0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years

Google Project Zero researcher Maddie Stone published a study on 0-day vulnerabilities in 2022 on GitHub called “0-day In-the-Wild Exploitation in 2022…so far”. According to Stone, 9 of the 18 exploited zero-day vulnerabilities are variants of previously patched vulnerabilities. In many cases, the attacks were not sophisticated, and the attacker could have exploited the vulnerability… Continue reading 0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years

Google Report Companies Creating Mobile Spyware for Governments

Google Reveals An Italian Company to Sell Android and iOS Spyware to Governments In its blog, Google has published a report revealing that multiple companies have been crafting and selling spyware exploiting mobile devices’ zero-day vulnerabilities discovered by Google specialists last year. The post includes code fragments from the disputed malware. Over 30 companies turned… Continue reading Google Report Companies Creating Mobile Spyware for Governments

Google Is Trying to Get Rid of the Engineer Who Suggested that AI Gained Consciousness

Blake Lemoine, a senior software engineer at Google’s Responsible AI division, told The Washington Post that he thinks Google’s LaMDA (Language Model for Dialogue Applications) chatbot has become conscious. As a result, Lemoine was sent on paid leave. Let me remind you that in preparation for the “rise of the machines”, we already said that… Continue reading Google Is Trying to Get Rid of the Engineer Who Suggested that AI Gained Consciousness

Google Has Disabled Some of the Global Cache Servers in Russia

Media reports say that Google is notifying ISPs in Russia that it is shutting down its Google Global Cache (GGC) servers, which speed up the loading of its services, including YouTube content. These changes are reported by RBC, citing two of its own sources in the telecommunications industry. Let me also remind you that we… Continue reading Google Has Disabled Some of the Global Cache Servers in Russia

DuckDuckGo downgraded Russian state media in search results

The founder and head of DuckDuckGo, Gabriel Weinberg, said that the search engine would lower Russian media and sites that spread “Russian propaganda” in search results. Some were dissatisfied with this decision of the DuckDuckGo management, which has always focused on privacy and ethics. On Twitter, Weinberg writes that sites “linked to Russian disinformation” will… Continue reading DuckDuckGo downgraded Russian state media in search results

Google Offers up to $91,000 for Linux Kernel Vulnerabilities

Google has almost doubled its rewards for vulnerabilities in the Linux kernel, Kubernetes, Google Kubernetes Engine (GKE), and kCTF. The reward can now be up to $91,337. In November last year, Google already increased the size of payments: then the company tripled rewards for exploits for previously unknown bugs in the Linux kernel. The idea… Continue reading Google Offers up to $91,000 for Linux Kernel Vulnerabilities

Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster

Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster

Companies in the EU will have to remove Google Analytics from their websites

Companies in the European Union will have to remove Google Analytics from their websites or face fines for violating the GDPR. The Austrian Data Protection Authority has stated that the use of the Google Analytics statistics collection system violates the General Data Protection Regulation (GDPR) and poses a privacy risk. NOYB (none of your business)… Continue reading Companies in the EU will have to remove Google Analytics from their websites

Apache Log4j Vulnerability explained by Google

Google Java Apache Log4j Vulnerability

On December 17th, 2021 in their blog Google Open Source Insights Team explained the whole situation they observed concerning Apache Log4j Vulnerability. They described the widespread vulnerability and current progress in fixing the open source JVM ecosystem. Also Team shared their thoughts on how long it will possibly take for this vulnerability to be fixed… Continue reading Apache Log4j Vulnerability explained by Google

Log4j vulnerability threatens 35,000 Java packages

Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages