google

Zero-day

Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

In response to a heap buffer overflow vulnerability, Google has released a security update for the desktop versions of Google Chrome for Windows, Linux, and Mac. The Chrome vulnerability is already being used in the wild, claims Google’s own blog. This is the eighth time this year that a Google Chrome zero-day vulnerability has been …

Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year Read More »

google

Google to pay nearly $400 million to settle state location-tracking probe

Just your average information security researcher from Delaware US.

WASHINGTON, Nov 14 (Reuters) – Alphabet’s Google (GOOGL.O) will pay $391.5 million to settle allegations by 40 states that the search and advertising giant illegally tracked users’ locations, the Michigan attorney general’s office said Monday. The investigation and settlement, which was led by Oregon and Nebraska, is a sign of mounting legal headaches for the tech giant …

Google to pay nearly $400 million to settle state location-tracking probe Read More »

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

Just your average information security researcher from Delaware US.

Note: The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device is running SMR Mar-2021 or later. As defenders, in-the-wild exploit samples give us important insight into what …

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Read More »

google

Google urges open source community to fuzz test code

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Google’s open source security team says OSS-Fuzz, its community fuzzing service, has helped fix more than 8,000 security vulnerabilities and 26,000 other bugs in open source projects since its 2016 debut. We’ll even get our chequebook out, web giant says And the group would like to see open source developers do more fuzzing to make …

Google urges open source community to fuzz test code Read More »

google

VULN: Urgent Chrome Update Patche’s New Zero-Day Vulnerability

Just your average information security researcher from Delaware US.

Google on Friday, Sept 2nd, shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for …

VULN: Urgent Chrome Update Patche’s New Zero-Day Vulnerability Read More »

google

Google Chrome issue allows overwriting the clipboard content

Just your average information security researcher from Delaware US.

A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content. A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically overwrite the clipboard content without any user interaction and consent simply visiting them. SecurityAffairs reports, According to a …

Google Chrome issue allows overwriting the clipboard content Read More »

DDoS

Google mitigates largest DDoS Attack in History – Peaked at 46 Million RPS

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Disclosed this week, was the 3rd HTTPS attack this year to get to 10s of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare. The very first of them peaked at 15.3 million RPS, Cloudflare revealed in April, while the 2nd reached  26 million RPS, the web security company introduced in June. What makes these assaults stick out from the crowd …

Google mitigates largest DDoS Attack in History – Peaked at 46 Million RPS Read More »

Zero-day

Google Claims Half of all Zero-Day Bugs Are Due to Poor Patches

Just your average information security researcher from Delaware US.

Google Project Zero noted a total of 18 zero-day bugs this year, so far. Researchers at Google Project Zero noted that half of the zero-day bugs found in H1 2022 – that were exploited before a patch was publicly available – can be avoided if concerned software vendors made better testing of their patches. Also, …

Google Claims Half of all Zero-Day Bugs Are Due to Poor Patches Read More »

google

Google Improves Password Manager to Boost Security

Just your average information security researcher from Delaware US.

Google announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a “simplified and unified management experience that’s the same in Chrome and Android settings,” Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also expected to …

Google Improves Password Manager to Boost Security Read More »

google chrome

Google Chrome extensions can be easily fingerprinted to track you online

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A researcher has created a website that uses your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online. To track users on the web, it is possible to create fingerprints, or tracking hashes, based on various characteristics of a device connecting to a website. These …

Google Chrome extensions can be easily fingerprinted to track you online Read More »