Search This Blog

Showing posts with label Google. Show all posts

The Challenges with Passkeys: Addressing Limitations

Passkeys have become a popular method for authentication, offering an alternative to traditional passwords. However, despite their advantages, there are several key issues that need to be addressed. This article explores the problems associated with passkeys and the need for further improvements in authentication methods.

Passkeys, often referred to as passwordless authentication, aim to provide a more convenient and secure way to access accounts and devices. Unlike passwords, which can be forgotten, stolen, or easily guessed, passkeys utilize unique characteristics of the user's device, such as biometrics or hardware-based keys, to grant access.

One of the primary concerns with passkeys is their reliance on specific devices or platforms. For instance, a passkey that works on an Android device might not be compatible with an iOS device or a different operating system. This lack of cross-platform compatibility limits the usability and convenience of passkeys, as users may need multiple passkeys for different devices or services.

Additionally, passkeys are vulnerable to potential security risks. While they eliminate the need for passwords, which are often weak and prone to hacking, passkeys are not immune to threats. If a passkey is compromised, it could lead to unauthorized access to the associated account or device. Furthermore, if the passkey is stored insecurely, such as in the cloud or on an easily accessible device, it could be accessed by malicious actors.

Another challenge is the adoption and support of passkeys across various platforms and services. Although major tech companies like Google have introduced passkey support, it requires widespread adoption from service providers and developers to offer a seamless experience for users. If passkey support remains limited, users may still need to rely on traditional password-based authentication methods.

To address these issues, further advancements in passkey technology and authentication methods are necessary. First and foremost, there should be greater collaboration between tech companies and service providers to establish standardized protocols for passkey implementation. This would enable interoperability across different platforms, making passkeys more accessible and user-friendly.

Enhancing the security of passkeys is also critical. Additional layers of protection, such as multi-factor authentication, can be integrated with passkeys to add an extra level of security. This could include biometric verification, device attestation, or behavioral analysis to ensure the legitimacy of the user.

Furthermore, educating users about the importance of passkey security and best practices is crucial. Users need to understand the risks associated with passkeys and be encouraged to store them securely, preferably using hardware-based solutions or secure vaults.

OpenAI, the Maker of ChatGPT, Does not intend to Leave the European Market

 


According to the sources, the CEO of OpenAI, manager of ChatGPT, and creator of artificial intelligence technology, Sam Altman, in the past, has publicly favored regulations on AI technology development. However, more recently, he has indicated that he opposes overregulation of this technology. Reports indicate that Altman, who led Microsoft's AI research initiative, has stated that his company may leave the European Union (EU) if it can not comply with the EU rules. There has been a sudden change of heart by the top executive about his threat to leave the region in the recent past. 

In a conversation on Friday, Altman retracted a statement saying that the company might leave Europe if pending laws concerning artificial intelligence make it too difficult to comply with them. This is in response to a threat earlier in the week that OpenAI might leave the region. 

Currently, the European Union is working on the first global set of rules governing artificial intelligence. Altman on Wednesday dubbed the current draft of the EU Artificial Intelligence Act over-regulatory and “over-regulated." 

In terms of regulating artificial intelligence globally to ensure a set of rules is established, the European Union is well on its way.

Furthermore, this action by the EU is in tandem with the advocacy of OpenAI, the ChatGPT development company. This company has sought regulation of 'superintelligent' artificial intelligence. Guardian reports that the IAE has the power to prevent humanity from accidentally creating something that can destroy it if not controlled correctly. As a result, the IAE needs to act as the equivalent of the IAE. 

It is proposed that these laws would require generative AI companies to disclose copies of the content used to train their systems. This would enable them to create text and images protected by copyright. 

AI companies want to imitate performers, actors, musicians, and artists. This is to train their systems to act as though they perform the work of those individuals. 

According to Time Magazine, Mr. Altman is concerned that if OpenAI complied with the AI Act's safety and transparency restrictions, it would be technically impossible to comply. 

Rules for AI in the EU 

A set of rules for artificial intelligence in the EU has already been developed. It is estimated that within the next few years, a significant amount of copyrighted material will have been used to develop the algorithms deployed by companies, such as ChatGPT and Google's Bard, as it is determined by these regulations. 

A draft of the bill has already been drafted and approved by EU officials earlier this month, and it will be discussed by representatives of the European Parliament, the Council of the European Union, and the European Commission to finalize the details for it to be enacted into law. 

It has been reported that Google CEO Sundar Pichai has also met with European Commission officials to discuss AI regulation. According to reports, he is working with legislators in Europe to develop a voluntary set of rules or standards. This will serve as a stopgap set of guidelines or standards while AI innovation continues in Europe. 

There has been a lot of excitement and alarm around chatbots powered by artificial intelligence (AI) since Microsoft launched ChatGPT, a powerful chatbot powered by AI. Its potential has provoked excitement and concern, but it has also caused conflict with regulations around AI applications.

OpenAI CEO Sam Altman irritated EU officials in London when he told reporters that if any future regulations forced OpenAI to stop operating in the bloc because they were too tight, it might have to cease operations. 

In March, the OpenAI app was shut down by Italian data regulator Garante. Garante accused OpenAI of violating EU privacy rules, leading to a clash between OpenAI and its regulators. After instituting enhanced privacy measures for users, ChatGPT has returned online and continues to serve its customers. 

In a blitz against Google, Microsoft also made several announcements like this the following month. It announced that it would spend billions of dollars supporting OpenAI and use its technology in a variety of its products.

In recent weeks, New York-based Altman, 38, has been greeted rapturously with rapturous welcomes from leaders across the globe, such as Nigerian leaders and London politicians. 

Despite that, Thierry Breton, the bloc's industry commissioner, found his remarks on the AI Act, a regulation aimed at preventing invasive surveillance and other technologies from causing people to fear for their safety, frustrating. 

In a recent statement, OpenAI said it would award ten grants of equal value from a fund of $1 million. This was to measure the governance of AI software. Altman described it as "the process of democratically determining AI systems' behavior. 

On Wednesday, Mr. Altman attended a University College London event. He stressed that he was optimistic AI would lead to increased job creation and decreased inequality across the world.

Several meetings took place between him and Prime Minister Rishi Sunak, along with DeepMind and Anthropic AI heads. These meetings were to discuss the risks of artificial intelligence - from disinformation to national security to "existential threats" - as well as the voluntary actions and regulatory framework needed to address these risks. Some experts are concerned that super-intelligent AI systems may threaten mankind's existence. 

To implement a 'generative' Large Learning Model (LLM) system, massive sets of data are analyzed and generated to create resources.

If the law is put into effect, companies like OpenAI will be required to reveal the types of copyrighted materials they used to train their artificial intelligence systems. This is so they can produce text and images. 

According to the proposed legislation, facial recognition in public places and predictive policing tools may also be prohibited under an updated set of regulations. 

ChatGPT, backed by Microsoft, was introduced late last year and since then has grown exponentially, reaching 100 million users monthly in a matter of weeks. It is the fastest-growing consumer application in history. 

As part of its commitment to integrate OpenAI technology into all of its products, Microsoft acquired a 13 billion dollar stake in the company in 2019. 

As a result of a clash with European regulator Garante in March, OpenAI first faced regulators during its domestic launch. The company was accused of flouting data privacy rules in Europe. In an updated privacy measure, ChatGPT has committed to users' privacy and restored the chat service.

Companies May Now Prepare for a Shorter TLS Certificate Lifespans


Google put forth a proposal on March 3 to substantially reduce the Transport Layer Security (TLS) digital certificate's validity period from 398 days to 90 days. Apparently, this will lead to a lot of changes in how businesses manage their certificates, especially when it comes to automated processes.

The proposal made by the open-source organization that created the Google Chrome browser and Chrome OS, which is outlined in a road map titled "Moving Forward, Together," is a step forward toward assuring more dependable, resilient Web operations. However, it will require organizations to transform their certification processes.

Current State of Digital Certificate 

Over the past years, digital certificates' lifespan has decreased drastically, from five years in 2012 to just over two years in 2018 to 13 months, or 398 days, in July 2020. Particularly in a cloud-based computing environment where websites and services are continuously spun up and down to accommodate shifting needs and priorities, shorter lifespans assist in assuring the legitimacy of digital identities.

According to Google, the changes proposed will speed up the adoption of new features, such as best practices and additional security capabilities, and encourage businesses to abandon manual methods, that are filled with errors. Automation as a result would better prepare businesses for the onset of post-quantum cryptography.

A Wake-up Call for Certificate Monitoring

The Chromium Projects' proposal to the CA/Browser Forum, a grouping of certification authorities (CA), browser manufacturers, and others, would most likely go into force by the end of 2024 if it were to be accepted. The likelihood of a significantly shorter lifespan should act as a wake-up call for organizations, even though the changes are not final. The suggestion is unmistakable evidence that the rules of the game have changed, thus they need to have more control and visibility over their public keys and certificates.

Years ago, teams could obtain a certificate for something like a Web server and then essentially forget about it because certificates had a five-year lifespan. They never established a system for determining when certificates needed to be renewed or checked to see if they were about to expire, which might result in disruptions connected to certificates. Teams were eventually able to establish a routine and check for certificate expirations regularly thanks to the eventual reduction of certificate life to 398 days.

The visibility of TLS (also known as Secure Sockets Layer or SSL) certificates is crucial as businesses grow in the cloud. Additionally, teams need help managing the layered, increasingly complicated environments on the cloud. With the new validity period under consideration, the focus is now on automating the procedure.

The complete impact of Chromium Projects’ proposal is yet to be defined. It appears that there are a few unresolved issues, such as whether it may apply to the Internet of Things devices, such as, for instance, security cameras that also require certificates, or if it is restricted to simply Web servers.

Regardless of the outcome of the plan, it captures the realities of the current environment. While a shorter certificate lifespan is beneficial, businesses will need to reconsider how they will manage them effectively.  

Google Launches Next-Gen Large Language Model, PaLM 2

Google has launched its latest large language model, PaLM 2, in a bid to regain its position as a leader in artificial intelligence. PaLM 2 is an advanced language model that can understand the nuances of human language and generate responses that are both accurate and natural-sounding.

The new model is based on a transformer architecture, which is a type of deep learning neural network that excels at understanding the relationships between words and phrases in a language. PaLM 2 is trained on a massive dataset of language, which enables it to learn from a diverse range of sources and improve its accuracy and comprehension over time.

PaLM 2 has several features that set it apart from previous language models. One of these is its ability to learn from multiple sources simultaneously, which allows it to understand a broader range of language than previous models. It can also generate more diverse and natural-sounding responses, making it ideal for applications such as chatbots and virtual assistants.

Google has already begun using PaLM 2 in its products and services, such as Google Search and Google Assistant. The model has also been made available to developers through Google Cloud AI, allowing them to build more advanced applications and services that can understand and respond to human language more accurately.

The launch of PaLM 2 is significant for Google, as it comes at a time when the company is facing increased competition from other tech giants such as Microsoft and OpenAI. Both of these companies have recently launched large language models of their own, which are also based on transformer architectures.

Google hopes that PaLM 2 will help it to regain its position as a leader in AI research and development. The company has invested heavily in machine learning and natural language processing over the years, and PaLM 2 is a testament to its ongoing commitment to these fields.

In conclusion, Google's PaLM 2 is an advanced language model that has the potential to revolutionize the way we interact with technology. Its ability to understand and respond to human language more accurately and naturally is a significant step forward in the development of AI, and it will be exciting to see how developers and businesses leverage this technology to build more advanced applications and services.


Google's Search Engine Received AI Updates

 


Microsoft integrated GPT-4 into Bing earlier this year, complementing the previous development. Google's CEO, Sundar Pichai, recently announced that the company would completely reimagine how all of its core products, including search, are implemented. To ensure the success of this system, only a limited number of users will be able to use it while it is still in an experimental phase. 

With advances in artificial intelligence, Alphabet Inc (GOOGL.O) is rolling out some new features to its core search engine so that it can capture some of the consumer excitement generated recently by Microsoft Corp (MSFT.O) upgrading its rival search engine, Bing. 

This week, Google, at its annual developer conference in Mountain View, California, announced that it would offer a new version of its name-brand search engine. With the Search Generative Experience, Google has reinvented the way it responds to inquiries by allowing users to create their responses without sacrificing a list of links to Web sites that people know. 

Three months ago, Microsoft's Bing search engine began incorporating technology similar to the one that powers ChatGPT into its search engine, which is gradually changing Google's search engine's operation. 

It has been 16 years since Apple released the first iPhone. Despite ten years passing, the AI chatbot has become one of Silicon Valley's biggest buzz items. 

This previously unavailable product, which relies upon generative AI technology, which also powers ChatGPT, has been available exclusively to people on a waitlist who have been accepted for the service. 

As of this summer,  a capability for “unknown tracker alerts” is expected to be available. A few days ago, Apple and Google announced that they were going to work on resolving the problem together, leading to the development of this matter. Apple was sued by two women for stalking in the previous year after the women complained that AirTag was being used against them. 

Google announced the announcement at its annual developer conference. The tech giant demonstrated the latest advancements in artificial intelligence as well as available new hardware products. There was also an announcement that they are adding the ability to open and close a phone like a book for $1,799 (£1,425). 

A few months ago, OpenAI, a Silicon Valley startup, introduced the darling chatbot of Silicon Valley, ChatGPT. This soon sparked furious competition among competitors for funding supplies. Google's foray into generative artificial intelligence comes following OpenAI's ChatGPT. Using AI legacy data, it is possible to create original content such as text, images, and software codes using the generational AI engine. 

In the last few years, open AI, which has received billions of dollars from Microsoft and is now integrated into Bing search, has become the premier option for users who want generative AI, which can generate term papers, contracts, itinerary details, and even novels from scratch.

In recent years, Google has become the most powerful portal to the internet over the past few years, but as rivals have taken advantage of the technology, Google had to step back. There is a lot at stake here, especially for Google's share of what is estimated this year to be a staggering $286 billion pie in the huge world of online advertising. 

Since Microsoft launched its chatbot ChatGPT, Google has been under pressure to improve its artificial intelligence offerings due to its success. As a result of Bard's incorrect response, Google's previous attempts to demonstrate its expertise in the field failed to demonstrate its competence as a whole. Microsoft has invested a lot in OpenAI, which is the technology behind ChatGPT. It uses it to integrate ChatGPT into its search engine, Bing. Baidu, the Chinese tech behemoth, has added another chatbot to its arsenal - one named Ernie - that he intends to use against its competitors. 

Google remains an industry leader, according to Chirag Dekate, an analyst at Gartner and he is confident that the company will be able to take advantage of the renewed interest in artificial intelligence. It remains to be seen, however, whether Google can dominate the AI wars anytime soon.

Google is Phasing Out Passwords and Adopting Passkeys: Here's What You Should Know

 

Users will soon be able to log in to their Google accounts without ever having to remember a single password again, according to the firm.

Instead, Google is betting big on passkeys, which are cryptographic keys kept on your device with zero information - you don't even know what they are. They enable you to access specific accounts without using a password; all you have to do is authenticate using your device's PIN or saved biometric data, such as your fingerprint or face. 

Only a few large services, including BestBuy, PayPal, and eBay, already enable their clients to login to their accounts using passkeys, and Google is about to join them. Passkeys are part of the FIDO alliance, which establishes technological and social standards for them. All of the main tech companies are members of the alliance, including Apple, Amazon, Google, and Meta.

They are said to be safer because they are resistant to phishing and more convenient because the user does not have to remember anything. Traditional 2FA methods are likewise obsolete. The biometric information you use to authenticate is also not shared with Google or any other third party. 

Once you've added a passkey, you'll be prompted to use it to access your Google account, as well as to confirm your identity if any unusual activity is discovered. They are compatible with iOS 16 and Android 9 devices and can be shared with other devices such as by using Apple's iCloud, or a compatible password manager such as 1password or Dashlane.

There is also the option to utilize a passkey from a device other than your own, allowing you to log in using a one-time passkey that will not transfer to your own device. Google advises against creating passkeys on shared devices since any other user can access your Google account. 

Passkeys can also be canceled if users think that someone else is using them to access their accounts or if they misplace the device on which they are kept. Passkeys can also be used instead of physical security keys for members of Google's Advanced Protection Program. 

Google account holders can continue to use their passwords if they like, and it will likely be some time before Google switches entirely to passkeys, as mainstream adoption is still a long way off. 

“We’re thrilled with Google’s announcement today as it dramatically moves the needle on passkey adoption due both to Google’s size, and to the breadth of the actual implementation — which essentially enables any Google account holder to use passkeys,” said Andrew Shikiar, executive director of FIDO Alliance. 

He added, “I also think that this implementation will serve as a great example for other service providers and stands to be a tipping point for the accelerated adoption of passkeys.”

Google Play Blocked 1.43 Million Malicious Apps in 2022

Google Play store is a very popular app downloader for Android devices because of the heavy presence of people on this store, for reasons alike it has often been targeted by cybercriminals who create malicious apps that are designed to harm users’ devices, steal their sensitive credentials and exploit vulnerabilities. And, because of this, customers of the play store often raise questions about cybersecurity measures however, Google has taken various major steps in the past to combat this problem. 

Under recent security features and app review processes the company successfully blocked 1.43 million fake malicious apps from being published to the Play Store in 2022. Furthermore, the company disclosed that it has also banned 173,000 malicious accounts and warded off over $2 billion in fraudulent and abusive transactions through developer-facing features like Obfuscated Account ID, Voided Purchases API, and Play Integrity API. 

Google also issued additional security requirements for developers who are looking to join the Play Store ecosystem including developers' email and phone verification. The addition of identity verification methods contributed to a reduction in accounts used to publish apps that go against its policies, Google pointed out. 

Google also tied up with California-based tech giant software development kit (SDK) providers to launch the Google Play SDK Index to assist developers assess an SDK’s reliability and safety. 

Along with this, the company updated its ad policy for developers to prevent fake ads on its Play Store and has been reaching out to developers to educate them about security practices. As per the data, over the past three years, the company prevented around 500,000 submitted apps from unnecessarily accessing sensitive permissions. 

In addition to this, Google has also introduced new license requirements for personal loan apps in some cities in Africa and South Asia such as Kenya, Nigeria, and the Philippines. It also implemented very strict requirements for loan app developers in India to combat fraud. 

The blog post of the company said that these measures have been taken under new and improved security features and policy enhancements, as well as company is continuously investing in machine learning systems and app review processes for further security and innovation.

Google Takes Down Cryptbot Malware Infrastructure

Google has taken down the infrastructure and distribution network linked to the Cryptbot info stealer, a malware that was being used to infect Google Chrome users and steal their data. The move comes after the tech giant filed a lawsuit against those using the malware to carry out illegal activities.

Cryptbot is a type of malware that steals sensitive information from infected devices, including usernames, passwords, and credit card details. The malware is typically spread through phishing emails and malicious websites, and can be difficult to detect and remove once it has infected a device.

Google's lawsuit targets the infrastructure and distribution network behind the Cryptbot malware, with the aim of disrupting its operations and reducing the number of victims. By taking down the infrastructure, Google hopes to make it harder for cybercriminals to distribute the malware and infect new devices.

The move is part of Google's ongoing efforts to protect its users from cyber threats and keep its platform safe and secure. In recent years, the company has invested heavily in developing advanced security measures to detect and prevent malware and other malicious activities.

However, cybercriminals are constantly evolving their tactics and finding new ways to exploit vulnerabilities in systems and software. This means that companies like Google need to stay vigilant and proactive in their efforts to protect their users.

In addition to taking down the Cryptbot infrastructure, Google is also urging Chrome users to take steps to protect themselves from malware and other cyber threats. This includes keeping their software up to date, using strong and unique passwords, and being wary of suspicious emails and websites.

Google's efforts to disrupt the Cryptbot malware operation are an important step in the fight against cybercrime. By targeting the infrastructure and distribution network behind the malware, the company is helping to reduce the number of victims and make the internet a safer place for everyone.

Google Delivers Bumblebee Malware

 


A malware campaign has recently been detected that uses Google ads and SEO poisoning to spread malware. The malware that attacks corporate users is dubbed Bumblebee. It was discovered that Bumblebee, a malware targeted at enterprise users, is distributed via marketing channels like Google Adwords and SEO poisoning that promote popular software applications such as Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. BazarLoader's backdoor is intended to be replaced by this malware. 

A tool called BazarLoader assists users in connecting to networks and gaining access to them. Several leading security organizations have stated that it is often the cause of ransomware attacks. 

It is a constant challenge to stay ahead of the new threats that emerge in cybersecurity regularly. BumbleBee malware is used by ransomware gangs as a tool to gain initial access to networks and carry out attacks. An attempt was made by the Conti team to replace the BazarLoader backdoor with this malware, which was discovered in April 2022, but the backdoor has since been removed. 

There was a recent discovery of a dangerous version of BumbleBee malware. As part of the attack chain, PowerSploit was used to inject reflective DLLs into memory, which was a sneaky and dangerous technique. By doing this, existing antivirus products are not able to detect malware when it is loaded into memory, which makes detection and prevention harder, resulting in malware being able to stay undetected.

A malicious program often comes packaged as an ISO file, which contains a DLL that has a custom loader inside it, bundled inside an ISO file. The malware was dubbed BUMBLEBEE due to its proprietary user agent "Bumblebee," resulting in its unique name. BumbleBee was observed fetching Cobalt Strike Payloads at the time of analysis by Google's Threat Analysis Group (TAG). 

In an ongoing campaign found by Secureworks, researchers there have discovered trojanized versions of popular apps that are being distributed through Google ads to unsuspecting victims who are being infected with the BumbleBee malicious software. These advertisements advertise Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. Using bogus downloads pages, they prompt users to download a Trojanized version of the software after redirecting them to a bogus download page on the internet. 

Google Ads Distribute Malware

In addition, the researchers discovered that a Google advertisement campaign would be used for an upcoming campaign. It has become common practice to use Trojanized versions of popular apps to promote malware loaders to unsuspecting victims through these advertisements. This campaign consisted of a Google advertisement promoting a fake Cisco AnyConnect Secure Mobility Client download page that was marketed by a Google advertisement. 

The page was created on February 16, 2023, under an "appcisco[.]com" domain and hosted on that server. Through this malicious advertisement on Google, the user was taken to an incorrect download page accessed via a compromised WordPress site. There was a fake landing page on the web that promoted an MSI installer that was entitled “cisco-anyconnect-4_9_0195.msi” that installs the malware BumbleBee. 

It is imperative to recognize the risks posed by such campaigns and take appropriate measures to secure the systems and networks affected by them. To detect and prevent such attacks, companies must ensure robust security measures are in place. You must remain vigilant and trained in cybersecurity best practices to protect yourself against these sophisticated attacks.

A cyberattack on Eurocontrol, the European air traffic control organization, did not end at the end of the weekend, as the effects continued until today. According to a report in the Wall Street Journal, the disruptions caused by Russia's KillNet networks did not disrupt flights.      

Google Mandates Easy Account Deletion for Android Apps


Google is implementing a new data policy for Android apps that also includes a setting for account deletion to provide customers with more transparency and control over the data. 

The measure would compel app developers to provide users with in-app deletion options while also allowing them to manage app data online. 

"For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online," says Bethel Otuteye, senior director of product management for Android App Safety. "This web requirement, which you will link in your Data safety form, is especially important so that a user can request account and data deletion without having to reinstall an app." 

The goal, for the developers, is to provide users with an in-app path and web link resource requesting app account deletion and associated data. App developers must delete any data related to a particular account whenever users submit such a request. 

In addition to this, users will be provided with certain alternatives to selectively delete only portions of the data, such as activity history, images, or videos, instead of completely deleting their accounts. 

The decision was made as lawmakers and privacy groups intensified their scrutiny of Apple, Google, and mobile app developers due to concerns that they were profiling, gathering personal user data, and tracking mobile phone users without consent. 

On June 30, 2022, Apple imposed a similar policy for app makers on its App Store. Apple, unlike Google, does not enforce a web-based alternative for users to remove their accounts; instead, it merely needs developers to provide an in-app path for account deletion. 

The announcement by Google on Thursday of related measures to prevent financial loan application apps from accessing mobile phone images, videos, contacts, geolocation information, and call logs aligns with Otuteye's tweet. On May 31, 2023, that regulation came into force. 

Changes May Take Time 

The policy will be enforced globally with a new set of rules from early 2024, Otuteye said. The first step, she says, will require developers to fill out a data deletion form provided by Google by December 7. The developer appeals for more time and can extend the deadline to May 31, 2024. As for now, Google only requires app developers to provide users with the option to request their data deletion.   

Pinduoduo Malware Executed a Dangerous 0-day Exploit Against Millions of Android Devices

 

In accordance with a new report, Pinduoduo, a popular Chinese shopping app, exploited a zero-day vulnerability in the Android operating system to uplift its own privileges, rob personal data from infected endpoints, and install malicious apps. 

 Numerous sources validated the allegations, including cybersecurity firm Kaspersky, which examined "previous versions" of the app that were still being distributed through a Chinese app store and concluded that it exploited a flaw to install backdoors. 

“Some versions of the Pinduoduo app contained malicious code, which exploited known Android vulnerabilities to escalate privileges, download and execute additional malicious modules, some of which also gained access to users’ notifications and files,” Igor Golovin, a Kaspersky security researcher, told Bloomberg.

Google and Android are both not available in China, meaning the Play Store isn’t available there, either. According to ArsTechica, the versions of Pinduoduo available on both the Play Store and the Apple Store are clean. Nonetheless, Google removed it from its app repository last week and advised users to uninstall it if they had it.

According to Bloomberg, the announcement labeled the app "harmful" and alerted users that their data and devices were at risk. PDD, the app's developer, denied any wrongdoing and stated that the apps were clean.

“We strongly reject the speculation and accusation that the Pinduoduo app is malicious from an anonymous researcher,” the company told ArsTechnica in an email. “Google Play informed us on March 21 morning that Pinduoduo APP, among several other apps, was temporarily suspended as the current version is not compliant with Google’s Policy, but has not shared more details. We are communicating with Google for more information.” 

As per Lookout's initial investigation, at least two versions of the app exploited a flaw known as CVE-2023-20963, which was patched about two weeks ago. It's an escalation of privilege flaw that was being exploited before Google made it public.

According to Lookout's Christoph Hebeisen, this is a "very sophisticated attack for an app-based malware. In recent years, exploits have not usually been seen in the context of mass-distributed apps. Given the extremely intrusive nature of such sophisticated app-based malware, this is an important threat mobile users need to protect against.”

Microsoft Conduct an Emergency Fix for the Notorious ‘Acropalypse’ Bug


Recently, Microsoft has acted quickly in patching up the ‘acropalypse’ bug that was discovered earlier this week. The bug could apparently enable information cropped out of images via the Windows screenshot tools to be recovered. 

According to BleepingComputer, Microsoft has now issued an OOB (out-of-band or emergency) update that patches the aforementioned issue, technically named CVE-2023-28303. Microsoft is now urging users to apply the update as soon as possible. 

Furthermore, the update is not difficult to apply. All that the user has to do is click the Library icon in Microsoft Store, then pick Get updates (top right). Doing so will enable the patch to be applied if it has not already been installed automatically. 

Carry on Cropping 

The acropalypse bug shares some similarities with the vulnerability that targeted the Markup feature on Google Pixel phones, i.e. images and screenshots cropped in the Windows 11 Snipping Tool and the Windows 10 Snip and Sketch tool could well be compromised. 

The CVE-2023-28303 bug signifies that parts of a PNG or JPEG image that has been cropped out are not completely removed from the file after it is saved again. These cropped sections could include a variety of sensitive information, like bank account credentials or medical records. 

Moreover, it is important to note that applying the patch would not be able to fix any file that has already been cropped and exploited. It will only be applied to the ones that will be edited in the future. Users must re-crop any existing images to ensure that the excess parts of the picture have been appropriately removed. 

Analysis: A Quick Fix for a Worrying Bug 

Initially, recovering cropped out part of images may not appear to be a significantly severe security vulnerability- after all, who would care if someone manages to recover some empty sky that you have removed from that one photo from one of your vacations? 

However, there are a lot of reasons that makes cropping is a serious problem, as tech journalists know all too well. One could compromise their personal and important information from these cropped images, like email address, bank account numbers and contact details. Thus, it is well advised to users to cut off any information as such information before sharing it widely over the internet. 

In today’s era, where one shares so many photos with others and on the web at large, it is important from a security perspective that these images do not, in any way, expose more than we want them to, something that was a case of concern with CVE-2023-28303. 

Although, Microsoft has acted quickly to patch the issue, it is still concerning to note that the same bug was being exposed to two completely separated software from both Microsoft and Google in recent days.  

Malvertising Gives Cybercriminals Access to Big Technologies

Malvertising has been a more popular tool employed by cybercriminals in recent years to exploit unsuspecting internet users. When people click on an infected ad, malware is transferred to their computers and mobile devices, which is known as malvertising. Sadly, some contend that Big Tech's corporate policies are facilitating hackers' use of malvertising as a means of infiltrating computer systems.

According to columnist Candice Rivera, "Big Tech's business model is dependent on targeted advertising, which means collecting data on users and their interests to serve them ads. However, this also means that ads can be targeted to specific users based on their vulnerabilities." Cybercriminals are taking advantage of this practice by purchasing ad space and using it to spread malware to specific groups of people.

In a recent article on Security Boulevard, the author suggests that one way to defeat malvertising-based phishing attacks is to 'use ad-blocking software, which can prevent ads from being displayed altogether.' While this may be an effective solution, it does not address the root cause of the problem, which is the business practices of Big Tech companies. 

The use of malvertising has become so widespread that even popular search engines like Google have become vulnerable to attacks. As reported by Ars Technica, "Google recently warned users to be cautious when downloading software from its search engine, as some downloads may contain malware." This highlights the need for users to exercise caution when browsing the internet, even when using well-known and trusted search engines.

CSO Online provides recommendations to internet users to protect themselves from malvertising-based attacks. They suggest keeping the software and operating systems updated, using antivirus software, and installing ad-blocking software. Moreover, it is essential to exercise caution while clicking on links or downloading files from unknown websites.  

While malvertising has become a serious threat to internet users, it is important to recognize the role that Big Tech's business practices play in enabling cyber criminals. As users, we must take responsibility for our own online security and take steps to protect ourselves from these types of attacks. 




Cerebral Admits to Revealing Patient Information to Meta, TikTok, and Google

 

As per TechCrunch, Cerebral, a telehealth startup specialising in mental health, inadvertently shared sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers. Cerebral admits to exposing a slew of patient data with the tracking tools it's been using since October 2019 in a notice posted on the company's website. 

Patient names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatment, and other information are all impacted by the oversight. It is possible that the answers clients provided as part of the mental health self-assessment were exposed on the company's website and app, which patients can use to schedule therapy appointments and receive prescription medication.

Cerebral claims that this data was gathered through the use of tracking pixels, which are pieces of code that Meta, TikTok, and Google allow developers to embed in their apps and websites. For example, the Meta Pixel can gather information about a user's activity on a website or app after clicking an ad on the platform, and it can even keep track of the information a user fills out on an online form. While this allows companies like Cerebral to track how users interact with their ads on various platforms and the actions they take as a result, it also gives Meta, TikTok, and Google access to this data, which they can then use to gain insight into their own users.

Cerebral notes that the exposed information may "vary" from patient to patient depending on a variety of factors such as "what actions individuals took on Cerebral's Platforms, the nature of the services provided by the Subcontractors, the configuration of Tracking Technologies," and more. The company says it will notify affected users and that "regardless of how an individual interacted with Cerebral's platform," no social security numbers, credit card numbers, or bank account information were exposed.
Cerebral says it has "disabled, reconfigured, and/or removed" any tracking pixels on the platform to prevent future exposures and has "enhanced" its "information security policies and technology vetting processes" since discovering the security hole in January.

Cerebral is required by law to report potential HIPAA violations. HIPAA stands for Health Insurance Portability and Accountability Act. This prohibits healthcare providers from disclosing patient information to anyone other than the patient or anyone the patient has given permission to receive health information. The US Office for Civil Rights is currently investigating the breach, which follows similar incidents involving pixel-tracking tools.

An investigation by The Markup last year discovered that some of the nation's top hospitals were sending sensitive patient information to Meta via the company's pixel. Two class-action lawsuits were filed, accusing that Meta and the hospitals in question violated medical privacy laws.

The Markup discovered months later that Meta was able to obtain financial information about users via tracking tools embedded in popular tax services such as H&R Block, TaxAct, and TaxSlayer. Meanwhile, other online medical companies, such as BetterHelp and GoodRx, were fined by the FTC earlier this year for sharing sensitive patient data with third parties.

Cerebral is being investigated by the Department of Justice and the Drug Enforcement Administration for prescribing controlled substances such as Adderall and Xanax, in addition to whether or not it violated HIPAA regulations. It has since stopped prescribing these medications.

Google Announces Drone Delivery Network

 


Network of Wing Delivery Services 

Several companies worldwide have been developing drone technologies designed to improve last-mile delivery by integrating them with ground transportation. Wing's ultimate goal is to create an automated logistics system that moves millions of packages daily to deliver packages to people more efficiently and safely. 

Until now, the industry has been primarily focused on drones themselves. That means it has been designing, testing, and iterating on airplanes, rather than trying to find the best way to utilize an entire fleet to deliver efficiently. The company officials assure us that the way Wing delivers its services is not the same as the way other companies do it. 

According to Wing, the efficiency of drone operations will be improved by operating them as part of a network. As part of the testing of the technology, Wing will deliver up to 1,000 packages per day to Logan, Australia, where the company is testing the technology at scale. 

Additionally, the company has begun experimenting with the delivery of goods using drones in the suburb of Lusk in Dublin. As part of the discussions between the company and the Department for Transport and the Civil Aviation Authority, it said it and other companies were involved. These talks are about establishing regulations to enable goods delivery, using drones in the UK, and approving them.

"Starting with Grocery Delivery" 

In a statement, Woodworth said the delivery system would look more like the infrastructure of a modern data network than the architecture of conventional transportation. 

It started with a trial program where they delivered groceries and ready-to-eat food such as coffee in the first few weeks. For now, drone deliveries are not subject to an additional charge for consumers. 

There is no information about what the final cost of these services may be provided by the company. To remain financially viable, drone companies are expected to take on more deliveries than they are currently doing. 

In the Context of Big Data 

A member of the University of the West of England's management committee, Dr. Steve Wright said it was not surprising that Wing is among the companies trying to achieve this. In addition to working on the drones themselves, everyone is also thinking about the bigger picture. 

These drones will operate night and day for a considerable period, unlike anything that has ever been achieved.   

Regulatory issues are the first issue that is being debated at the moment. Nevertheless, there is a significant question to be addressed, how to manage and direct such a large number of robots. 

The fact that Wing and Amazon have one legacy in common - Big Data - is not just a coincidence in Dr. Steve's opinion, but rather one of a kind.

YouTube Charged for Data Gathering on UK Minors

A million children's personal data might be collected by YouTube, as per the research. According to the claim, YouTube violates the 'age-appropriate design code' set forth by the Information Commissioner's Office (ICO).

The UK's data protection rules pertaining to the personal information of minors must be complied with by online services in order to do so. In accordance with the Global Data Protection Regulation (GDPR) program, the UK put into effect the Data Protection Act 2018.

These details include the location from which kids view, the device they use, and their preferred types of videos, according to Duncan McCann, Head of Accountability at the 5Rights Foundation.

According to McCann, the streaming service has violated recently established child protection rules by capturing the location, viewing habits, and preferences of potentially millions of youngsters who visit the main YouTube website.

As per attorney and data protection specialist Jonathan Compton from DMH Stallard, YouTube could be hit with a hefty charge of up to £17.5 million, or 4% of its annual global revenue. Not only the YouTube website can be in violation of the ICO Children's Code. In a study published last month by Comparitech, researchers found that one in four Google Play apps did not adhere to the Age Appropriate Design Code. 

A spokesperson for YouTube said, "Over the years, we've made efforts to protect kids and families, like developing a dedicated kids app, implementing new data standards for children's content, and delivering more age-appropriate experiences."

Extra safeguards have been adopted to support children's privacy on YouTube, such as more protective default settings and a specific YouTube Supervised Experience, building on that long-standing strategy and adhering to the additional recommendations offered by the code. 




The Ukraine Invasion Blew up Russian Cybercrime Alliances

 


Over the years, Russia has built up one of the world’s most formidable cybercriminal ecosystems. Russian hacker groups are linked to disruptive cyberattacks including one of the United States’ most critical oil pipelines and the world’s largest meat producers.  

A recently released study suggests that the conflict between Russia and the former Soviet Union disrupted the criminal ecosystem in Russia and its former Soviet satellite states. This was a year after the illegal invasion. Alexander Leslie, the associate threat intelligence analyst at Recorded Future's Insight Group, believes this is one of the most significant developments in the history of cybercrime. It has broad implications affecting nearly every aspect of the world of cybercrime.

In a recent interview with The Register, Leslie told them that these fractures can be felt in all facets of the Russian-speaking underground: digital fraud, dark web forums and marketplaces, ransomware gangs, and hacktivists, all of whom derive their revenue from Russian-speaking underground activities. 

"Russia's military intervention in Ukraine has ushered in the era of volatility and unpredictability in the world of international cybercrime, which carries a multitude of implications for the defense community," Leslie said in a statement. 

As per the report, Russian cybercrime refers to a wide range of crimes perpetrated by miscreants who speak Russian languages in a variety of parts of the world, including Russia, Ukraine, Belarus, the Baltics, the South Caucasus, and Central Asia.  Leslie, during the time before the war, all of these criminal elements shared a common goal. This goal was refusing to target entities located in the Commonwealth of Independent States. This was so as not to draw attention from law enforcement. The day after the Russian government began attacking critical infrastructure on February 24, 2022, the Conti ransomware gang immediately declared its "full support" for the Russian government and pledged to use all the resources at its disposal to take back the critical infrastructure that had been destroyed. There were later claims that the country had condemned the war, but the damage had already been done at that point. 

Hundreds of internal documents from Conti's internal domains were leaked by a Ukrainian security researcher on February 27, 2022. It was the so-called Conti leaks that led to the Trickbot leaks, which were able to reveal Trickbot's senior leadership by using the information revealed in the Conti data dump, which was appropriated by the Trickbot leaks. According to reports, Conti closed down its operations in the weeks that followed. 

Moreover, Conti's rival gangs such as ALPHV (BlackCat) and LockBit neither declared their loyalty to the Kremlin to any significant extent, while on the other hand, some of his rival gangs did. 

There is also a decrease in the number of ransomware attacks in the context of the war in general, which may be attributable to fewer Russian cyberattacks as well. It has been a year since the war started and fears of large-scale disruptions of Ukrainian and Western infrastructure have not yet been realized. Although Russia has not given up, Google reported that it would increase the targeting of Ukrainian users by 250 percent by the year 2022 compared to 2020. In contrast, it will increase the targeting of NATO users by 300 percent.  

As experts point out, this is not necessarily an indictment of Russia's cyber capabilities. Instead, it is an indication of the effectiveness of Ukrainian cyber defense backed up by its Western allies and companies such as Google, Microsoft, and Amazon on the ground. This is a largely successful strategy.  

The Georgia Institute of Technology's Nadiya Kostyuk, who specializes in modern warfare and cyber conflict, has said that that support was "crucial" to Ukraine's cyberspace remaining relatively unscathed, despite the geopolitical turmoil around the world. 

It is currently apparent that Ukraine's cyber capabilities haven't kept up with those of Russia even though it has been developing them since 2014. According to her, Microsoft, along with other companies, had played a huge part in building more resilient networks and systems as well as defending Ukraine's cyberspace. 

Forum Rules for the Russian Dark Web. 

The war did not only expose the fault lines of ransomware gangs, but also other criminals associated with these gangs. It would appear that the invasion of Ukraine also violates an unwritten rule on Russian-language dark web forums, which holds that criminals would not target organizations in former Soviet states unless they were inside the country. 

Despite the increased geographical decentralization of cybercriminal groups, Leslie predicts that the industry will become more centralized in the future.

During the kinetic war and in the immediate aftermath of it, there was also an increase in pro-Russian hacktivist groups. The 'second wave' of hacktivism took place around March 22, 2022, when Killnet's campaign against the Latvian government was initiated, following the initial wave of hacktivism, which included pre-existing groups such as the Stormous ransomware gang as well as new crews that were created to support the Russian war effort. 

An Increase in the Number of Killnets

Despite that, Recorded Future claims that Killnet dominated this second wave of electronic music. 

As a consequence of these attacks, the gang and its subgroups have expanded their targets beyond Europe. They have in recent years targeted the Americas, Asia, and other parts of the world. 

Recorded Future says that most of the pro-Russian hacktivist groups active since the end of the war are no longer active despite estimates by security researchers such as @Cyberknow20 that there were 70 or more such groups active at the beginning of the war. 

As the authors point out, although they identified about 100 such groups between February 24, 2022, and February 10, 2023, only a few remain active today. This is even though a total of about 100 groups were identified. 

Even those that remain are not very effective, as there are only a few left. A new FBI report describes Killnets' distributed denial of service attacks as having "limited success" in the course of their attacks. Additionally, the researchers point out that their impact on the overall war effort has been "minimal" at best, in terms of the effects on the war effort. 

Is 2023 Going to be a Year of Change?

A second year of the war is expected to bring more of the same from security researchers, with insider criminal gangs leaking information, hacktivist attacks making headlines, and database dumps being sold on dark-web forums - possibly with a rise in Russian and Belarusian databases that have been leaked - as well as credential leaks targeting .ru and .by domains that have been targeted by hackers.  As a result of the malware-as-a-service threat landscape and the ongoing changing of the criminal forums on the dark web, "volatility and instability" are predicted to persist through 2023 throughout the Russian-speaking dark web market. 

In the short term, Leslie predicts that the cyber efforts of Ukraine are likely to be stepped up in 2023. The public-private partnership has helped foster increased collaboration between intelligence agencies and the provision of active defensive support, and we anticipate that this will only increase in the years to come, Leslie added. 

The majority of offensive operations are likely to be undertaken by the IT Army of Ukraine. This is expected to maintain support to enable a method of crowdsourced hacktivism that will continue to dominate offensive operations. 

He says he expects more hack-and-leak attacks from the Ukrainian IT Army in the future, but the most dominant methods of attack will likely remain DDoS attacks and website defacement.

Online Tracking: What Do You Need to Know?

 


You can leave a record of whatever you click on the Internet whenever you browse the Internet, as well as any websites you visit. The majority of websites use small pieces of data known as cookies to track information about your visit to their website. Aside from cookies, many websites also use user accounts to monitor visitors' activity while browsing the web. There is no serious risk to your online security from this type of browser tracking. However, it is imperative to understand how your online data is being processed and tracked since it is being monitored in the first place. 

A small shift has been observed in recent years in favor of consumer privacy. Many tech giants received substantial fines because they used trackers in an invasive or incorrect way that violated consumer privacy. For example, Google settled charges that in the past year, it misled users into  thinking they had turned off location tracking, as a result of which it paid out a $391.5 million settlement. 

Despite this, the company continues to collect information about its customers.  Even though there have been some high-profile finger-wagging at tech companies for disregarding users' privacy, brands and advertisers are still mostly free to use tracking software to track our online actions without much resistance on the part of consumers. 

As a result, it is unlikely that this situation will change anytime soon. A project is currently being developed by the EU Commission that will allow brands to track users more easily while online. A unique code is generated from a user's mobile phone or a network based on a user's mobile number. Brands could use digital footprints to identify users and categorize them. This would enable them to target them individually with customized content and identify their behavior. 

The following may sound like an innocuous plan to improve the internet experience for users and brands alike. However, too many might seem out of the ordinary. The expansion of brands' ability to collect our personal information raises serious concerns about the safety, security, and even ethical implications of data collection. 

Everything is Tracked  

A tracker is essentially a piece of code embedded within a website or app. This allows a company to collect and track information about how users use those tools. You can collect a lot of information about how you use your computer. This includes the websites you visit, the links you click, the products you buy, and even your location.   

By collecting and analyzing this information, companies can gain valuable insights into their users' preferences, habits, and behaviors. A company could then use these insights to improve its services and products. Modern internet usage is hyper-personalized and built on trackers and data collection. 

Since the results are superficial, there is only minimal real value in focusing advertising on user interests and tailoring browsing experiences to their needs. The fact that high-quality targeted ads are a step up from the unusable banners found on most websites is evident from the fact that they are compared to glitchy, irrelevant ads that are almost impossible to use on some websites. 

The reality is that the vast amount of information consumers are releasing, storing, and converting into customized ads based on their preferences, location, and browsing history has created an increasing sense of discomfort for many consumers. In the end, this information can be used to target these individuals with ads based on their preferences and information. In the last few years, it has become increasingly apparent that internet giants are closely monitoring their digital footprint more closely than ever before. This is because they sell their personal information to the highest bidder. It is as if they are constantly watched; they feel like their digital footprint is constantly and closely monitored. 

It is even possible to argue that targeted advertising is not in the public interest. Some experts worry that individuals will be unable to explore more interesting ideas and perspectives due to personalized content generated by tracking. One's worldview narrows as a result. 

Ultimately, it is up to the Consumer   

It is clear what internet users need to do to limit online trackers. A virtual private network (VPN) is the most effective and simplest way to encrypt internet traffic and hide IP addresses as it encrypts and hides internet traffic from all governments. Therefore, advertisers and third parties will have difficulty tracking online activities as a result. It also sets up a system that prevents hackers or bad actors from accessing personal data that could be misused in illegal activities.  

Even though it is difficult to fool online trackers, there seems to be a growing movement of internet users breaking away from big corporations such as Google and Facebook. As a result, these users are turning to products and services that actively denounce internet tracking. They work towards creating a more transparent internet that does not track them online. There are many privacy-conscious features in this version, which allow users to roam freely and without worrying about being constantly tracked and monitored by the system.  

To do this, they often resort to visiting websites, utilizing privacy-first analytics tools that actively use these tools regularly. The fact is, as mentioned, that for most consumers it won't be easy or even possible to completely disappear from all social media. This will alter their internet usage overnight. However, there are small steps that internet users can take to have a bit more control over how their personal information is collected online and how their data is used, such as relying on brands that actively eschew corporate surveillance practices. 

There has been an unprecedented increase in brands' ability to track consumers' movements, which has resulted in users losing control over their digital destinies. Users need to protect their privacy and identity online, so it has become an even more critical concern than ever before. It is imperative to know the processes by which brands and businesses collect and use our data as well as how they track us. Internet users can use VPNs to protect their privacy by equipping themselves with this knowledge. This will limit how much data is collected about them online. This is done by limiting data mining.  

There is no doubt that this will lead to a more optimistic internet landscape in which consumers have control over their data and privacy. This is one where they control their data. Brands and big corporations will not only have to follow suit as this movement gains momentum but they will be forced to do so when the trend grows.

Mozilla Research Lashes Out Google Over ‘Misleading’ Privacy Labels on Leading Android Apps


An investigation, conducted by the Mozilla Foundation, into the data safety labels and privacy policy on the Google Play Store has exposed some severe loopholes that enable apps like Twitter, TikTok, and Facebook to give inaccurate or misleading information about how user data is shared. 

The study was conducted between the 40 most downloaded Android apps, out of which 20 were free apps and 20 were paid, on Google Play and found that nearly 80% of these apps disclose misleading or false information. 

The following findings were made by the Mozilla researchers: 

  • 16 of these 40 apps including Facebook and Minecraft, had significant discrepancies in their data safety forms and privacy policies. 
  • 15 apps received the intermediate rating, i.e. “Need Improvement” indicating some inconsistencies between the privacy policies and the Data Safety Form. YouTube, Google Maps, Gmail, Twitter, WhatsApp Messenger, and Instagram are some of these applications. 
  • Only six of these 40 apps were granted the “OK” grade. These apps included Candy Crush Saga, Google Play Games, Subway Surfers, Stickman Legends Offline Games, Power Amp Full Version Unlocker, and League of Stickman: 2020 Ninja. 

Google’s Data Privacy Section 

Google apparently launched its data privacy section for the Play Store last year. This section was introduced in an attempt to provide a “complete and accurate declaration” for information gathered by their apps by filling out the Google Data Safety Form. 

Due to certain vulnerabilities in the safety form's honor-based system, such as ambiguous definitions for "collection" and "sharing," and the failure to require apps to report data shared with "service providers," Mozilla claims that these self-reported privacy labels may not accurately reflect what user data is actually being collected. 

In regards to Google’s Data Safety labels, Jen Caltrider, project lead at Mozilla says “Consumers care about privacy and want to make smart decisions when they download apps. Google’s Data Safety labels are supposed to help them do that[…]Unfortunately, they don’t. Instead, I’m worried they do more harm than good.” 

In one instance in the report, Mozilla notes that TikTok and Twitter both confirm that they do not share any user data with the third parties in their Data Safety Forms, despite stating that the data is shared with the third parties in their respective privacy policies. “When I see Data Safety labels stating that apps like Twitter or TikTok don’t share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties[…]Consumers deserve better. Google must do better,” says Caltrider. 

In response to the claim, Google has been dismissing Mozilla’s study by deeming its grading system inefficient. “This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects[…]The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information,” says a Google spokesperson. 

Apple, on the other hand, has also been criticized for its developer-submitted privacy labels. The 2021 report from The Washington Post indicates that several iOS apps similarly disclose misleading information, along with several other apps falsely claiming that they did not collect, share, or track user data. 

To address these issues, Mozilla suggests that both Apple and Google adopt an overall, standardized data privacy system across all of their platforms. Mozilla also urges that major tech firms shoulder more responsibility and take enforcement action against apps that fail to give accurate information about data sharing. “Google Play Store’s misleading Data Safety labels give users a false sense of security[…]It’s time we have honest data safety labels to help us better protect our privacy,” says Caltrider.  

BEC Attacks: Google Translate Utilized to Scam Organizations in Any Language


Business Email Compromise (BEC) gangs are carrying out payment fraud scams in a more effective manner by utilizing translation tools and machine learning platforms, successfully dispensing fraudulent emails in multiple languages. 

What are Business Email Compromise Groups? 

BEC attacks entail posing as a senior executive or business partner and convincing a corporate target to wire large quantities of cash to a bank account under the attacker's control. 

Successfully launching the international variant of this cyberattack generally requires a lot of time and effort. The target must be sufficiently researched to make phishing lures plausible. Moreover, native speakers must be hired to translate frauds into other languages. Yet this is all changing as threat actors use free online technologies that reduce some of the need for manual work. 

Midnight Hedgehog and Mandarin Capybara are two BEC groups that best represent the trend, according to a research from Abnormal Security published this week. Both use Google Translate, which enables threat actors to quickly create convincing phishing lures in practically any language. 

Moreover, researchers in the study also cautioned that tools such as commercial business marketing services are aiding the success of less-resourced and less-sophisticated BEC attacks. They are mostly used by sales and marketing teams to find "leads," making it simple to locate the best targets regardless of their region. 

The fact that BEC attacks are already lucrative, causing $2.4 billion in damages in 2021 alone, according to the FBI's Crime Report, and the number of BEC attacks is constantly increasing, is bad news for defenders. Volumes are now likely to increase as some of the cost associated with performing them has been eliminated. 

BEC Groups Scale Fast with Translation, Marketing Tools 

Crane Hassold, director of threat intelligence of Abnormal Security in a report noted that Midnight Hedgehog has been since January 2021 and specialises in impersonating CEOs. 

Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Spanish, and Swedish are among the 11 languages that the company has so far identified in two significant phishing emails from the organization. The emails are lacking the simple mistakes that consumers are conditioned to look out for and regard as suspicious thanks to Google Translate's effectiveness. 

"We've taught our users to look for spelling mistakes and grammatical errors to better identify when they may have received an attack[…]When these are not present, there are fewer alarm bells to alert native speakers that something isn't right," the report said. 

Apparently, Midnight Hedgehog has requested payments ranging from $17,000 to $45,000. 

Mandarin Capybara, the second BEC threat organization mentioned in the report, sends emails posing as communications from business executives but with a twist: Paychecks are transferred to a controlled account via direct deposit by contacting payroll. 

Abnormal Security has noted that Mandarin Capybara targets businesses all over the world with phishing lures in Dutch, English, French, German, Italian, Polish, Portuguese, Spanish, and Swedish. However, unlike Midnight Hedgehog, which the report claimed sticks to non-English-speaking victims in Europe, Mandarin Capybara also targets businesses outside of Europe with phishing emails aimed at English speakers in the US and Australia. 

In some instances, they utilized the same tactics of fraudulent email accounts to distribute emails in multiple languages.

The reason why BEC campaigns are still in trend among threat actors is simply how they operate, where their victims receive these messages, deeming them legitimate, and act upon instructions they think are coming from their ‘boss,’ especially when the emails are written with correct grammar and spelling and the sender's signature style. 

"As email marketing and translation tools become more accurate, effective, and accessible, we'll likely continue to see hackers exploiting them to scam companies with increasing success," said Hassold. 

It is that organizations put procedures in place to make sure that large financial transactions are not approved by only one person and that people should be trained to be on the lookout for payment fraud attacks in addition to deploying appropriate cybersecurity tools to help catch BEC attacks. 

"It's important that organizations use email defenses that look for threats in a more holistic matter to be able to prevent more sophisticated BEC attacks. Defenses that simply rely on static or 'known bad' indicators will have a hard time detecting these attacks, which is why tools that leverage behavioral analytics are better equipped to spot more advanced BEC threats," concludes Hassold.