that appear to originate from legitimate organizations and contain urgent requests for immediate action. Rather than clicking on embedded links, users should manually navigate to the official website to verify the authenticity of any alerts or account-related issues. This proactive approach is essential in mitigating the risks posed by advanced phishing campaigns like Astaroth. 

Organizations must implement advanced security measures beyond traditional login protections in order to protect themselves from these threats. According to Thomas Richards, a Principal Consultant and Network and Red Team Practice Director for Black Duck, a Burlington-based company that provides applications security solutions, Astaroth's phishing kit is sophisticated and quite severe. As Richards points out, this phishing kit shows a remarkable degree of complexity, which makes it increasingly difficult for users to identify and avoid attacks such as these as they run across them. 

It has always been taught to users during traditional security awareness training to look for red flags, such as suspicious URLs, grammatical errors, or a lack of SSL certification, so they can identify phishing attempts. Although these indicators are largely reduced by Astaroth's highly sophisticated approach, Richards noted that the detection of them is much more challenging as a result. The infrastructure that supports these malicious attacks is typically hosted by providers who do not cooperate with law enforcement agencies, which complicates the process of dismantling these attacks.

Several European countries and the United States have increased sanctions in response to its growing threat, increasing the chance that these countries (including the United States) will use defenseless host hosting services, which are regularly exploited by cybercriminals to avoid legal action and avoid repercussions for their crimes. 

The American scientist Richards urges users to exercise extreme caution if they receive an email that appears to be coming from a legitimate organization and contains urgent requests for action that need to be taken immediately. As a precaution, users should not click on embedded links in emails, but instead should visit the official site to verify the authenticity of any alerts they receive or account-related issues. Taking a proactive approach effectively mitigates the threats posed by advanced phishing campaigns such as Astaroth.
Read more »
phishing
Cyber Security Email Scams FBI Gmail Outlook phishing

How to Protect Yourself from Email Scams: FBI’s Top Tips for Staying Safe

 



While phishing scams are on the rise over the holiday period, the FBI has reminded Gmail, Outlook, Apple Mail, and other services users to be more alert. More phishing schemes are becoming common as criminals use the festive season rush as an opportunity to target more people. Here is how the FBI has warned its citizens against phishing attacks:.

It has generally entailed scamming emails that request the stealing of personal information or even money. Scammers try to deceive a victim with deals they will promise; discounted products, gift cards, or exclusive offers, amongst others. These appear quite legitimate, mimicking familiar brands with realistic logos and designs. With AI tools, it is now more possible for cybercriminals to generate messages that are shiny and polished yet professional-looking, targeting the most vigilant users in their deception.

Three Things to Check in Every Email

To counter these scams, the FBI points out three important checks:  

1. Check the Sender's Email Address: Look closely at the sender's email address. Scammers often use addresses that mimic real ones but with minor changes, like replacing a letter or adding extra characters.

2. Inspect Links Before Clicking: Hover over any link in the email to see where it leads. If the URL looks suspicious or doesn’t match the claimed source, avoid clicking it.  

3. Look for Errors: Scammers sometimes make spelling or grammatical mistakes in emails and URLs. These errors can signal that an email is fake.  

Additional Safety Tips  

The FBI also advises:

  • Avoid disclosing passwords and any form of financial information to any email. No business firm will ask for this type of information through email. 
  • Don't open attachments or click on links coming from unknown senders.  
  • Set up two-factor authentication (2FA) on your accounts for extra protection.
  • Share as little personal information on social media as possible, to make it harder for fraudsters to guess your passwords.

AI In the Wake Of Scams

The more advanced AI technology makes the scammers create the most realistic phishing schemes. This way, they can use artificial intelligence to design fake emails, replicate the look of an official email, or extract confidential information from documents or images. All this puts a bigger burden on users when trying to spot scams.

What Can You Do?

Tech companies, such as Google, have been increasing their efforts to secure users. For example, the majority of phishing attempts in Gmail are blocked, and the service provides direction to help users identify scams. Google instructs users to slow down before acting on an email by verifying its claims independently and reporting anything suspicious.

This has proven true for phishing attacks, and growing sophistication is only outpaced by awareness. Take some time and understand emails before rushing to execute a 

response to urgent messages. As a result, your sensitive information is safe and can therefore have a secure online experience. 




Read more »
Rhadamanthys malware
Check Point Cyber Attacks data security Gmail Gmail Hack Gmail-Accounts Personal Data Phishing scam Rhadamanthys malware

Gmail Alert: Massive Phishing Campaign Spreads Rhadamanthys Malware

 

Cybersecurity experts have issued a new warning about a large-scale phishing attack targeting Gmail users worldwide. Researchers at Check Point have uncovered the threat, which uses fake Gmail accounts to send emails impersonating well-known companies. These fraudulent messages claim recipients have violated copyright laws on their social media accounts, urging them to take immediate action. 

The goal of these emails is to trick victims into downloading attachments laced with the Rhadamanthys Stealer malware. Once installed, this malware infiltrates systems to steal sensitive personal data. The attackers’ strategy is both sophisticated and alarming. They create convincing fake Gmail accounts and customize emails to appear as if they are from legitimate organizations. Victims are informed of supposed copyright violations and pressured to resolve the issue by downloading attached files. 

However, clicking on these files triggers the malware’s installation, granting hackers access to a victim’s computer. The malware operates silently, collecting private information such as login credentials and other sensitive data without the user’s knowledge. The phishing campaign has already reached a global audience, targeting users in Europe, Asia, and the United States. Check Point highlights the staggering scale of the operation, noting that nearly 70% of the impersonated companies belong to the entertainment, media, technology, and software industries. This wide range of targets makes the attack more challenging to detect and stop. 

The campaign leverages people’s trust in established companies and creates urgency, making victims more likely to fall for the scam. One of the most concerning aspects of the attack is the advanced capabilities of the Rhadamanthys Stealer malware. This sophisticated program is specifically designed to evade detection by traditional security measures. Once installed, it can extract a variety of data from the infected system, including passwords, financial information, and personal files. The malware’s ability to operate covertly increases the risk for users who are unaware that their devices have been compromised. 

Experts stress the importance of vigilance in protecting against this type of phishing attack. Email users should carefully verify the sender’s identity and be cautious of messages that create a sense of urgency or demand immediate action. Legitimate organizations rarely use generic Gmail accounts to contact users, and they typically do not send unsolicited attachments or links. Users should also avoid downloading files or clicking on links from unknown sources, as these actions can initiate malware installation. 

Keeping antivirus software up to date is another critical step in preventing infections. Modern security programs are designed to detect and block malicious files like those associated with Rhadamanthys Stealer. Additionally, users are encouraged to report any suspicious emails to their email providers, which can help prevent further spread of such attacks. By staying informed and adopting safe online practices, individuals can reduce their vulnerability to these increasingly sophisticated phishing campaigns.
Read more »
Technology Updates
Accounts Cybercrime. Cybercriminal. Cyberthreats Cyberhackers Gmail Privacy Technology Updates

Gmail Under Attack: Secure a Backup Account

 


Having access to a Gmail account in the present world is rather dangerous because hackers create new ways of penetrating the account, even if it at times employs a 2FA security feature. While methods like passkey sign-ins and secure browsing have been adopted by Google, risks like session cookie theft remain a reality. Google Chrome users may encounter a pop-up alert stating, “Your password was exposed in a non-Google data breach” in their web browser. This alert notifies users of recent security breaches that may have compromised their account passwords. 

With 2.5 billion active users, Gmail is a prominent target for hackers aiming to compromise accounts and access sensitive information. Reports of sophisticated cyberattacks, including session cookie theft and two-factor authentication (2FA) bypassing, are rising. To safeguard email security, users are advised to consider proactive measures, such as setting up a secondary Gmail account, as waiting to act may increase vulnerability to 2FA-bypass attacks. For many, the risk of account compromise is a growing concern, as hackers employ session cookie-stealing tactics to bypass even the most robust 2FA protections. 

Cybercrime agencies strongly encourage enabling 2FA, yet cybercriminals continue to evolve methods for evading these safeguards. Google has made significant strides in enhancing security through features like secure pass-key sign-in across devices and safe browsing protections for Chrome users. The problem remains that attackers are now leveraging sophisticated tools to penetrate even Google's advanced encryption measures taken to prevent cookie theft, despite Google's efforts to protect its users. 

Even though a secondary Gmail account should not be used directly as a preventative measure against 2FA bypass attacks, it can still serve as a valuable backup in the event of a breach of users' primary Gmail accounts. There have been numerous discussions about this approach among users, such as those on the Gmail subreddit, where some users have shared their experiences of their accounts being compromised despite having 2FA enabled on their accounts. Creating a new Gmail account does not guarantee immunity from attacks, but it is one of the best ways to secure and protect any emails which are important and often irreplaceable. 

For this new account, it is suggested that users use different methods to ensure the maximum level of security. Set up 2FA, as an example, using a standalone authentication app instead of sending an SMS to the same phone number on which 2FA will be activated. As much as possible, link a user's new account to a different device or unique information if possible. Initially, users will have to set up a Gmail account that will allow them to forward their emails to this new account once they are all set up, but once this is done they will automatically receive a copy of their emails sent through their main Gmail account. 

Using this approach, they will be able to access their emails even if anything should happen to their primary email account. As an extra layer of security, consider signing up for Google's Advanced Protection Program to ensure that users' accounts are more secure, adding multiple security layers that make it more difficult for anyone to access the accounts without permission. In the case that a hacker does manage to gain access to a customer's primary Gmail account, having a backup account means that they will have to hack an account separately in case of a breach.

In the unlikely event that something untoward happens, it's a comforting safety net to fall back on. As there are no fees associated with setting up a second Google account, users could set up a second one using Gmail, a free web-based email account. For added security, users should take the following steps: first, sign out from any existing Google accounts, then go to the Google Account sign-in page and click on “Create Account” for added security.

To ensure maximum security, users should consider using a different device for the primary account, so that it will not be compromised if a single point of failure is found. Furthermore, it would be beneficial to choose a second-factor code generator rather than 2FA via SMS, such as an authentication app, which uses a unique code generator to generate users' second-factor code, thereby enhancing the security of their account. 

In conclusion, one of the best ways to further isolate a new account from potentially compromised accounts is to use varied personal information when establishing it. There is no dearth of web-based email platforms, but with Google's free web-based Gmail service, it is incredibly easy to set up separate accounts for each user. It is common for users to lose count of how many different apps they have on their phones, even though they only use two or three of them regularly. 

To ensure that this new account is as secure as possible and less likely to be compromised by a threat actor who succeeded in attacking the original account, either use a password tied to an entirely separate device or use two-factor authentication where users use a standalone app to generate the 2FA code rather than text messaging to the same number they used before. Users should try and fill in as much information as possible when setting up a new account to avoid making it less unique. Once the secondary email account has been established, the next step involves setting up a forwarding rule within the original Gmail account. 

By doing this, users can ensure that a copy of each email is automatically sent to the secondary account, providing a reliable backup in case the primary account is ever compromised. Implementing this backup method is a proactive way to safeguard important information against unexpected events. Although having email forwarding in place adds an extra layer of security, it’s important to note that, even if a malicious actor gains access to the original account, the secondary account remains secure as a standalone entity. Since the two accounts are independent of each other, each would need to be compromised separately for a complete breach to occur. This setup minimizes risks and provides an effective, manageable backup. 

In an era of increasingly sophisticated digital threats, proactively securing Gmail accounts has become a crucial task for individuals and organizations alike. Setting up a secondary account with distinct, robust security measures enhances protection and acts as a safeguard for sensitive data. Users who adopt additional defences—such as two-factor authentication (2FA) and other advanced security practices—are in a far better position to counteract potential cyberattacks. Today’s threat landscape demands a strategic approach to email security, where even the most secure accounts can face risks. Through these proactive steps, individuals create a resilient backup framework, ensuring their data remains accessible and protected regardless of evolving threats.
Read more »
Tycoon
Gmail malware MFA Bypass Microsoft 365 multifactor authentication phishing kit Safety Security Tycoon

'Tycoon' Malware Kit Bypasses Microsoft and Google Multifactor Authentication

 

An emerging phishing kit called "Tycoon 2FA" is gaining widespread use among threat actors, who are employing it to target Microsoft 365 and Gmail email accounts. This kit, discovered by researchers at Sekoia, has been active since at least August and received updates as recent as last month to enhance its evasion techniques against multifactor authentication (MFA).

According to the researchers, Tycoon 2FA is extensively utilized in various phishing campaigns, primarily aimed at harvesting Microsoft 365 session cookies to bypass MFA processes during subsequent logins. The platform has amassed over 1,100 domain names between October 2023 and late February, with distribution facilitated through Telegram channels under different handles such as Tycoon Group, SaaadFridi, and Mr_XaaD.

Operating as a phishing-as-a-service (PhaaS) platform, Tycoon 2FA offers ready-made phishing pages for Microsoft 365 and Gmail accounts, along with attachment templates, starting at $120 for 10 days, with prices varying based on the domain extension. Transactions are conducted via Bitcoin wallets managed by the "Saad Tycoon Group," suspected to be the operator and developer of Tycoon 2FA, with over 1,800 recorded transactions as of mid-March.

The phishing technique employed by Tycoon 2FA involves an adversary-in-the-middle (AitM) approach, utilizing a reverse proxy server to host phishing webpages. This method intercepts user inputs, including MFA tokens, allowing attackers to bypass MFA even if credentials are changed between sessions.

Despite the security enhancements provided by MFA, sophisticated attacks like Tycoon 2FA pose significant threats by exploiting AitM techniques. The ease of use and relatively low cost of Tycoon 2FA make it appealing to threat actors, further compounded by its stealth capabilities that evade detection by security products.

Sekoia researchers outlined a six-stage process used by Tycoon 2FA to execute phishing attacks, including URL redirections, Cloudflare Turnstile challenges, JavaScript execution, and the presentation of fake authentication pages to victims.

The emergence of Tycoon 2FA underscores the evolving landscape of phishing attacks, challenging the effectiveness of traditional MFA methods. However, security experts suggest that certain forms of MFA, such as security keys implementing WebAuthn/FIDO2 standards, offer higher resistance against phishing attempts.

To assist organizations in identifying Tycoon 2FA activities, Sekoia has published a list of indicators of compromise (IoCs) on GitHub, including URLs associated with Tycoon 2FA phishing campaigns.
Read more »
Hacking
2-Step Verification Account security Action Fraud Cyber Crime Facebook Gmail Hacking

Gmail and Facebook Users Advised to Secure Their Accounts Immediately

 



In a recent report by Action Fraud, it has been disclosed that millions of Gmail and Facebook users are at risk of cyberattacks, with Brits losing a staggering £1.3 million to hackers. The data reveals that a concerning 22,530 individuals fell victim to account breaches in the past year alone.

According to Pauline Smith, Head of Action Fraud, the ubiquity of social media and email accounts makes everyone susceptible to fraudulent activities and cyberattacks. As technology advances, detecting fraud becomes increasingly challenging, emphasising the critical need for enhanced security measures.

The report highlights three primary methods exploited by hackers to compromise accounts: on-platform chain hacking, leaked passwords, and phishing. On-platform chain hacking involves cybercriminals seizing control of one account to infiltrate others. Additionally, leaked passwords from data breaches pose a significant threat to account security.

To safeguard against such threats, Action Fraud recommends adopting robust security practices. Firstly, users are advised to create strong and unique passwords for each of their email and social media accounts. One effective method suggested is combining three random words that hold personal significance, balancing memorability with security.

Moreover, implementing 2-Step Verification (2SV) adds an extra layer of protection to accounts. With 2SV, users are prompted to provide additional verification, such as a code sent to their phone, when logging in from a new device or making significant changes to account settings. This additional step fortifies account security, mitigating the risk of unauthorised access even if passwords are compromised.

Recognizing the signs of phishing scams is also crucial in preventing account breaches. Users should remain vigilant for indicators such as spelling errors, urgent requests for information, and suspicious inquiries. By staying informed and cautious, individuals can reduce their vulnerability to cyber threats.

In response to the escalating concerns, tech giants like Google have implemented measures to enhance password security. Features such as password security alerts notify users of compromised, weak, or reused passwords, empowering them to take proactive steps to safeguard their accounts.

The prevalence of online account breaches demands users to stay on their tiptoes when it comes to online security. By adopting best practices such as creating strong passwords, enabling 2-Step Verification, and recognizing phishing attempts, users can safeguard their personal information and financial assets from malicious actors.



Read more »
User Privacy
2FA Data Breach Digital Age Gmail Google Google Apps Google Photos User Privacy

Safeguard Your Data: Google's Data Purge Approaches

Google just announced that the time is running out on a massive cleanup of defunct Gmail accounts and content from Google Photos, which is scheduled to start on December 1. Many consumers can be taken aback by this action, which is intended to manage and streamline user data. Take quick action to make sure your important data isn't lost in the cleanse.

The data purge involves Google identifying and deleting data from accounts that have been inactive for an extended period. This includes Gmail messages, attachments, and Google Photos content. The goal is to free up storage space and enhance overall system efficiency.

Several major news outlets, including Forbes, CBS News, Business Insider, and Yahoo News, have covered this impending data purge, emphasizing the urgency for users to safeguard their digital assets.

Google's initiative raises concerns for users who may have overlooked the significance of their inactive accounts. If you've been using Gmail or Google Photos but have not actively engaged with these services, now is the time to reassess and secure your data.

To prevent the loss of your digital memories and crucial information, follow these steps:
  • Access Your Accounts: Log in to your Gmail and Google Photos accounts to ensure they are active and accessible. This alone can exempt your data from the impending purge.
  • Review and Save Important Data: Take the opportunity to review your emails and photos. Save any crucial information or memorable moments to a secure location, such as an external hard drive or cloud storage.
  • Update Account Information: Confirm that your account recovery information, including your phone number and email address, is up to date. This ensures you can recover your account if needed.
  • Enable Two-Factor Authentication: Strengthen the security of your Google accounts by enabling two-factor authentication. This adds an extra layer of protection, making it harder for unauthorized individuals to access your data.
These preventative measures will help you get through Google's data purge without losing important information. We need to be aware of any developments that could affect our digital assets since we are depending more and more on digital platforms to store and share our memories and information. To secure your data before it's too late, take action right away.


Read more »
Youtune
Artificial Intelligence Brad Chatbot Cyberattacks CyberCrime Cybersecurity Documents Gmail Technology Youtune

Google's Chatbot Bard Aims for the Top, Targeting YouTube and Search Domains

 


There has been a lot of excitement surrounding Google's AI chatbot Bard - a competitor to OpenAI's ChatGPT, which is set to become "more widely available to the public in the coming weeks." However, at least one expert has pointed out that in its demo, Bard made a factual error. 

As a result of the AI competition between Google and OpenAI, the Microsoft-backed company that created ChatGPT and provides artificial intelligence services for its products, Google has now integrated its chatbot Bard into apps like YouTube, Gmail and Drive, according to a company announcement, published Tuesday. 

In New York, a Google executive said on Thursday at the Reuters NEXT conference that the company's experimental chatbot Bard represents a path to the development of another product that will reach two billion users. In an interview with TechCrunch, Google's Product Lead Jack Krawczyk commented that Bard has laid the foundation for Google to attract even more customers with the help of its artificial intelligence feature, which enables consumers to brainstorm and get information using new artificial intelligence. 

It is possible, for instance, to ask Bard to plan a trip for an upcoming date, complete with flight options and your choice of airline. Users could also ask the tool to summarize meeting notes that have been made in Google Drive documents that they have recently uploaded. Several improvements will be made to Bard this coming Tuesday, including connections to Google's other services. 

The chatbot is also capable of communicating with users in various languages, with the ability to perform a variety of fact-checking functions as well as a broader upgrade to the larger language model that is the foundation of the tool. Google's Bard has been improving its features for nearly six months after it was first introduced to the public, marking the biggest update to the program in that period. 

Among the tech giants, Google, Microsoft, and ChatGPT creator OpenAI are racing against one another, as they roll out increasingly sophisticated consumer-facing artificial intelligence technologies, and they hope to convince users of their value as more than just a gimmick to them.

It is now believed that Google, which recently issued an internal code red when OpenAI beat it to the release of its artificial intelligence chatbot, is using its other widely used software programs to make Bard more useful as a result of the code red. It’s relatively unknown that Bard has received the same amount of attention as ChatGPT. 

According to data from Similarweb, a company that analyzes data for companies, ChatGPT had nearly 1.5 billion desktop and mobile visits in August, substantially more than Google’s A.I. tool and other competitors, which had just 50 million visits. Bard recorded just under 200 million desktop and mobile internet visits throughout August, while ChatGPT by OpenAI also registered 200 million visits during the same period. 

In an interview, Jack Krawczyk, Google's product lead for Bard, stated that Google was aware of the limitations that had caused the chatbot to not appeal to as many people as it should have. Users had told Mr. Krawczyk that the product was neat and novel, but that it did not integrate very well with their personal lives. 

Earlier this month, Google released what it called Bard Extensions, which is an extension of the ChatGPT plug-in that OpenAI announced in March, which allows ChatGPT to work with updated information provided by third-party companies such as Expedia, Instacart, and OpenTable, their own web services and voice apps. 

As a result of the new updates, Google is going to be trying to replicate some of the search engine's capabilities by including Flights, Hotels, and Maps, so users can conduct travel and transportation research using Google's search engine. In addition, Bard may be closer to becoming a more personalized assistant for its users, where they can ask which emails they missed and which points in a document are of most importance to them. 

With the help of Google's large language model, an artificial intelligence algorithm trained on vast amounts of data, Bard had been able to assist students with writing drafts of essays or planning their friend's baby showers. 

As a result of these new extensions, Bard will now draw information from a host of Google services, as well. Now, Bard will be able to retrieve information from YouTube, Google Maps, Flights, and Hotels as well. According to Google, Bard can be accessed through several other services and ask the service for things like "Show me how to write a good man speech and show me YouTube videos about it for inspiration," or suggestions for travel, complete with driving directions, etc.

The Bard extensions can be disabled by the user at any moment by choosing to do so. It is also possible for users to link their Gmail, Docs and Google Drive accounts with Bard to the tool so that it will be able to help them analyze and manage their data. 

For instance, the tool might be able to help with queries such as: "Find the most recent lease agreement in my Drive and calculate how much my security deposit was," Google said in a statement. In a statement, the firm listed that the company will not use users' personal Google Workspace information to train Bard or to serve targeted advertising to users and that users can withdraw their permission at any time in case they do not want it to access their personal information. 

By giving Bard access to a wealth of personal information as well as popular services such as Gmail, Google Maps, and YouTube, Bard is, in theory, making itself even more helpful for its users and gaining their confidence as a result. Using Bard, Google posits that a person planning a group trip to the Grand Canyon may be able to get the dates that suit everyone, get flight and hotel options, provide directions based on Maps, and also take advantage of videos with a variety of useful information available on YouTube.
Read more »
Privacy
Android Artifical Inteligence Business CSE Gmail Google Google Workspace HTML iOS Mobile Privacy

Mobile Privacy Milestone: Gmail Introduces Client-Side Encryption for Android and iOS

 


Encryption is one of the most important mechanisms for protecting data exchanged between individuals, especially when the information exchange occurs over e-mail and is quite sensitive. As a result, it can be complicated for users to be able to achieve this when they use public resources such as the internet. 

Now that Gmail has added client-side encryption to its mobile platform, users may feel safer when sending emails with Gmail on their mobile devices. Earlier this year, Google announced that it would be supporting Android and iOS mobile devices with client-side encryption in Gmail too. 

Using Google's client-side encryption (CSE) feature, which gives users more control over encryption keys and data access, Gmail can now be used on Android and iOS devices, as well as web browsers. In the past few months, Gmail's web version has been upgraded to support client-side encryption. This app lets users read and write encrypted emails directly from their smartphones and tablets. 

In addition to the Education Plus and Enterprise Plus editions of Google Workspace, the Education Standard edition also offers the feature. Workspace editions that don't support client-side encryption, such as Essentials, Business Starter, Business Standard Plus, Business Pro Plus, etc., do not support client-side encryption. 

Furthermore, users who have personal Google accounts are not able to access it. For those using email via desktop through Gmail, client-side encryption will be available at the end of 2022 on a trial basis. Workspace users with a subscription to Enterprise Plus, Education Plus, or Education Standard were the only ones able to take advantage of this feature at that time. 

Client-side encryption also prevented certain features from working, including the multi-send mode, signatures, and Smart Compose, which all functioned properly when using client-side encryption. A more robust version of the feature has been added to the Google Play Store since then. 

The company added the capability to allow users to see contacts even if they are unable to exchange encrypted emails so that they can keep in touch. There is also a security alert that appears in Google Mail when users receive attachments that are suspicious or that cannot be opened because of security concerns. 

While client-side encryption will now be available under the Enterprise Plus, Education Plus, and Education Standard Workspace accounts shortly, it has remained relatively exclusive. This type of Workspace account will also be the only kind of account that will be able to take advantage of the mobile rollout of client-side encryption. 

By using the S/MIME protocol, Google said that it will allow its users to encrypt and digitally sign their emails before sending them to Google servers so that they adhere to compliance and regulatory requirements. This feature lets users access and work with your most sensitive data from anywhere with their mobile devices. 

The blue lock icon present in the subject field of Gmail for Android or iOS users allows them to enable client-side encryption while they are writing a Gmail email for Android or iOS devices. Administrators will, however, have to enable access to the feature through their CSE administration interface, as it is disabled by default. 

During the past week, the search giant celebrated its 25th anniversary by letting teens (age 13 and above) try out its generative search service. The company also announced a new tool called Google-Extended that would enable website administrators to control how Google's Bard AI can be trained on their content. It allows website administrators to control whether or not Google can access their content. 

In addition to pulling the plug on Gmail's basic HTML version, which used to support legacy browsers and users with slow connections and could be used to support legacy browsers, Google will also drop the automatic loading of Gmail's Basic view, instead loading the Standard view by default early next year. Customers who are using Google Workspace Enterprise Plus, Education Plus, and Education Standard will be able to take advantage of this feature. 
Read more »
User Privacy
AI Platform Artifical Intelligence Bard Al-chatbot Cyber Security Gmail Google Google Bard Google Maps Tech Tool User Privacy

Google's Bard AI Revolutionizes User Experience

Google's Bard AI has advanced significantly in a recent upgrade by integrating with well-known programs like Google Drive, Gmail, YouTube, Maps, and more. Through the provision of a smooth and intelligent experience, this activity is positioned to change user interactions with these platforms.

According to the official announcement from Google, the Bard AI's integration with these applications aims to enhance productivity and convenience for users across the globe. By leveraging the power of artificial intelligence, Google intends to streamline tasks, making them more intuitive and efficient.

One of the key features of this integration is Bard's ability to generate contextually relevant suggestions within Gmail. This means that as users compose emails, Bard will offer intelligent prompts to help them craft their messages more effectively. This is expected to be a game-changer for both personal and professional communication, saving users valuable time and effort.

Furthermore, Bard's integration with Google Maps promises to revolutionize how we navigate our surroundings. By understanding user queries in natural language, Bard can provide more accurate and personalized recommendations for places of interest, directions, and local services. This development is set to redefine the way we interact with maps and location-based services.

The integration with YouTube opens up exciting possibilities for content creators and viewers alike. Bard can now offer intelligent suggestions for video titles, descriptions, and tags, making the process of uploading and discovering content more efficient. This is expected to have a positive impact on the overall user experience on the platform.

In a statement, Google highlighted the potential of this integration, stating, "We believe that by integrating Bard with these popular applications, we're not only making them more intelligent but also more user-centric. It's about simplifying tasks and providing users with a more personalized and efficient experience."

This move by Google has garnered attention and positive feedback from tech enthusiasts and industry experts alike. As Bard continues to evolve and expand its capabilities, it's clear that the future of human-computer interaction is getting closer than ever before.

Enhancing user experience has advanced significantly with Google's Bard AI integration with programs like Gmail, Google Maps, YouTube, and more. Bard is poised to transform how we connect with these platforms by providing intelligent suggestions and individualized interactions that focus on the needs of the user.
Read more »
Zero Trust
2FA Artificial Intelligence Blogger Cyber Security Forbes Gmail Google Workspace Two Factor Authentication Unauthorized access Zero Trust

Google Urges Gmail Users Set Up 2FA for Enhanced Security

Google recently issued a stern recommendation to its Gmail users asking them to use Two-Factor Authentication (2FA) as a crucial step to safeguard their accounts in an effort to strengthen user security. The new security alert system from the IT giant emphasizes the significance of this step and the requirement for increased account security in an increasingly digital world.

Google's most recent project aims to give Gmail users a better defense against security threats. According to a Forbes article, the organization is actively warning its user base about serious security issues and enjoining them to adopt security measures that might considerably lower the chance of illegal access to their accounts.

The importance of 2FA cannot be overstated. By requiring users to provide two distinct forms of identification – typically a password and a secondary verification method, such as a mobile authentication code – 2FA adds an extra layer of security that is difficult for attackers to breach. Even if a hacker obtains a user's password, they would still need the second factor to gain access, making it significantly harder for unauthorized individuals to infiltrate accounts.

This news supports Google's ongoing initiatives to advance digital sovereignty and a zero-trust approach to identification and security. Google expanded its commitment to advancing zero-trust principles and digital sovereignty through AI-powered solutions in a blog post that was posted oitsir official Workspace Updates page. This action demonstrates Google's commitment to fostering a secure online environment for its users, supported by cutting-edge technology and strong security measures.

The need to emphasize cybersecurity has never been more pressing as people increasingly rely on digital platforms for communication, commerce, and personal connections. More sophisticated cyberattacks and data breaches are hitting both people and businesses. In this regard, Google's proactive approach in warning users about security problems and advising specific steps is laudable and represents the company's dedication to protecting its customers' digital lives.
Read more »
Subscribe to: Posts (Atom)