Given the nature of these vulnerabilities, please review your environment and make sure your version of Chrome is up-to-date.
https://www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/?mid=1
Google stored some passwords in plain text for 14 years
This is an interesting admission by the team at Google. Though they have not confirmed the number of affected enterprise customers, I know it least one local organization that was contacted by Google concerning this unintentional data leak. Fortunately, that organization had ceased using the service some time ago.
It does appear that Google has remediated the problem. That said, any potentially affected organization should address password reuse and other related opportunities to mitigate the risk.
https://nakedsecurity.sophos.com/2019/05/23/google-stored-some-passwords-in-plain-text-for-14-years/
Google Phishing Quiz
This is a great tool provided by Google to walk you through the pitfalls of distinguishing between legitimate and “phishy” emails. Take a look and consider sharing it with friends.
https://phishingquiz.withgoogle.com/
How to stop a hacker home invasion!
This video from the team at Sophos NakedSecurity provides a great explanation of a Nest camera hack and Google’s response to the attack as well as good, practical password advice. Give it a view and share with your friends!
https://nakedsecurity.sophos.com/2019/01/24/how-to-stop-a-hacker-home-invasion-video/
GOOGLE PATCHES 34 BROWSER BUGS IN CHROME 67, ADDS SPECTRE FIXES
Please review your Chrome implementations and patch accordingly.
https://threatpost.com/google-patches-34-browser-bugs-in-chrome-67-adds-spectre-fixes/132370/
Safer browsing coming soon to MacOS Chrome users
It’s about time Google decided to care about those of us who choose to browse the Internet from a Mac. In all seriousness, long gone are the days when Mac users can live under the security blanket of obscurity, fueled by the assumption that no one bothers to write viruses for MacOS. The threat of infection is real and so should be the tools we use to defend against it.
https://nakedsecurity.sophos.com/2018/03/07/safer-browsing-coming-soon-to-macos-chrome-users/
Google collects Android users’ locations even when location services are disabled
I honestly do not know where to begin with this article. I believe the most logical place to start is I have no doubt similar problems may exist within devices from other mobile operating systems. I doubt this is exclusively an Android or Google problem. That said, it is deeply concerning, especially given the data collection and sharing process going on in the absence of even an active SIM card.
I am not advocating for the mass production of tin foil hats, but I will say this. If you have your smartphone with you, you are most certainly never alone.
GOOGLE PATCHES KRACK VULNERABILITY IN ANDROID
Please take the time to review your Android based platforms and update whenever and wherever possible.
https://threatpost.com/google-patches-krack-vulnerability-in-android/128818/
Google Rolls Out Advanced Protection for High-Risk Users
This is an excellent step forward in the effort to protect sensitive Google data. U2F is a strong, reliable authentication mechanism and will afford Google more flexibility as this program moves forward. There are certain limitations with mobile devices and third party applications that will need to be navigated, but if someone finds him or her self in a highly sensitive or high-risk situation, then this is the best security option available to date for the Google email ecosystem.
https://www.infosecurity-magazine.com/news/google-rolls-out-advanced/
Google Patches Critical ‘Broadpwn’ Bug in July Security Update
Please review your Android deployments and patch accordingly.
https://threatpost.com/google-patches-critical-broadpwn-bug-in-july-security-update/126688/
