Category Archives: Google

Google Commits $3.1 Million and Free Cloud APIs To Wikimedia

Google is expanding its support of Wikimedia, the parent company of Wikipedia, as the search giant chases the next billion users. From a report: At World Economic Forum this week, Google committed to offer Wikipedia an additional $3.1 million, along with providing several of its machine learning tools to the editors of Wikipedia at no cost, the companies said. Google.org, thanks in part to contributions from employees, will be giving $1.1 million to the Wikimedia Foundation and $2 million to the Wikimedia Endowment, an independent fund that supports Wikipedia and other long-term Wikimedia projects. As part of the announcement, the companies said they will be expanding Project Tiger, a joint initiative they launched in 2017 to increase the number of articles in underrepresented languages in India. They intend to provide editors with resources and insights to create new Wikipedia articles across 10 languages in India, Indonesia, Mexico, Nigeria, and the Middle East and North Africa (MENA) region. The initiative is being rebranded as GLOW, which is supposed to stand for Growing Local Language Content on Wikipedia.

Read more of this story at Slashdot.

Popular free Android VPN apps on Play Store contain malware

By Waqas

If you want to ensure optimal privacy while surfing the web, a VPN (virtual private network) is the only reliable option. In this regard, a majority of web and smartphone users rely upon free VPN services, which according to the latest research is a risky step. In 2017, researchers identified that 38% of Android VPN apps on […]

This is a post from HackRead.com Read the original post: Popular free Android VPN apps on Play Store contain malware

Google Will Start Retiring Hangouts For G Suite Users In October

In a blog post, Google clarified the timeline of the transition from classic Hangouts to Chat and Meet for its paying G Suite customers. "For them, the Hangouts retirement party will start in October of this year," reports TechCrunch. From the report: For consumers, the situation remains unclear, but Google says there will be free versions of Chat and Meet that will become available "following the transition of G Suite customers." As of now, there is no timeline, so for all we know, Hangouts will remain up and running into 2020. As for G Suite users, Google says it will start bringing more features from classic Hangouts to Chat between April and September. Those include integration with Gmail, the ability to talk to external users, improved video calling and making calls with Google Voice.

Read more of this story at Slashdot.

Google Considering Pulling News Service From Europe

Google is considering pulling its Google News service from Europe as regulators work toward a controversial copyright law. From a report: The European Union's Copyright Directive will give publishers the right to demand money from Alphabet, Facebook and other web platforms when fragments of their articles show up in news search results, or are shared by users. The law was supposed to be finalized this week but was delayed by disagreement among member states. Google News might quit the continent in response to the directive, said Jennifer Bernal, Google's public policy manager for Europe, the Middle East and Africa. The internet company has various options, and a decision to pull out would be based on a close reading of the rules and taken reluctantly, she said. "The council needs more time to reflect in order to reach a solid position" on the directive, said a representative of Romania, current head of the European Council, which represents the 28 member nations.

Read more of this story at Slashdot.

First Large GDPR Fine issued and its to Google for €50 million

Every member state, organisation and almost every individual have been watching supervisory authorities closely to see if and who will

First Large GDPR Fine issued and its to Google for €50 million on Latest Hacking News.

Google Says Data is More Like Sunlight Than Oil

Google wants to popularize a more upbeat way of describing data: It's more like sunlight than oil. From a report: Speaking at the World Economic Forum in Davos, Switzerland, on Tuesday morning, Google's chief financial officer, Ruth Porat, said that "data is more like sunlight than oil," adding, "It is like sunshine -- we keep using it, and it keeps regenerating." It's a twist on the well-known phrase "data is the new oil," meaning the world's most valuable resource is information rather than petroleum. Like the oil barons who preceded them, Silicon Valley titans such as Google, Facebook, and Amazon have risen quickly to profit from this new resource and even control its flow. And in another echo of history, regulators are eyeing the industry.

Read more of this story at Slashdot.

DarkHydrus Phishery tool spreading malware using Google Drive

By Waqas

DarkHydrus is back in action with a new variant of RogueRobin malware to target Middle Eastern Politicians by abusing Google Drive. The primary focus of cybercriminals nowadays is to use the infrastructure of genuine services in their attacks in order to prevent detection from security tools. The same strategy has been adopted by DarkHydrus group […]

This is a post from HackRead.com Read the original post: DarkHydrus Phishery tool spreading malware using Google Drive

Google Fined 50 Million EUR for Violating GDPR Rules

Tech giants Amazon, Apple, Google, Netflix and Spotify have all been accused of not complying with GDPR, Europe’s data privacy regulations, and could face hefty fines for continuous violations. Things have now escalated, as Google has to pay a fine of 50 million euros for an ongoing violation after French data regulator CNIL accused the company of “lack of transparency, inadequate information and lack of valid consent regarding ads personalization,” writes the BBC.

“The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalization, speech recognition etc.),” CNIL said. “However, the GDPR provides that the consent is ‘specific’ only if it is given distinctly for each purpose.”

The regulator says Google’s consent policies are neither transparent enough nor “easily accessible,” which kept users in the dark about how their personal data was used in personalizing ads and other services. Also, the information was “disseminated across several documents” making it difficult for users to review.

“The relevant information is accessible after several steps only, implying sometimes up to five or six actions,” the regulator said. “Users are not able to fully understand the extent of the processing operations carried out by Google.”

CNIL acted upon complaints filed in May by privacy advocates noyb and La Quadrature du Net (LQDN) as soon as legislation went into effect.

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” a Google spokesperson said in a statement to a local publication. “We’re studying the decision to determine our next steps.”

France watchdog fines Google with $57 million under the EU GDPR

The French data protection watchdog CNIL announced a fine of 50 million euros ($57 million) for US search giant Google under GDPR.The French data protection watchdog CNIL announced a fine of 50 million euros ($57 million) for US search giant Google under GDPR.

On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.” reads the press release published by the CNIL.

The investigation conducted by the French watchdog was started with two complaints against Google by the non-profit organizations None Of Your Business (NOYB) and La Quadrature du Net (LQDN).
Both organizations filed a complaint against Facebook in May.

The CNIL condemned Google for the violation of transparency and consent rules under the EU GDPR,

The search engine giant made it difficult for its users to find and manage preferences on data processing purposes, data retention, in particular with regards to targeted advertising.

Google has intentionally disseminated this information among too many documents, access them required up to 6 separate actions.

Anyway, the CNIL confirmed that that information is “not always clear nor comprehensive.”

“Moreover, the restricted committee observes that some information is not always clear nor comprehensive.” continues the press release.

“Users are not able to fully understand the extent of the processing operations carried out by Google,” the Commission says. “Similarly, the information communicated is not clear enough so that the user can understand that the legal basis of processing operations for the ads personalization is the consent and not the legitimate interest of the company.”

Google French watchdog

Google was also condemned because it does not obtain its user’s explicit consent to process data for targeted advertising.

the user not only has to click on the button “More options” to access the configuration, but the display of the ads personalization is moreover pre-ticked. However, as provided by the GDPR, consent is “unambiguous” only with a clear affirmative action from the user (by ticking a non-pre-ticked box for instance).”

The French watchdog also noted that before creating an account, the user is asked to tick the boxes « I agree to Google’s Terms of Service» and « I agree to the processing of my information as described above and further explained in the Privacy Policy» in order to proceed with the operation. But in this way, the user gives his full consent for all the processing operations purposes carried out by GOOGLE, including ads personalization, speech recognition. However, the GDPR provides that the consent must be explicit and “specific” for each purpose, broader consent is not allowed.

Are 50 euros million a big fine?

Absolutely no in comparison to the fines allowed by GDPR that could be also of 4 percent of the company’s annual global revenue.

Google has contested the decision of the French watchdog, it said that it should not apply only to the global Google.com domain.

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.” reads a statement issued by the company.

Pierluigi Paganini

(SecurityAffairs – French watchdog, Google)

The post France watchdog fines Google with $57 million under the EU GDPR appeared first on Security Affairs.

Industry reactions to Google’s €50 million GDPR violation fine

On 21 January 2019, the French National Data Protection Commission (CNIL) imposed a financial penalty of €50 million against Google, in accordance with the GDPR. This is the first time that the CNIL applies the new sanction limits provided by the GDPR. The amount decided and the publicity of the fine are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent. Here are some reactions … More

The post Industry reactions to Google’s €50 million GDPR violation fine appeared first on Help Net Security.

Google Fined $57 Million By French Data Privacy Body For Failing To Comply With EU’s GDPR Regulations

schwit1 shares a report from VentureBeat: Google has been hit by a $57 million fine by French data privacy body CNIL (National Data Protection Commission) for failure to comply with the EU's General Data Protection Regulation (GDPR) regulations. The CNIL said that it was fining Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," according to a press release issued by the organization. The news was first reported by the AFP. What the CNIL is effectively referencing here is dark pattern design, which attempts to encourage users into accepting terms by guiding their choices through the design and layout of the interface. This is something that Facebook has often done too, as it has sought to garner user consent for new features or T&Cs. It's worth noting here that Google has faced considerable pressure from the EU on a number of fronts over the way it carries out business. Back in July, it was hit with a record $5 billion fine in an Android antitrust case, though it is currently appealing that. A few months back, Google overhauled its Android business model in Europe, electing to charge Android device makers a licensing fee to preinstall its apps in Europe. Google hasn't confirmed what its next steps will be, but it will likely appeal the decision as it has done with other fines. "People expect high standards of transparency and control from us," a Google spokesperson told VentureBeat. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."

Read more of this story at Slashdot.

Google fined $57 million by France for lack of transparency and consent

The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data

Hacker Alexander Zhukov Extradited to US After Infecting Over 1.7 Million Computers

News disclosed on the Russian version of Facebook, VK, states that Bulgaria has extradited Russian hacker Alexander Zhukov to the US

Hacker Alexander Zhukov Extradited to US After Infecting Over 1.7 Million Computers on Latest Hacking News.

Clever Smartphone Malware Concealment Technique

This is clever:

Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks.

The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers­ -- and possibly Google employees screening apps submitted to Play­ -- are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.


Google Pays Fossil $40M To Compete With Apple Watch

Undoubtedly, Apple has dominated the smartwatch market since the arrival of first-generation Apple Watch in 2015. The close integration of iOS with WatchOS has helped Apple Watches to gain immense popularity.

Meanwhile, Google has also been working on improving its WearOS. That said, watches running on WearOS are not as feature-rich and reliable as Apple Watches. To compete with Apple Watches, Google will be paying Fossil $40 million to buy the company’s smartwatch-related intellectual property.

So here’s everything you need to know about Google’s attempt to compete with Apple Watch.

ALSO READ: Google Chrome’s Dark Mode For macOS To Arrive In Early 2019

Google Pays Fossil $40M To Purchase Smartwatch-Related Intellectual Property

WearOS is a version of Google’s Android operating system designed for smartwatches and other wearables. Google will be paying $40M to fossil and acquire the smartwatch technology of the company.

This purchase will also include a shift of members of Fossil’s research and development team to Google coupled with the Intellectual Property. The deal will be finalized later this month.

Google VP of Project Management of Wear OS Stacey Burr stated that “We saw some technology that they were developing that we thought could be brought out in a more expansive way if Google had that technology, and was not only able to continue to use it with Fossil but bring it to other partners in the ecosystem.”


Google WearOS: What Can We Expect

As mentioned earlier, Google is working hard to improve the performance and stability of WearOS. We can even expect the Pixel watch to launch by late 2019. Well, If Google manages to optimize the software for low-powered hardware then the Pixel watch will prove to be a good Apple Watch alternative.

It is worth noting that, Apple Watch only supports iOS. While almost 80% of smartphones are running on Android. Consequently, If Google produces a pixel branded smartwatch it will witness a good adoption rate.

Do share your thoughts and opinions on WearOS in the comments section below.

The post Google Pays Fossil $40M To Compete With Apple Watch appeared first on TechWorm.

Google Criticized Over Its Handling of the End of Google+

Long-time Slashdot reader Lauren Weinstein shares his report on how Google is handling the end of its Google+ service. He's describing it as "a boot to the head: when you know that Google just doesn't care any more" about users "who have become 'inconvenient' to their new business models." We already know about Google's incredible user trust failure in announcing dates for this process. First it was August. Then suddenly it was April. The G+ APIs (which vast numbers of web sites -- including mine -- made the mistake of deeply embedding into their sites), we're told will start "intermittently failing" (whatever that actually means) later this month. It gets much worse though. While Google has tools for users to download their own G+ postings for preservation, they have as far as I know provided nothing to help loyal G+ users maintain their social contacts... As far as Google is concerned, when G+ dies, all of your linkages to your G+ friends are gone forever. You can in theory try to reach out to each one and try to get their email addresses, but private messages on G+ have always been hit or miss... And with only a few months left until Google pulls the plug on G+, I sure as hell wouldn't still be soliciting for new G+ users! Yep -- believe it or not -- Google at this time is STILL soliciting for unsuspecting users to sign up for new G+ accounts, without any apparent warnings that you're signing up for a service that is already officially the walking dead! Perhaps this shows most vividly how Google today seems to just not give a damn about users who aren't in their target demographics of the moment. Or maybe it's just laziness. I'd be more upset about this if I actually used Google+ -- but has Google been unfair to the users who do? "[T]he way in which they've handled the announcements and ongoing process of sunsetting a service much beloved by many Google users has been nothing short of atrocious," Weinstein writes, "and has not shown respect for Google's users overall."

Read more of this story at Slashdot.

Malicious apps deploy Anubis banking trojan using motion detection

By Waqas

Google has left no stone unturned in preventing malware and banking trojan from invading the applications uploaded on its official Play Store. Despite having anti-malware protection, shady applications somehow make it to the platform. In fact, malware developers have become so advanced in their skills and tactics that they are now using motion detection technology […]

This is a post from HackRead.com Read the original post: Malicious apps deploy Anubis banking trojan using motion detection

Twitter bug exposed private tweets of Android users to public for years

By Carolina

A security bug in Twitter exposed private tweets of users to the public. The flaw only affected Android users of the Twitter app while iPhone users were not affected. According to Twitter, private tweets of users from November 3, 2014, to January 14, 2019, were exposed. Although the company did not say how many people were affected […]

This is a post from HackRead.com Read the original post: Twitter bug exposed private tweets of Android users to public for years

Pixelbook and ‘Nami’ Chromebooks the First To Get Linux GPU Acceleration in Project Crostini

Kevin C. Tofel, writing for About Chromebooks: I've been following the bug report that tracks progress on adding GPU acceleration for the Linux container in Chrome OS and there's good news today. The first two Chrome OS boards should now, or very soon, be able to try GPU hardware acceleration with the new startup parameter found last month. The bug report says the -enable-gpu argument was added to the Eve and Nami boards. There's only one Eve and that's the Pixelbook. Nami is used on a number of newer devices, including: Dell Inspiron 14, Lenovo Yoga Chromebook C630, Acer Chromebook 13, Acer Chromebook Spin 13, and HP X360 Chromebook 14.

Read more of this story at Slashdot.

Where Can IT Get Expert Guidance for Managing Android in the Enterprise?

Over the past decade, Android has taken the enterprise by storm. In each new operating system (OS) version update, its capabilities continue to become more business-friendly as the strength and depth of its mobile security functionality improves. With these changes considered, it’s clear Google is committed to delivering an OS that transcends the consumer world into the enterprise. For this reason, it’s no surprise that one of the world’s most popular platforms appears on IT’s shortlist for new device investments and bring-your-own-device (BYOD) programs.

Despite its extensive improvements over time, one of the biggest questions that remains for IT decision-makers is, “How can I be certain I am managing and securing Android with the best tools and technical resources available to me?”

Register for the webinar

The Android Enterprise Recommended Program

With its introduction of the Android Enterprise Recommended program earlier this year, Google has improved this decision-making process for IT leaders, making it possible to zero in on the vendors that meet specifications across a broad range of stringent criteria. The limited number of vendors that achieve this validation have not only taken appropriate steps to support the full gamut of Android’s specifications — they have also gone the extra mile to partake in Google-led trainings that enable them to deliver an exceptional experience for partners and customers.

Android Enterprise Recommended

Up until this point, the Android Enterprise Recommended program has been available to help IT teams select smartphones, tablets and ruggedized devices that are well-suited for the enterprise setting. However, customers and partners have had to conduct independent research and assessments to determine which enterprise mobility management (EMM) solutions should be used to manage Android devices in the enterprise.

These evaluations cannot be taken lightly; enterprise use cases for Android have grown in number, and organizations need to ensure that their EMM of choice has what it takes to support them. Furthermore, security threats have evolved and become more complex, and endpoints and their users remain their biggest targets. The less careful organizations are about who they partner with in supporting their environment, the consequences become more severe.

These reasons considered, at minimum EMMs should be able to prove their ongoing commitment to delivering same-day support for the latest OS updates. As Android continues to roll out new functionality for Android in the enterprise — most recently zero-touch enrollment, managed Google Play, Verify Apps and SafetyNet APIs — the onus is also on EMMs to keep up.

A Program Expansion for Enterprise Mobility Management Vendors

To stay ahead of the evolving threat landscape and more effectively manage Android devices, IT decision-makers need to fast-track the EMM selection process. That’s why Google expanded its Android Recommended Program to help security leaders gain confidence in their EMM selection, streamline deployment and deliver up-to-date support for the latest updates.

IBM MaaS360 with Watson is a validated solution in the Android Enterprise Recommended program for EMMs, placing it among the select few EMMs that meet these new comprehensive program requirements.

Recognizing the value of the overall Android Enterprise Recommended program, MaaS360 delivers support for all Android Enterprise Recommended OEM devices, including both categories of knowledge worker and rugged use cases.

To learn more, register for our Jan. 31 webinar, “IBM Joins Google in Announcing Android Enterprise Recommended Program for EMMs” or watch it on-demand thereafter.

Register for the  webinar

Google and Android are trademarks of Google LLC.

The post Where Can IT Get Expert Guidance for Managing Android in the Enterprise? appeared first on Security Intelligence.

The Pirate Bay malware can empty your Cryptocurrency wallet

By Waqas

The malware was found hidden in the Windows shortcut file on The Pirate Bay. A new malware has been identified in popular torrent forum The Pirate Bay. The malware is discovered in a shortcut file for a movie and it has the capability to manipulate web pages along with changing the addresses for Bitcoin and […]

This is a post from HackRead.com Read the original post: The Pirate Bay malware can empty your Cryptocurrency wallet

University of Maryland Researchers Use Audio Files and AI to Defeat reCaptcha Challenges

University of Maryland researchers warn that with limited resources, threat actors could launch a successful cyberattack on Google’s bot-detecting reCaptcha service.

In an academic paper detailing their findings, the researchers discuss how they created a tool called unCaptcha, which uses audio files in conjunction with artificial intelligence (AI) technologies such as speech-to-text software to bypass the Google security mechanism.

Over more than 450 tests, the unCaptcha tool defeated reCaptcha with 85 percent accuracy in 5.42 seconds, on average. This study proved that threat actors could potentially break into web-based services, pursue automated account creation and more.

How Researchers Got Around reCaptcha

Online users will recognize reCaptcha as a small box that appears on many websites when signing up or logging in to digital services. Website visitors are typically asked to solve a challenge to prove they’re human, whether it’s typing in letters next to a distorted rendering of the letters, answering a question or clicking on images.

In this case, the University of Maryland researchers took advantage of the fact that Google’s system offers an audio version of its challenges for those who may be visually impaired. The attack method involved navigating to Google’s reCaptcha demo site, finding the audio challenge and downloading it, then putting it through a speech-to-text engine. After an answer had been parsed, it could be typed in and submitted.

While Google initially responded by creating a new version of reCaptcha, the researchers did the same thing with unCaptcha and were even more successful. In an interview with BleepingComputer, one of the researchers said the new version had a success rate of around 91 percent after more than 600 attempts.

Securing the Web Without CAPTCHAs

The research paper recommends a number of possible countermeasures to a tool such as unCaptcha, including broadening the sound bytes of reCaptcha audio challenges and adding distortion. CAPTCHAs are far from the only option available to protect digital services, however.

IBM Security experts, for example, discussed the promise of managed identity and access management (IAM), which allows organizations to not only protect online services with additional layers of security, but also have a third party deal with operational chores such as patching and resolving upcoming incidents. If a group of academics can automate attacks on CAPTCHA systems this successfully, it may be time for security leaders and their teams to look for something more sophisticated.

The post University of Maryland Researchers Use Audio Files and AI to Defeat reCaptcha Challenges appeared first on Security Intelligence.

Google to ban harmful, intrusive web ads globally starting July 9

Beginning July 9, 2019, Chrome web browsers worldwide will expand user protections and stop showing disruptive and potentially harmful ads. The safeguards are in place for North America and Europe, but will expand globally come summer.

Google’s planned update for July 9 is driven by the Better Ads Standards developed by the Coalition for Better Ads, a consortium dedicated to improving the web advertising experience based on feedback from over 66,000 consumers worldwide.

The group has identified 12 advertising tools that users find intrusive, including pop-ups, auto-play ads, presidential ads, and large sticky ads. Mobile users are particularly disrupted by full-screen scroll over ads, flashing animated ads, banners with a density larger than 30%, and others.

The Coalition for Better Ads this week announced plans to expand its standards beyond North America and Europe, and Google, being the commander of the Internet that it is, will follow suit with a special update for Chrome users.

“Following the Coalition’s lead, beginning July 9, 2019, Chrome will expand its user protections [globally] and stop showing all ads on sites in any country that repeatedly display these disruptive ads,” according to a post on the Chromium blog.

If you own a website, you want to be sure you don’t attract the referee’s ire come July 9, so consider reviewing your site status in the Ad Experience Report. The tool is designed to identify ad experiences that violate the Better Ads Standards. If the tool finds a violation, you can request a review of your site after you’ve fixed the issues. This not only helps your site, but also helps publishers in the long run, expanding their understanding of intrusive ad experiences.

Historical OSINT – Malware Domains Impersonating Google

It''s 2008 and I've recently stumbled upon a currently active typosquatted portfolio of malware-serving domains successfully impersonating Google further spreading malicious software to hundreds of thousands of unsuspecting users. In this post I'll provide actionable intelligence on the infrastructure behind the campaign. Related malicious domains known to have participated in the campaign:

Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why

Google Chrome is the most popular web browser and has been so for almost a decade. Each new version of Chrome brings new usability, security and performance features.

This article focuses on the “headless mode” feature that Google released more than a year ago; and, since day one has become very popular not only among software engineers and testers but also with attackers.

Off with their heads!

Headless mode is a functionality that allows the execution of a full version of the latest Chrome browser while controlling it programmatically. It can be used on servers without dedicated graphics or display, meaning that it runs without its “head”, the Graphical User Interface (GUI).

In headless mode, it’s possible to run large scale web application tests, navigate from page to page without human intervention, confirm JavaScript functionality and generate reports.


As with benign cases, the same functionality takes place in malicious scenarios, when an attacker needs to evaluate JavaScript or emulate browser functionality.

The practice of web browser automation isn’t new. It’s used in dedicated headless browsers like PhantomJS and NightmareJS, test frameworks like Capybara and Jasmin, and tools like Selenium that can automate different browsers including Chrome.

How popular is Headless Chrome?

The chart below shows the amount of traffic generated by Headless Chrome and other major headless browsers since its release date in June 2017. In comparison to other headless browsers and automation frameworks, Headless Chrome overtook the previous leader, PhantomJS, within a year of its release.

Automated browser trends over the last year

The data collected from our cloud WAF statistics, reinforced by data from Google Trends, highlight how the popularity of PhantomJS fades, while Headless Chrome’s trajectory keeps climbing.

PhantomJS and Headless Chrome: Google search trends

Automated browsers driving increased traffic

Apart from Headless Chrome’s popularity, and the degradation in the popularity of outdated tools, we observed an increase in total traffic generated by automated browsers compared to non-automated web surfing.

The chart below represents the percentage of automated browsers out of total traffic generated by web browsers:

Traffic ratio between automated and non-automated browsers

So, why is Headless Chrome so popular?

There are several reasons for Headless Chrome’s popularity; one being the support for Chrome’s new “out of the box” features, which constantly introduce new trends in web development. Another reason is the support for major desktop, server, and mobile operating systems. Headless Chrome also has convenient development tools and many additional useful features for Devs.

 

The release of Puppeteer a couple of months after the release of the headless functionality was a decisive push in Headless Chrome’s popularity. Puppeteer is a NodeJs library developed by the Chrome team, which provides a high-level API to control headless and full versions of the latest Chrome.

Enter Puppeteer

Puppeteer is a common and natural way to control Chrome. It provides full access to browser features and, most importantly, can run Chrome in fully headless mode on a remote server, which is very useful for both automation teams and attackers.

 

Without much difficulty, attackers can put in place an infrastructure with a host of nodes running Headless Chrome and orchestrated by one component (Puppeteer).

 

Apart from Puppeteer, Chrome can be automated using webdriver and automation frameworks like Selenium or by direct access through Command Line Interface (CLI). In this case, some Chrome functionality will be limited, but it offers the flexibility to write automation in any programing language besides NodeJS and JavaScript.

Just how popular is it among attackers?

By analyzing malicious activity generated by automated browsers, I found that PhantomJS was a leader not only in the amount of traffic it produced but also in malicious activity.


However, nowadays, Chrome occupies the top of the “attackers’ podium,” with half of the malicious traffic divided evenly between execution in headless and non-headless mode.

Taking a closer look at malicious traffic, however, I found that there are no specific trends indicating a preference among attackers for Headless Chrome to exploit vulnerabilities, inject SQL or carry out cross-site scripting attacks (XSS). That said, occasional spikes show attempts at targeting specific sites by using vulnerability scanners, or attempts to exploit newly released vulnerabilities using the “spray and pray” technique.

 

Using a web browser for vulnerability scanning is crafty, but not a new approach, as it can help to bypass some validation mechanisms based on validation of the legitimacy of the client.

WAF events generated by Headless Chrome

Analyzing traffic from the last year, I didn’t find any DDoS attacks performed from a botnet based on Headless Chrome. Nothing similar to the Headless Android Botnet that was discovered two years ago and since then all but vanished.

 

Usage of automated browsers in general, and Headless Chrome in particular, for DDoS, is not common practice. The reason for this is the low request rate to the server that browsers can generate. As Chrome receives the response from the server, evaluates it and only then performs the next request, its rate is very low in comparison to a simple script that floods with many requests and doesn’t “care” about the responses.

 

Having said that, we observe more than 10K unique IP addresses daily performing scraping, sniping, carding, blackhat SEO and other types of malicious activity where JavaScript evaluation is necessary to perform the attack. Distribution among the countries performing these malicious activities is presented in the chart below. While 7% of the traffic is coming from proxies or VPNs to hide the origin of the attack.

Geographical distribution of malicious Headless Chrome traffic

But what about legitimate services?

Headless Chrome isn’t only used by attackers but also by legitimate services. We observe dozens of legitimate well-known web tools that use it to access websites.

 

  • Search engines use it to render the page, generate dynamic content and index data from single page web applications.
  • SEO tools use it to analyze your website and help promote it better.
  • Monitoring tools use Headless Chrome to measure performance and JavaScript execution time of web applications.
  • Online testing tools render pages and compare it to previous versions to track regression or distortion in the user interface.

Ok, so how do we make sure we’re protected?

At this point, you’re probably asking yourself whether or not to block Headless Chrome or any other automated browsers.

 

The answer to this question is “yes… and no.”

 

Using Headless Chrome by itself is not malicious, and as stated earlier, there are legitimate scenarios and services that use this functionality to access websites. Whitelisting all legitimate services is tough work, as it requires constant mapping and maintaining the lists of such services and their IPs.

 

The decision to block Headless Chrome requests or not should be based on the intent and behavior of each IP and session individually.

 

Unless the payload is malicious (which is high evidence of malicious activity), it is better to pass some requests to the website, analyze the behavior and only then decide whether to block or not.

 

The reputation of IPs and their correlation, sophisticated heuristics, and machine learning algorithms can be implemented to make a deliberate decision, which will give better long-term results than aggressive blocking, at least in most cases.

 

For Imperva Incapsula users, a set of IncapRules can be implemented to block Headless Chrome from accessing your website. Starting from a simple rule based on client classification up to sophisticated rules including rates, tags, and reputation.

The post Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why appeared first on Blog.

Police arrest alleged Russian hacker behind huge Android ad scam

Police in Bulgaria have arrested an alleged Russian hacker who may be responsible for a huge Android ad scam that netted $10 million. The individual identified as Alexander Zhukov is a Saint Petersburg native who's been living in Varna, Bulgaria, since 2010 and was apprehended on November 6th after the US issued an international warrant for his arrest, according to ZDNet.

Source: Kommersant

Android Ecosystem Security Transparency Report is a wary first step

Reading through Google’s first quarterly Android Ecosystem Security Transparency Report feels like a mix of missed opportunities and déjà vu all over again.

Much of what is in the new Android ecosystem security report is data that has been part of Google’s annual Android Security Year in Review report, including the rates of potentially harmful applications (PHAs) on devices with and without sideloaded apps — spoiler alert: sideloading is much riskier — and rates of PHAs by geographical region. Surprisingly, the rates in Russia are lower than in the U.S.

The only other data in the Android ecosystem security report shows the percentage of devices with at least one PHA installed based on Android version. This is new data shows that the newer the version of Android, the less likely it is a device will have a PHA installed.

However, this also hints at the data Google didn’t include in the report, like how well specific hardware partners have done in updating devices to those newer versions of Android. Considering that Android 7.x Nougat is the most common version of the OS in the wild at 28.2% and the latest version 9.0 Pie hasn’t even cracked the 0.1% marker to be included in Google’s platform numbers, the smart money says OEM updating stats wouldn’t be too impressive.

There’s also the matter of Android security updates and the data around which hardware partners are best at pushing them out. Dave Kleidermacher, head of Android security and privacy, said at the Google I/O developer conference in May 2018 that the company was tracking which partners were best at pushing security updates and that it was considering adding hardware support details to future Android Ecosystem Security Transparency Reports. More recently, Google added stipulations to its OEM contracts mandating at least four security updates per year on Android devices.

It’s unclear why Google ultimately didn’t include this data in the report on Android ecosystem security, but Google has been hesitant to call out hardware partners for slow updates in the past. In addition to new requirements in Android partner contracts regarding security updates, there have been rules stating hardware partners need to update any device to the latest version of Android released in the first 18 months after a device launch. However, it has always been unclear what the punishment would be for breaking those rules. Presumably, it would be a ban on access to Google Play services, the Play Store and Google Apps, but there have never been reports of those penalties being enforced.

Google has taken steps to make Android updates easier, including Project Treble in Android 8.0 Oreo, which effectively decoupled the Android system from any software differentiation added by a hardware partner. But, since Android 7.x is still the most common version in the wild, it doesn’t appear as though that work has yielded much fruit yet.

Adding OS and security update stats to the Android Ecosystem Security Transparency Report could go a long way towards shaming OEMs into being better and giving consumers more information with which to make purchasing decisions, but time will tell if Google ever goes so far as to name OEMs specifically.

The post Android Ecosystem Security Transparency Report is a wary first step appeared first on Security Bytes.

Google sets Android security updates rules but enforcement is unclear

The vendor requirements for Android are a strange and mysterious thing but a new leak claims Google has added language to force manufacturers to push more regular Android security updates.

According to The Verge, Google’s latest contract will require OEMs to supply Android security updates for two years and provide at least four updates within the first year of a device’s release. Vendors will also have to release patches within 90 days of Google identifying a vulnerability.

Mandating more consistent Android security updates is certainly a good thing, but it remains unclear what penalties Google would levy against manufacturers that fail to provide the updates or if Google would follow through on any punitive actions.

It has been known for years that Google sets certain rules for manufacturers who want to include the Play Store, Play services and Google apps on Android devices, but because enforcement has been unclear the rules have sometimes been seen as mere suggestions.

For example, Google has had a requirement in place since the spring of 2011 mandating manufacturers to upgrade devices to the latest version of the Android OS released within 18 months of a device’s launch. However, because of the logistics issues of providing those OS updates, Google has rarely been known to enforce that requirement.

This can be seen in the Android OS distribution numbers, which are a complete mess. Currently, according to Google, the most popular version of Android on devices in the wild is Android 6.0 Marshmallow (21.6%), followed by Android 7.0 (19%), Android 5.1 (14.7%), Android 8.0 (13.4%) and Android 7.1 (10.3%). And not even showing up on Google’s numbers because it hasn’t hit the 0.1% threshold for inclusion is Android 9.0 released in August.

Theoretically, the ultimate enforcement of the Android requirements would be Google barring a manufacturer from releasing a device that includes Google apps and services, but there have been no reports of that ever happening. Plus, the European Union’s recent crackdown on Android give an indication that Google does wield control over the Android ecosystem — and was found to be abusing that power.

The ruling in the EU will allow major OEMs to release forked versions of Android without Google apps and services (something they were previously barred from doing by Google’s contract). It will also force Google to bundle the Play Store, services and most Google apps into a paid licensing bundle, while offering — but not requiring — the Chrome browser and Search as a free bundle. Although early rumors suggest Google might offset the cost of the apps bundle by paying OEMs to use Chrome and Google Search, effectively making it all free and sidestepping any actual change.

These changes only apply to Android devices released in the EU, but it should lead to more devices on the market running Android but featuring third-party apps and services. This could mean some real competition for Google from less popular Android forks such as Amazon’s Fire OS or Xiaomi’s MIUI.

It’s still unknown if the new rules regarding Android security updates are for the U.S. only or if they will be part of contracts in other regions. But, an unintended consequence of the EU rules might be to strengthen Google’s claim that the most secure Android devices are those with the Play Store and Play services.

Google has long leaned on its strong record of keeping malware out of the Play Store and off of user devices, if Play services are installed. Google consistently shows that the highest rates of malware come from sideloading apps in regions where the Play Store and Play services are less common — Russia and China – and where third-party sources are more popular.

Assuming the requirements for Android security updates do apply in other regions around the globe, it might be fair to also assume they’d be tied to the Google apps and services bundle (at least in the EU) because otherwise Google would have no way to put teeth behind the rules. So, not only would Google have its stats regarding how much malware is taken care of in the Play Store and on user devices by Play services, it might also have more stats showing those devices are more consistently updated and patched.

The Play Store, services and Google apps are an enticing carrot to dangle in front of vendors when requiring things like Android security updates, and there is reason to believe manufacturers would be willing to comply in order to get those apps and services, even if the penalties are unclear.

More competition will be coming to the Android ecosystem in the EU, and it’s not unreasonable to think that competition could spread to the U.S., especially if Google is scared to face similar actions by the U.S. government (as unlikely as that may seem).  And the less power Google apps and services have in the market, the  less force there will be behind any Google requirements for security updates.

 

The post Google sets Android security updates rules but enforcement is unclear appeared first on Security Bytes.

Safer Internet Day: 4 Things You Might Not Realise Your Webfilter Can Do

Since it's Safer Internet Day today, I thought i'd use it as an excuse to write a blog post. Regular readers will know I don't usually need an excuse, but I always feel better if I do.

Yesterday, I was talking to our Content Filter team about a post on the popular Edugeek forum, where someone asked "is it possible to block adult content in BBC iPlayer?". Well, with the right web filter, the answer is "yes", but how many people think to even ask the question? Certainly we hadn't thought much about formalising the answer. So I'm going to put together a list of things your web filter should be capable of, but you might not have realised...


1. Blocking adult content on "TV catch up" services like iPlayer. With use of the service soaring, it's important that any use in education is complemented with the right safeguards. We don't need students in class seeing things their parents wouldn't want them watching at home. There's a new section of the Smoothwall blocklist now which will deal with anything on iPlayer that the BBC deem unsuitable for minors.

2. Making Facebook and Twitter "Read Only". These social networks are great fun, and it can be useful to relax the rules a bit to prevent students swarming for 4G. A read-only approach can help reduce the incidence of cyber-bullying and keep users more focused.

3. Stripping the comments out of YouTube. YouTube is a wonderful resource, and the majority of video is pretty safe (use Youtube for Schools if you want to tie that down further — your filter can help you there too). The comments on videos, however, are often at best puerile and at worst downright offensive. Strip out the junk, and leave the learning tool - win win!

4. Busting Google searches back down to HTTP and forcing SafeSearch. Everybody appreciates a secure service, but when Google moved their search engine to HTTPS secure traffic by default, they alienated the education community. With SSL traffic it is much harder to vet search terms, log accesses in detain, and importantly force SafeSearch. Google give you DNS trickery to force the site back into plain HTTP - but that's a pain to implement, especially on a Windows DNS server. Use your web filter to rewrite the requests, and have the best of both.

Analyzing [Buy Cialis] Search Results

A few days ago I was updating the spammy word highlighting functionality in Unmask Parasites results and needed to test the changes on real websites. To find hacked websites with spammy content I would normally google for [viagra] or [cialis], which are arguably the most targeted keywords used in black hat SEO hacks. However after the Google’s June update in how they rank web pages for spammy queries, I didn’t have much expectation of seeing hacked sites on the first page of search results for my usual [buy cialis] query and was ready to check a few more pages.

Indeed, for queries like [payday loans] I can see quite relevant results on the first three pages. All sites are specialized and don’t look like doorways on hacked sites. That’s really good. For [viagra] I found only one result on the first page pointing to a doorway on a hacked site. Still good.

However, when I entered a really spammy combination [buy viagra], the search results were less than optimal — 5 out of 10 led to hacked sites. And at least 2 out of the rest 5 specialized sites were promoted using hidden links on hacked sites. Not good. And the worst results (although ideal for testing my update) were for the [buy cialis] query — 100% of results on the first page (10 out of 10) led to doorways on hacked sites or simply spammy web pages. Not a single result from websites that really have anything to do with cialis.

buy cialis results

Results analysis

Here is the breakdown of the first 10 results (links go to real time Unmask Parasites reports for these pages and at the moment of writing they all reveal spammy content. However this may change over time):

  1. www.epmonthly .com/advertise/ — doorway on a hacked site
  2. werenotsorry .com/ — strange spammy site with a rubbish content like this “The car buy cialis in your car is the ultimate well source of electrical amazing power in your car.
  3. incose .org/dom/ — doorway on a hacked site.
  4. www.deercrash .org/buy/cialis/online/ — doorway on a hacked site
  5. jon-odell .com/?p=54 — doorway on a hacked site
  6. www.goodgrief .org .au/Cialis/ — doorway on a hacked site
  7. www.asm .wisc .edu/buy-cialis — doorway on a hacked site
  8. www.mhfa .com .au/cms/finance-home/ — doorway on a hacked site
  9. www .plowtoplate .org/library/51.html — doorway on a hacked site
  10. john-leung .com/?p=16 — doorway on a hacked site

Over the course of the past week the results slightly fluctuated and sometimes I saw the following links on the first SERP.

Out of 18 links that I encountered on the first page for [buy cialis] 15 point to doorways on hacked sites, 1 to a site with unreadable machine-generated text (still not sure whether it’s some SEO experiment or a backdoor with a tricky search traffic processing procedure) and 2 specialized sites relevant to the query but with quite bad backlink profiles. Overall 0% of results that follow Google’s quality guidelines.

So the Google’s update for spammy queries doesn’t seem to work as it should at least for some über spammy queries. It’s sad. And the reason why I’m sad is not that I worry about people who use such queries on Google to buy some counterfeit drugs. My major concern is this situation justifies the huge number of sites (many thousands) that cyber-criminals hack in order to put a few of their doorways to the top for relevant queries on Google.

Behind the scenes

The above 15 hacked sites that I found on the first Google’s SERP are actually only a tip of the iceberg. Each of them is being linked to from many thousands (if not millions) pages from similarly hacked sites. Here you can see a sample list of sites that link to the above 15 (you might need a specialized tool like Unmask Parasites to see hidden and cloaked links there).

Many of the hacked web pages link to more than one doorway page, which maximizes changes that one of them will be finally chosen by Google to be displayed on the first page for one of the many targeted keywords. And at the same time this helps to have a pool of alternative doorways in case some of them will be removed by webmasters or penalized by Google. As a result, the networks of doorways, landing pages and link pages can be very massive. Here you can see a list with just a small part of spammy links (338 unique domains) that can be found on hacked web pages.

.gov, .edu and .org

Among those hacked sites you can find sites of many reputable organizations, which most likely greatly help to rank well on Google. There are many compromised sites of professional associations, universities and even governmental sites, for example (as of August 19th, 2013):

Volume of spammy backlinks

If you take some of the top results and check their backlink profiles (I used Majestic SEO Site Explorer), you’ll see how many domains can be compromised (or spammed) just in one black hat SEO campaign. And we know that there are many ongoing competing campaigns just for “cialis” search traffic, so you can imaging the overall impact.

backlink profile

On the above screenshot you can see that thousands of domains linking to “www .epmonthly .com/advertise/” using various “cialis” keywords.

The situation with “www. epmonthly .com/advertise/” is quite interesting. If you google for [“www.epmonthly .com/advertise/”] you’ll see more than a million results pointing to web pages where spammers used automated tools to post spammy links (including this one) in comments, profiles , etc. but failed to verify whether those sites accept the HTML code they were posting (still many sites, while escaping the HTML code, automatically make all URLs clickable, so those spammers finally achive their goal) .

Typical black hat SEO tricks

In addition to annoying but pretty harmless comment spamming, forum spamming and creating fake user profiles, black hats massively hack websites with established reputation and turn them into their SEO assets.

The most common use for a hacked site is injecting links pointing to promoted resources (it can be a final landing page, or a doorway, or an intermediary site with links). Here is what such web pages may look like in Unmask Parasites reports:

spammy keyword highlighting

To hide such links from site owners, hackers make them hidden. For example, they can place them in an off-screen <div>

<div style="position:absolute; left:-8745px;">...spammy links here...</div>

Or put them in a normal <div> and add a JavaScript to make this <div> invisible when a browser loads the page

<div id='hideMe'> ... spammy links here.... </div>
<script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script>

The JavaScript can be encrypted.

e v a l(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('2.1(\'0\').5.4="3";',6,6,'bestlinks|getElementById|document|none|display|style'.split('|'),0,{}))

which translates to

document.getElementById('bestlinks').style.display="none";

where “bestlinks” is the id of the <div> with spammy links.

Sometimes, encrypted JavaScript can be coupled with dynamic HTML generation of the link container. After decryption it looks like this:

document.w ri t e('<style><!-- .read {display:none} --></style><address class="read">');
...spammy links here...
document.wri te('</address>');

Of course, it’s only a client-side representation of the problem. On the server side, it’s rarely this straightforward. Most times it involves obfuscated (usually PHP) code in sneaky places (e.g. themes, plugins, DB, etc.)

Doorways

Sites that rely on black hat SEO techniques get penalized by Google soon enough so the can’t expect much search traffic directly from search engines. Instead they try to promote many disposable doorways on other reputable sites that would redirect search traffic to them.

The typical approach is to hack a website and use cloaking tricks (generating a specialized version with spammy keywords specifically for search engines while leaving the original content for normal visitors) to make search engines think that its pages are relevant for those spammy queries. E.g. check the title of the “www.epmonthly .com/advertise/” when you visit it in a browser (“Advertise“) and when you check it in Unmask Parasites or in Google’s Cache (“Buy Cialis (Tadalafil) Online – OVERNIGHT Shipping“). Then they add some functionality to distinguish visitors coming from search engines and redirect them to third party sites that pay hackers for such traffic.

The redirects may be implemented as .htaccess rules, client-side JavaScript code, or server-side PHP code.

Sometimes, instead of using cloaking, hackers simply create a whole spammy section in a subdirectory of a legitimate site, or a standalone doorway page. Example from our cialis search results: www .asm .wisc .edu/buy-cialis .

To Webmasters

It might be tricky to determine whether your site fell victim to a black hat SEO hack since hackers do their best to hide evidence from site owners and regular visitors. At the same time antivirus tools won’t help you here since links and redirects (in case they can actually see them) are not considered harmful. Nonetheless, a thoughtful webmaster is always equipped with proper tools and tricks (click here for details) to determine such issues. They range from specialized Google search queries and and reports in Webmaster Tools to log analysis and server-side integrity control.

In addition to the tricks that I described here, you can try to simply load your site with JavaScript turned off. Sometimes this is all it takes to find hidden links whose visibility is controlled by a script.

Fighting black hat SEO hacks

Of course, site owners are responsible for what happens with their sites, should protect them and clean them up in case of hacks. Doorways on hacked sites would never appear in search results if all webmasters would quickly mitigate such issues.

But let’s take a look at this from a different perspective. The main goal of all black hat SEO hacks is to put their doorways to the top on Google for relevant keywords and get a targeted search traffic. And 80% (or even more) massive campaigns target a very narrow set of keywords and their modification. If Google actively monitor the first pages of search results for such keywords and penalize doorways, this could significantly reduce efficacy of such campaigns leaving very few incentive to hack website to put spammy links there. And you don’t have to monitor every possible keyword combination. In my experience, most of them will finally point to the same doorways.

I can see Google moving in this direction. The description of the above mentioned ranking algorithm update is very promising. However, as the [buy cialis] query with 0% of relevant search results on the first page shows — a lot should be improved.

P.S Just before posting this article, I checked results for [buy cialis] once more and … surprise!.. found a link to a Wikipedia article about Tadalafil at the 4th position. Wow! Now we have 1 result that doesn’t seem to have anything to do with hacked sites.

Related posts