EUVD-2017-17123

Malware in sbrugna...

EUVD-2017-0852

Malware in sbrugna...

EUVD-2018-19623

Malware in sbrugna...

EUVD-2017-11864

Malware in sbrugna...

Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account

Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's...

CVE-2011-4771

The Scan to PDF Free com.scan.to.pdf.trial application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application...

Google Launches AI-Powered Theft and Data Protection Features for Android Devices

Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding...

Info-stealers can steal cookies for permanent access to your Google account

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication MFA the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password...

Okta Breach Linked to Employee’s Google Account, Affects 134 Customers

By Waqas Some of the most prominent victims of the data breach include Cloudflare, 1Password, and BeyondTrust. This is a post from HackRead.com Read the original post: Okta Breach Linked to Employees Google Account, Affects 134 Customers...

Okta's Recent Customer Support Data Breach Impacted 134 Customers

Identity and authentication management provider Okta on Friday disclosed that the recent support case management system breach affected 134 of its 18,400 customers. It further noted that the unauthorized intruder gained access to its systems from September 28 to October 17, 2023, and ultimately...

Upgrading your Android device? Read this first

Last month, we wrote an article about what to do when upgrading your iPhone. Since then, we've received several requests to do a similar post about Android devices. Providing uniform and easy to follow instructions is a bit harder to do for Android, because there are many differences between make...

Yelp: yelp.com XSS ATO (via login keylogger, link Google account)

The summary is as follows: The yelp.com website was found to be vulnerable to a cross-site scripting XSS attack. The vulnerability was caused by the website's improper handling of the "guvo" cookie, which was reflected in the HTML response without proper sanitization. Additionally, a feature on t...

Google Authenticator WILL get end-to-end encryption. Eventually.

Following criticism, Google has decided to bring end-to-end encryption E2EE to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication 2FA tokens to the cloud, but the lack of encryption caused some commentators to...

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to...

SUSE CVE-2013-6643

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/oneclicksigninbubbleview.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handli...

SUSE CVE-2021-30528

Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page...

Google to Make Account Login Mandatory for New Fitbit Users in 2023

Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switc...

Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. It seems like there’s at least one major password breach every month — if not more. Most recently, there was an incident at Plex where all users had to reset their passwords. Many users pay for a password management...

GSD-2022-1002519 Information Leakage in Analytics version curent as of 2022-05-19

In the Google Analytics admin web interface, current as of 2022-05-19 an information leakage exists in the Account Access Management and Property Access Management that can be used, resulting in an attacker determining if a Google-hosted email address is in fact a Google account or a google group...

What to Do If You Can’t Log In to Your Google Account

Locked out of your calendar or Gmail? Here’s how to get unstuck—and prevent it from happening in the first place...