Google Offers up to $91,000 for Linux Kernel Vulnerabilities

Google has almost doubled its rewards for vulnerabilities in the Linux kernel, Kubernetes, Google Kubernetes Engine (GKE), and kCTF. The reward can now be up to $91,337. In November last year, Google already increased the size of payments: then the company tripled rewards for exploits for previously unknown bugs in the Linux kernel. The idea… Continue reading Google Offers up to $91,000 for Linux Kernel Vulnerabilities

Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster

Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster

Companies in the EU will have to remove Google Analytics from their websites

Companies in the European Union will have to remove Google Analytics from their websites or face fines for violating the GDPR. The Austrian Data Protection Authority has stated that the use of the Google Analytics statistics collection system violates the General Data Protection Regulation (GDPR) and poses a privacy risk. NOYB (none of your business)… Continue reading Companies in the EU will have to remove Google Analytics from their websites

Apache Log4j Vulnerability explained by Google

Google Java Apache Log4j Vulnerability

On December 17th, 2021 in their blog Google Open Source Insights Team explained the whole situation they observed concerning Apache Log4j Vulnerability. They described the widespread vulnerability and current progress in fixing the open source JVM ecosystem. Also Team shared their thoughts on how long it will possibly take for this vulnerability to be fixed… Continue reading Apache Log4j Vulnerability explained by Google

Log4j vulnerability threatens 35,000 Java packages

Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages

Google Stops Glupteba Botnet and Sues Two Russians

Google representatives said that they stopped the work of the Glupteba botnet: they deleted the accounts, and also disabled the servers and domains associated with it. In addition, the company has filed a lawsuit against the Russians Dmitry Starovikov and Alexander Filippov, which are accused of creating and operating a botnet. According to an expert… Continue reading Google Stops Glupteba Botnet and Sues Two Russians

Google developers told how they will implement Manifest V3

This week, Google developers shared their plans to bring the infamous Manifest V3 to full functionality, which became available in the beta version of Chrome 88. Let me remind you that for the first time talks about Manifest V3 started in 2018. Then the developers of Google announced that they intend to limit the work… Continue reading Google developers told how they will implement Manifest V3

Ukrainian fighters against pirates asked Google to block 127.0.0.1

The TorrentFreak media reports that Vindex, Ukrainian fighters against pirates, representing the interests of TRC Ukraine, sent Google a strange request to remove content from search results. One of the addresses violating the rights of TRC Ukraine pointed to 127.0.0.1, that is, the anti-pirates found prohibited content in their own systems. Journalists note that under… Continue reading Ukrainian fighters against pirates asked Google to block 127.0.0.1

Google fired dozens of employees for data abuse

The Vice Motherboard has obtained internal Google documents stating that the company has fired dozens of employees for data abuse. The documents describe investigations into cases where Google employees used their positions to steal, leak, or abuse data they had access to. According to these papers, between 2018 and 2020, the company fired dozens of… Continue reading Google fired dozens of employees for data abuse

Google Replaces APK with Android App Bundle Format

Google developers announced that since August 2021, all new applications downloaded to the Google Play Store will have to use the new Android App Bundles (AAB) format, instead of the familiar APK (Android PacKage) that has been used in Android since 2008. The company explains that AAB is a more versatile, “batch” format that will… Continue reading Google Replaces APK with Android App Bundle Format