Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Account. Show all posts
Privacy Regulations
Account security Cyber Security Data Privacy data security Google Google Account Privacy Regulations

Posthumous Data Access: Can Google Assist with Deceased Loved Ones' Data?

 

Amidst the grief and emotional turmoil after loosing a loved one, there are practical matters that need to be addressed, including accessing the digital assets and accounts of the deceased. In an increasingly digital world, navigating the complexities of posthumous data access can be daunting. One common question that arises in this context is whether Google can assist in accessing the data of a deceased loved one. 

Google, like many other tech companies, has implemented protocols and procedures to address the sensitive issue of posthumous data access. However, accessing the digital assets of a deceased individual is not a straightforward process and is subject to various legal and privacy considerations. 

When a Google user passes away, their account becomes inactive, and certain features may be disabled to protect their privacy. Google offers a tool called "Inactive Account Manager," which allows users to specify what should happen to their account in the event of prolonged inactivity or after their passing. Users can set up instructions for data deletion or designate trusted contacts who will be notified and granted access to specific account data. 

However, the effectiveness of Google's Inactive Account Manager depends on the deceased individual's proactive setup of the tool before their passing. If the tool was not configured or if the deceased did not designate trusted contacts, gaining access to their Google account and associated data becomes significantly more challenging. 

In such cases, accessing the data of a deceased loved one often requires legal authorization, such as a court order or a valid death certificate. Google takes user privacy and data security seriously and adheres to applicable laws and regulations governing data access and protection. Without proper legal documentation and authorization, Google cannot grant access to the account or its contents, even to family members or next of kin. 

Individuals need to plan ahead and consider their digital legacy when setting up their online accounts. This includes documenting login credentials, specifying preferences for posthumous data management, and communicating these wishes to trusted family members or legal representatives. By taking proactive steps to address posthumous data access, individuals can help alleviate the burden on their loved ones during an already challenging time. 

In addition to Google's Inactive Account Manager, there are third-party services and estate planning tools available to assist with digital asset management and posthumous data access. These services may offer features such as data encryption, secure storage of login credentials, and instructions for accessing online accounts in the event of death or incapacity. 

As technology continues to play an increasingly prominent role in our lives, the issue of posthumous data access will only become more relevant. It's crucial for individuals to educate themselves about their options for managing their digital assets and to take proactive steps to ensure that their wishes are carried out after their passing. 

While Google provides tools and resources to facilitate posthumous data management, accessing the data of a deceased loved one may require legal authorization and adherence to privacy regulations. Planning ahead and communicating preferences for digital asset management are essential steps in addressing this sensitive issue. By taking proactive measures, individuals can help ensure that their digital legacy is managed according to their wishes and alleviate the burden on their loved ones during a difficult time.
Read more »
malware
Browser Cookies Cyber Attacks Cybersecurity Google Account malware

Cookie Intrusion: Urgent Warning as Malware Targets Google Accounts

 


In a chilling development on the cybersecurity front, a potent new malware strain has emerged, employing an unconventional tactic to infiltrate Google accounts. This intricate risk leverages cookies, typically used for benign website functionality, as a gateway for unauthorised access. Cybersecurity professionals are alarmed by the ingenuity displayed by the perpetrators of this novel attack method. Exploring the digital world demands a heightened sense of vigilance. Whether you're an individual safeguarding personal data or an organisation securing critical information, staying alert is key to warding off these sneaky cyber threats. 

Browser cookies serve the practical purpose of remembering actions on websites, but they also pose security risks. While Google Chrome addresses third-party cookies, a recent vulnerability exposes Google accounts to potential compromise. Malicious groups are actively selling an exploit that enables unauthorised access, bypassing passwords and two-factor authentication. Discovered in October 2023, Google is diligently addressing the identified issue through reverse engineering methodologies. 

This zero-day exploit allows cybercriminals to retrieve session cookies, a critical element in Google's login authentication. Even after users change passwords, this vulnerability remains a threat. The exploit was initially disclosed by an entity known as PRISMA, leading to subsequent investigations. Google acknowledges the issue and advises affected users to sign out on compromised devices for added security. To counter such threats, users are also encouraged to enable Enhanced Safe Browsing in Chrome, offering protection against phishing and malware downloads. 

The discovery of a zero-day vulnerability in session cookies has given rise to a concerning scenario, as at least six malware developers actively exploit this weakness. Detecting compromise in such cases is not immediate, emphasising the need for heightened user awareness and proactive security measures. Here's a detailed guide to fortify your defences: 

 1. Clear Browser Cookies: 

 Begin by regularly clearing your browser cookies. This minimises the chances of unauthorised access through compromised session cookies. 

 2. Unlink Google Account from Unused Devices: 

 Take a moment to review and unlink your Google account from devices that are infrequently or no longer used. This severs potential access points for malicious actors. 

 3. Google Chrome Users, Stay Alert: 

 Google Chrome users should be particularly vigilant. If you notice any unusual activity on your Google account, consider it a potential red flag. Swiftly changing your password adds an extra layer of security. 

 4. Immediate Password Change: 

 In the event of abnormal account behaviour, do not hesitate to change your password promptly. This proactive step helps thwart unauthorised access and safeguards your account. 

 5. Regular Security Checks: 

 Incorporate regular security checks into your online routine. Be mindful of any notifications or alerts from Google regarding your account activity. 

 6. Stay Informed: 

Stay abreast of cybersecurity developments. Keep an eye on reputable sources for updates and insights into emerging threats, ensuring you remain informed and equipped to protect your digital assets. 

By implementing these proactive measures, users can significantly reduce the risk of falling victim to exploits targeting session cookies while bolstering the overall security of their Google accounts.



Read more »
malware
Advanced Volatile Threats CyberThreat Cyberthreats Google Google Account malware

Time to Guard : Protect Your Google Account from Advanced Malware

 

In the ever-changing world of cybersecurity, a new type of threat has emerged, causing serious concerns among experts. Advanced malware, like Lumma Stealer, is now capable of doing something particularly alarming – manipulating authentication tokens. These tokens are like secret codes that keep your Google account safe. What makes this threat even scarier is that it can continue to access your Google account even after you've changed your password. In this blog post, we'll explore the details of this evolving danger, shining a light on how it manipulates OAuth 2.0, an important security protocol widely used for secure access to Google-connected accounts. 

Of particular concern is its manipulation of OAuth 2.0, leveraging an undocumented aspect through a technique known as blackboxing. This revelation marks Lumma Stealer as the first malware-as-a-service to employ such a sophisticated method, highlighting the escalating complexity of cyber threats. 

The manipulation of OAuth 2.0 by Lumma Stealer not only poses a technical challenge but also jeopardises the security of Google-related accounts. Despite efforts to seek clarification, Google has yet to comment on this emerging threat, giving Lumma Stealer a distinct advantage in the illicit market. 

In a concerning trend, various malware groups, including Rhadamanthys, RisePro, Meduza, Steal Stealer, and the evolving Eternity Stealer, swiftly adopted Lumma Stealer's exploit. This underscores the urgency for users to update their security practices and stay vigilant against the continuously changing tactics employed by malicious actors. 

This vulnerability traces back to an attacker operating under the pseudonym PRISMA, who unveiled a zero-day exploit in late October. Exploiting this flaw provides the advantage of "session persistence," allowing sustained access even after a password change. The revelation emphasises the widespread impact of the vulnerability across various cyber threats, necessitating urgent user awareness and robust cybersecurity measures. 

The exploitation of this vulnerability extends beyond compromising Google accounts, granting threat actors the ability to manipulate various OAuth-connected services. Pavan Karthick M, a threat researcher at CloudSEK, stresses the serious impact on both individual users and organisations. Once an account is compromised, threat actors can control critical services such as Drive and email login, emphasising the urgent need to fortify defences against the ever-evolving cybersecurity landscape. 

As Lumma Stealer and its counterparts exploit vulnerabilities, it's crucial for users to adopt proactive cybersecurity measures. Regularly updating passwords, enabling two-factor authentication, and staying informed about emerging threats are essential steps in mitigating risks. In the face of advancing cyber threats, staying vigilant and taking proactive steps remain imperative to safeguard our online presence.
Read more »
Technology
Google Account Inactive Account Playstore Tech Giant Technology

Reminder: Google Has Started to Purge Inactive Accounts

 

You should log into any old Google account you wish to maintain if you haven't used it in a few years to avoid having it deleted due to Google's inactive account policy. Google revealed the new guidelines in May, stating that account deletions would start as early as December 2023. Since then, Google has begun notifying impacted users through email that their accounts may be deleted starting in the first week of December. 

To be clear, Google has not stated that it will delete all eligible accounts from the first of December.The company intends to proceed in stages, "beginning with accounts that were created and never used again." However, now appears to be as good a time as any to ensure that your old accounts are in order so that you don't risk losing important data.

For a Google Account to remain active for an additional two years, it is often sufficient to simply sign in. Google adds that actions that fall under its policy regarding inactive accounts include sending or receiving emails, using Google Drive, viewing YouTube content, downloading apps from the Google Play Store, searching the Google Play Store, and signing in with Google to access third-party services. 

It's a good idea to confirm that the email address linked to your account is accessible after you log in. This is due to Google's announcement that it will notify affected users of an upcoming deletion through several notifications sent to both their recovery email addresses and affected Google accounts. 

If you want to prevent the deletion of any content stored in Google Photos, you'll need to sign in separately, but logging in to your Google account should be sufficient to stop it from being deleted altogether for two years. According to a 2020 policy, the search giant "reserves the right to delete data in a product if you are inactive in that product for at least two years." Nevertheless, neither accounts with active subscriptions linked to them nor accounts with YouTube videos will be deleted. 

Google stated that it modified its policies for security reasons when it announced the new guidelines in May, pointing out that inactive and outdated accounts are more likely to be compromised. Ruth Kricheli, vice president of product management at Google, stated in the company blog that "forgotten or unattended accounts often rely on old or re-used passwords that may have been compromised, haven't had two factor authentication set up, and receive fewer security checks by the user.”
Read more »
Wi-Fie
Android Cyber Attacks Cybersecurity Google Account iOS Location Sharing Websites Wi-Fie

Avoid Accidentally Sharing Your Location

 


There is no doubt that the devices and apps on your phone want to know where you are-whether to give you the latest weather updates, make suggestions for restaurants that you might enjoy, or allow you to better target advertisements. To keep track of what you share with others and what you do not share with others, and when, it can become very confusing very quickly.  

There is also a possibility that there are inconsistencies in the different location histories logged by your devices: There are some times when you think that you have blocked or turned off Location Sharing on your phone but that you are still tracked, and vice versa. 

Location Tracking: How it Becomes Confusing 

There is nothing more frustrating than being able to keep finding yourself on a map, even though you distinctly recall turning your location tracking off on a device. You might also have thought that you had left the location history feature on, but you are seeing gaps even though you thought you had? In terms of a few explanations, it is essential to keep in mind all the different ways in which your location can be logged by different devices, apps, and websites that you use during the day: your apps, your devices, and your websites. 

A tablet, for instance, might be equipped with a location-tracking feature whereas a phone might have its location-tracking turned off. Another possibility is that your laptop is tracking your location in the background. This is even though you thought you had disabled such a feature in the apps you use. You thought you had disabled it on your laptop. To determine whether or not to enable or turn off location tracking completely, you have to consider all of these different methods of keeping track of your location as well. 

Here is an example of how to use your Google account if you have one. On the web, simply go to your account settings, where you will be able to select Data and Privacy, along with Location History. This will reveal some desktop computers, laptops, and tablets whose movement is being saved to your Google account for future reference. Select Devices on This Account to see which phones, tablets, and laptops have been marked with a checkmark. 

When you click Turn Off, you will be able to disable this feature, but you should be aware of the caveats that appear onscreen once you have clicked the 'Turn Off' button: Your location will still be logged by your mobile device, by the Find My Device service when you are trying to locate a lost device, and by Google Maps when you are trying to navigate or search around the area in which you are. There is a facility in the Location History settings menu that allows you to toggle between different aspects of your location history. This includes the Google Timeline and the ability to search for places you regularly visit in a matter of seconds. 

It is worth noting that there are several other areas where your location is logged and shared from your main Google account screen. A list of specific contacts who can see your location through Google services can be found under Data and Privacy under Web & App Activity, and under People and Sharing under Manage Location Sharing. This allows you to manage location data saved by Google Maps and other applications and websites. 

Mobile Location Tracking and Management 

Depending on the manufacturer of your Android phone, the steps involved in managing your location will differ slightly. However, the menus and instructions involved will generally be similar regardless of the manufacturer of your phone. In Google Pixel phones, you can open up your Settings app, then select Location: Then you will see a switch that allows you to turn off the use of location, which will prevent any of the apps on your device from knowing your location, as well as Google. 

It is also possible to customize location access for individual apps on the same screen if you leave the Use Location toggle switch turned on. If you want to control when apps have access to your location, you can choose to set it to always or only when the app is running in the foreground. The app in the list you choose can be changed by tapping on its name. 

To eliminate the location data that has been collected on you, you need to check the history of all the apps that have had access to your location and check the settings of each and every one of them. You can either choose to delete Location History from your Google account on the web or Web & App Activity under Data and Privacy. This is if you want to completely remove such data from your Google account and Google's apps. Moreover, you will also have the option to automatically delete this information after a period of three, eighteen, or thirty-six months. 

Apple does not seem to log your movements in quite the same way as Google does, but it does build up a list of places you visit frequently (like your home and maybe your workplace) so you can quickly get back there if necessary. Open the Settings app on your iPhone, and then select Privacy & Security, Location Services, System Services, and Significant Locations to remove any items from this list. If you want to stop the list from populating in the future, you can opt to remove this entry from the list. 

On-Desktop Location Tracking 

Since your laptop or desktop computer will not be equipped with GPS capabilities, it will not be able to track your location the way your smartphone can, but you can still log into the internet on your computer through the network connections you use to sign in (via your home Wi-Fi, for example). However, the apps, websites, and operating systems will still have a sense of where you are.

Whenever you open up the Settings app on your Windows computer, you can click on Privacy & Security and then choose Location. As with Android and iOS, you will find that you can turn off location tracking for individual applications (via a toggle switch located on the right of the screen) or turn it off for the entire computer (by selecting the top option). By clicking on Clear next to Location History, you will be able to wipe the log of your travels. In this case, you may view which apps have been using your location, as well as see what apps are currently using your location. 

There will be settings within every browser that will allow you to control the way your location is accessed by websites. Chrome has a setting called Privacy and Security, Site Settings, and Location which can all be accessed from the settings pane; Edge requires opening the settings pane and choosing Cookies and Site Permissions, then Location; on Safari on MacOS, the setting dialog box must be opened before selecting Websites and Location. No guarantee changing these settings will affect any information that the sites have collected in the past. You will have to find out if this is the case by visiting the settings for individual websites.   
Read more »
Web browser
Apple Browser Security Google Account Safari User Data User Privacy User Security. Data Security Vulnerabilities and Exploits Web browser

New Apple Flaw Exposes Users’ Browser History and Google Account Details

 

A bug has been detected on Apple’s Safari 15, that can leak your recent browsing activity and expose your Google User ID to other sites. The flaw was introduced to Safari 15 via the Indexed Database API (IndexedDB), which is part of Apple's WebKit web browser development engine, according to a Saturday blog post by FingerprintJS. IndexedDB can be utilized to save data on the computer, such as websites visited, so that they load faster when one returns. 

IndexedDB likewise adheres to the same-origin principle, which prohibits websites from freely interacting with one another unless they have the same domain name (among other requirements). Imagine it being under quarantine and only being able to interact with members of your family.  

Moreover, the problem discovered by FingerprintJS allows IndexedDB to break the same-origin policy, revealing data it has gathered to websites from which it did not collect it. Unfortunately, some websites, such as those in the Google network, include unique user-specific identifiers in the information sent to IndexedDB. This implies that if you're logged into your Google account, the information gathered can be utilized to accurately identify the browsing history as well as account information. It can also figure out whether you're logged into more than one account. 

FingerprintJS stated, "Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user." 

They also posted a video demonstrating the type of data that the attack can disclose. The flaw was reported by FingerprintJS at the end of November, but Apple has yet to patch it. All of this is alarming, but there's not much one can do about it at the moment. Because a private tab can't see what's happening in any other tabs, whether private or public, browsing in Safari's Private mode can limit the potential damage. However, it isn't without flaws. 

"[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites," wrote FingerprintJS.

Switching from Safari to another browser can protect Mac users from the flaw, but iOS and iPadOS users are out of luck. While only Safari has been affected on Mac, Apple's requirement that both iOS and iPad web browsers utilize WebKit implies the IndexedDB flaw has affected all of these systems' browsers.
Read more »
Subscribe to: Posts (Atom)