Security

The Department of Justice says it may ask a judge to forcibly break up Google's business over its alleged monopoly abuses. Google called it an overreach and says such a move could kill Android or Chrome. Google lost a court case in August for ... breaking antitrust laws in the way it built up and maintained a 90 percent market share in online searches. The DOJ must now put proposals before a court on how to remedy this breach. In a preliminary filing, the DOJ says it is considering the most serious option of "structural remedies". That could mean Google would no longer be able to maintain its ... (view more)

Facebook's parent company has been fined the equivalent of $100 million for storing user passwords in plain text. Failing to encrypt the passwords breached Europe's General Data Protection Regulation (GDPR). Meta, which runs Facebook and Instagram, ... broke the rules despite there being no evidence that anyone accessed the passwords without authorization or that anyone was then able to access accounts. Delay In Coming Clean The company was found to have breached the GDPR on four counts. Two involved failing to adequately secure personal data, one involved not properly documenting these failures ... (view more)

"Modified" versions of popular apps have helped distribute a nasty piece of Android malware. The tactic expanded the reach of the Necro Trojan despite Google's security checks. Necro was able to survive for some time before discovery, largely ... because the infection wasn't obvious to users. Its main purpose was to hijack phones and use them to make money for the people behind the malware. This included displaying paid ads in the background so that users didn't see them, but the scammers were able to claim revenue from advertisers. The malware would also install apps on the phone to earn ... (view more)

Chrome is getting more proactive on browser safety. The changes are coming to both desktops and Android devices. It's part of the browser's "Safety Check" feature which already warns users if a password has been compromised or if a website appears ... unsafe. The feature is expanding to cover permissions and notifications. The former involves the way Chrome controls whether or not a specific website has access to computer resources and data such as a microphone, webcam or precise location. Chrome will now start automatically revoking permissions from websites the user rarely visits. Google has ... (view more)

Scammers are using a creative way to trick people into handing over their Google account passwords. The tactic works by annoying the victim until they stop thinking rationally. Most scams to get hold of account passwords, particularly sensitive ones ... like a Google account, work in one of two ways. Some scammers will try to intercept the password, for example by using keylogging software that records everything a user types. Others prefer phishing, where the user is tricked into typing in details into a bogus, lookalike website. The new scam, using malware named StealC, is much simpler. It ... (view more)

A key change to Android could reduce the risk of scammers stealing personal data or money. The update will mean sensitive apps won't open unless potentially risky apps are closed first. The idea is to tackle rogue apps which are designed to either ... capture personal data from another app, or to take control of the phone unbeknownst to the owner. Developer Choice Google's new tactic aims to find a balance between restricting the activities of such rogue apps and keeping the freedom of users to choose what apps they install, including those from sources other than the official Play Store. The ... (view more)

A notorious ransomware group has engaged in a "triple threat" attack. As well as locking files and threatening to expose data, the Qilin group has been spotted trying to steal saved passwords from Chrome. The Qilin group appears to have been ... operating for at least two years but came to wider attention in 2022 when it attacked British hospitals. The group's origins and membership aren't known for certain, but it has communicated in Russian. As is becoming more common, Qilin doesn't simply restrict itself to encrypting files and systems and then demanding a ransom payment to restore access. It ... (view more)

A useful web feature could be a serious phishing risk according to security researchers. They say scammers are using "progressive web apps" to bypass Android and iOS security features. In simple terms, a progressive web app is a mix of a website and ... a standalone application. It's technically a website and uses web technologies, allowing for instant updates. However, it looks and feels more like a standalone app and can often access more of a device's resources than a web browser. Security firm ESET says scammers are using progressive web apps as a way to overcome a major limitation in scams ... (view more)

Google has warned Android users to disable 2G connectivity. It says scammers are taking advantage of the outdated tech to send phishing messages and other spam that gets past all filters. 2G cellphone service was commonplace in the 1990s before ... being followed by 3G in the 2000s. 2G was the beginning of digital mobile phone connections and allowed for SMS text messaging, though it wasn't fast enough to support reliable mobile Internet services. While most US carriers have disabled their 2G networks, many handsets still support it. It can be useful as a last resort in places with either limited ... (view more)

Chrome on Android may soon automatically blur out sensitive data when screen sharing or recording. It's a potentially useful feature that brings some big questions. The feature was spotted as an optional "flag" in Chrome Canary, which means it's at ... the very earliest stage of public testing. Canary is a version of Chrome for people happy to be the first to try new features or update, the name referring to the literal "canary in the mine" whose death would warn miners of a problem such as a gas leak. Making a flag means it's not enabled by default even in Canary. That means it's very possible ... (view more)