Given the nature of these vulnerabilities, please review your environment and make sure your version of Chrome is up-to-date.
This is an interesting admission by the team at Google. Though they have not confirmed the number of affected enterprise customers, I know it least one local organization that was contacted by Google concerning this unintentional data leak. Fortunately, that organization had ceased using the service some time ago.
It does appear that Google has remediated the problem. That said, any potentially affected organization should address password reuse and other related opportunities to mitigate the risk.
This is a great tool provided by Google to walk you through the pitfalls of distinguishing between legitimate and “phishy” emails. Take a look and consider sharing it with friends.
This video from the team at Sophos NakedSecurity provides a great explanation of a Nest camera hack and Google’s response to the attack as well as good, practical password advice. Give it a view and share with your friends!
Please review your Chrome implementations and patch accordingly.
It’s about time Google decided to care about those of us who choose to browse the Internet from a Mac. In all seriousness, long gone are the days when Mac users can live under the security blanket of obscurity, fueled by the assumption that no one bothers to write viruses for MacOS. The threat of infection is real and so should be the tools we use to defend against it.
I honestly do not know where to begin with this article. I believe the most logical place to start is I have no doubt similar problems may exist within devices from other mobile operating systems. I doubt this is exclusively an Android or Google problem. That said, it is deeply concerning, especially given the data collection and sharing process going on in the absence of even an active SIM card.
I am not advocating for the mass production of tin foil hats, but I will say this. If you have your smartphone with you, you are most certainly never alone.
Please take the time to review your Android based platforms and update whenever and wherever possible.
This is an excellent step forward in the effort to protect sensitive Google data. U2F is a strong, reliable authentication mechanism and will afford Google more flexibility as this program moves forward. There are certain limitations with mobile devices and third party applications that will need to be navigated, but if someone finds him or her self in a highly sensitive or high-risk situation, then this is the best security option available to date for the Google email ecosystem.
Please review your Android deployments and patch accordingly.