"NAT Slipstreaming was discovered by security researcher Samy Kamkar and it requires the victims to visit the threat actor's malicious website (or a site with maliciously crafted ads). To expose hosted services, the attack abuses certain NAT devices scanning port 5060 to create port forwarding rules when detecting maliciously-crafted HTTP requests camouflaged as valid SIP requests," reported Bleeping Computers in 2019. The flaw only works on selected ports configured by a router's ALG (Application Level Gateway), ports that don't receive much traffic are being blocked by browser developers. 

As of now, Chrome has blocked HTTPS, HTTP, and FTP access on ports 1719, 1720, 1723, 5060, 5061, 69, 137, 161, and 554. Recently, Google said that it is considering blocking TCP port 10080 in Chrome. Firefox had blocked TCP port 10080 already in November last year. But the most worrisome aspect relating to 10080 is may developers may start using it as a replacement to port 80. They may find it useful as the port ends in '80' which makes it attractive. Besides this, the port doesn't require root privileges for binding into Unix systems, said Adam Rice, developer at Google Chrome. 

For developers that want to continue using this post, Mr. Rice will add an enterprise policy that will allow the developers to use the port by overriding the block. If a port is blocked, the user is displayed a "ERR_UNSAFE_PORT" error message while trying to gain access to the port. "If you are currently hosting a website on port 10080, you may want to consider using a different port to allow Google Chrome to continue accessing the site," said Bleeping computer.

A new study revealing Apple and Google's monitoring of mobile devices is making headlines. It discusses how, despite the fact that both companies give consumers the possibility to opt-out of sharing telemetry data, the data is still shared. Both Google's Pixel and Apple's iPhone extract data from mobile devices without the users' permission. Both iOS and Android transfer telemetry, according to Trinity College researcher Douglas Leith, “despite the user explicitly opting out.” 

The analysis is a component of a complete study titled "Mobile Handset Privacy: Measuring the Data iOS and Android Send to Apple and Google." Perhaps it comes out that Google gathers much more data than Apple, almost 20 times more data from the Android Pixel users. 

“The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple and Google,” as per the report. “When a SIM is inserted, both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets, and the home gateway, to Apple, together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.” 

According to the researcher’s observations, Google Pixel transfers approximately 1MB of data to Google servers during the first ten minutes of operation. For the same duration of time, the iPhone sends about 42KB of data to Apple servers. When the Pixel is turned off, it transfers approximately 1MB of data to Google every 12 hours, whereas the iPhone sends just 52KB. The report also indicated that, whether in use or not, both operating systems link to their back-end servers every 4.5 minutes on average. 

Nevertheless, third-party software and pre-installed apps that come with both the operating system were not included in the evaluations. The study focused solely on data collected by handset features and elements at the operating system level, such as Apple's Bluetooth UniqueChipID, Secure Element ID, and the transmission of Wi-Fi MAC address. Even after not being opened or used by the user, the highlight of the study is the ability of pre-installed applications and services, which are exclusive to handset manufacturers, to connect to the network. 

According to the study, telemetry data transmission poses major privacy issues. The study does highlight the importance of sending general user data to the software manufacturer, as this provides for the creation and release of critical device and security updates for specific models.

Researchers at Avast have found an aggregate of 204 fleece ware applications with over a billion downloads and more than $400 million in revenue on the Apple App Store and Google Play Store. The purpose of these applications is to bring clients into a free trial to "test" the application, after which they overcharge them through subscriptions which sometimes run as high as $3,432 each year. These applications have no unique functionality and are only conduits for fleece ware scams. Avast has reported the fleece ware applications to both Apple and Google for audit.

Fleece ware is a recently coined term that alludes to a mobile application that accompanies extreme subscription fees. Most applications incorporate a short free trial to attract the client. The application exploits clients who are inexperienced with how subscriptions work on cell phones, implying that clients can be charged even after they've erased the offending application.

The fleece ware applications found comprise predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and ‘slime simulators’. While the applications for the most part satisfy their expected purpose, it is far-fetched that a client would purposely want to pay such a significant recurring fee for these applications, particularly when there are less expensive or even free options available. 

It creates the impression that part of the fleece ware strategy is to target more youthful crowds through playful themes and catchy ads on famous social networks with guarantees of ‘free installation’ or ‘free to download’. The information is alarming: with almost a billion downloads and hundreds of millions of dollars in revenue, this model is drawing in more developers and there is proof to recommend a few famous existing applications have updated to incorporate the free trial subscription with high recurring fees.

Regardless of whether a client erases the application after they notice outgoing payments, this doesn't mean their subscription stops - which permits the developer to cash in further. Google and Apple are not answerable for refunds after a specific time-frame, and keeping in mind that the organizations may decide to refund as a goodwill gesture in some cases however they are not obliged to do so. Along these lines, the lone choices might be to attempt to contact developers directly or to demand a bank chargeback.

Malware trackers at Google keep on pointing out a complex APT group that burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and gadgets. The group has effectively utilized "watering hole" assaults to divert explicit targets to a couple of exploit servers conveying malware on Windows, iOS, and Android gadgets. 

The cross-platform capacities and the readiness to utilize almost a dozen zero-days in under a year signals a well-resourced threat actor with the ability to access hacking tools and exploits from related groups. In another blog post, Google Project Zero researcher Maddie Stone released additional details on the exploit chains found in the wild last October and cautioned that the most recent disclosure is attached to a February 2020 campaign that incorporated the utilization of multiple zero-days. As per Stone, the threat actor from the February 2020 campaign went dark for a couple of months but returned in October with dozens of websites redirecting to an exploit server. 

“Once our analysis began, we discovered links to a second exploit server on the same website. After initial fingerprinting (appearing to be based on the origin of the IP address and the user-agent), an iframe was injected into the website pointing to one of the two exploit servers. In our testing, both of the exploit servers existed on all of the discovered domains,” Stone explained. 

The first exploit server at first reacted distinctly to Apple iOS and Microsoft Windows user-agents and was active for at least a week after Google's researchers began recovering the hacking devices. This server included exploits for a distant code execution bug in the Google Chrome rendering engine and a v8 zero-day after the underlying bug was fixed. Stone said the first server momentarily reacted to Android user-agents, proposing exploits existed for every one of the significant platforms.

Stone noticed that the assailants utilized a special obfuscation and anti-analysis check on iOS gadgets where those exploits were encrypted with ephemeral keys, “meaning that the exploits couldn't be recovered from the packet dump alone, instead of requiring an active MITM on our side to rewrite the exploit on-the-fly.”

An independent security researcher based in Basel, Switzerland, Jannis Kirschner, began to look for the widely known Telegram desktop version on the internet on Sunday. The second Google result was an advertisement, which led him directly to malware cloaked as a Telegram for Windows desktop version. At first sight, it was sufficiently convincing for Kirschner to say that "almost fell for it myself." 

Malware vendors are habituated to use the same publicity tools that online businesses use to attract people. To stop such abuse, Google patrols its advertising ecosystem, but malware advertising is still an ongoing problem. Although a visit by telegramdesktop[dot]com to one of those sites now triggered an alert from the Google Safe Browsing service, that the two sites were unsafe and potentially still active and duplicated others. These include the telegraph[dot]net and the telegram[dot]org. The websites were reported to Google by Kirschner. 

Each of these three spoofed websites is Telegram's clones. All links on cloned sites are redirected to the legitimate Telegram domain, design.telegram.com. But one link is exchanged which is supposed to be the execution for the Telegram Desktop version of Windows. 

"A repo probably was a bad choice for delivering malware since it's very verbose (download numbers, time, and other documents)," Kirschner says. "The biggest opsec mistake was that they didn't clean one of the repo's metadata, which led me to discover commit messages and their e-mail [address]."

He further adds that "I believe that it is the same threat actor or group since the TTPs [tactics, techniques, and procedures] are the same, and all sites have been established in a very close timeframe using the same hoster and certificate authority." 

At least a temporary benefit is offered to host malware on platforms such as Bitbucket: surface links are often deemed to be genuine, and attackers are subject to a malicious reservoir that needs to be removed until someone reports it. The techniques help cover a technological filtering and manual screening campaign, but don't always measure properly, says Kirschner. 

A February 2020 report by the security firm Cybereason reported over half a dozen newcomers, crypto miners, ransomware, and other malware put on Bitbucket by bad actors. 

The telegramdesktop[dot]com website seems to be shared with Moldova. Kirschner says this domain was registered on 29 December 2020. A search in the Wayback Machine of the Internet Archive, reveals that telegramdesktop[dot]com was redirected to the rightful domain telegram.org in April 2018. However, according to DomainTools records, the domain expired in October 2018. 

"I assume that domain once belonged to Telegram themselves, expired and was taken over by the criminals now," Kirschner further says.

It's been over a long time since researchers uncovered a couple of security vulnerabilities, known as Spectre and Meltdown, that further revealed fundamental flaws in how most present-day PC processors handle the information to maximize efficiency. While they influence a cosmic number of computing devices, the so-called speculative execution bugs are generally hard to misuse in practice. However, presently researchers from Google have built up a proof-of-concept that shows the risk Spectre assaults pose to the browser—in hopes of motivating a new generation of defenses. 

Google in 2018 detailed two variations of Spectre, one of which – named variation 1 (CVE-2017-5753) – concerned JavaScript exploitation against browsers. Google released the PoC for engineers of web applications to comprehend why it's critical to send application-level mitigations. At a high level, as detailed in a Google document on W3C, a developer's "data must not unexpectedly enter an attacker's process". 

While the PoC shows the JavaScript Spectre assault against Chrome 88's V8 JavaScript engine on an Intel Core i7-6500U 'Skylake' CPU on Linux, Google notes it can without much of a stretch be changed for different CPUs, browser versions, and operating systems. It was even successful on Apple's M1 Arm CPU with minor alterations. The assault can leak information at a pace of 1kB each second. The chief components of the PoC are a Spectre version 1 "device" or code that triggers attacker-controlled transient execution, and a side-channel or "a way to observe side effects of the transient execution". 

"The web platform relies on the origin as a fundamental security boundary, and browsers do a pretty good job at preventing explicit leakage of data from one origin to another," explained Google's Mike West. "Attacks like Spectre, however, show that we still have work to do to mitigate implicit data leakage. The side-channels exploited through these attacks prove that attackers can read any data which enters a process hosting that attackers' code. These attacks are quite practical today, and pose a real risk to users."

Google has likewise released another prototype Chrome extension called Spectroscope that scans an application to discover assets that may require enabling additional defenses.

Google Voice is a Google voicemail service that allows users to send free texts, personalize the voicemail, read text transcripts for voicemail, and much more. The voicemail service of Google, which previously required a Google Voice invitation code for installation, is now free of charge available for all Gmail users. 

The incident report states that, "Google Voice users experienced an issue in which some new inbound or outbound Voice over Internet Protocol (VoIP) calls failed to connect, for a total duration of 4hours 22 minutes." 

In order to manage phone calls over the Internet protocol, Google Voice uses the Initiation Session Protocol (SIP). Google Voice consumer devices aim at ensuring a continuous SIP link with Google Voice services during routine operation. The customer tries to regain contact automatically after a link fails. Transport Layer Security (TLS) certificates are also rotated periodically to ensure that all Google Voice traffic is protected and linked. 

"Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue," Google explained. "During the impact period, any clients attempting to establish or re-establish a SIP connection were unable to do so." 

Users could not access the Google Voice platform to make or accept VoIP calls following the breakdown of expired certificates. However, consumer systems with an active SIP connection were not impacted during the outage before this incident (as long as the connection was not interrupted). The technical team concluded after the analysis that the root cause was certificate configuration. The team has developed and initiated an emergency roll-out of modified credentials and configuration information to interfaces. After mitigation was enforced, the functionality of Google Voice SIP customers restored retrieval of their connections.

Publishing the incident report, the Google Workspace Team stated the steps taken by the engineers. They insisted on, setting additional constructive warnings for credential expiry incidents to come, and set up additional reactive warnings in Google Voice frontend applications for TLS errors. Alongside, enhance automatic credential rotation tooling and changes to set up and to allow the quick rollout of configuration improvements, utilizing more portable facilities. Developing emergency roll-out testing and practice examples with Google Voice interface applications and settings.

Google is committed to improving our technology and operations efficiently and consistently to avoid service disruptions. They said that “We thank your patience and excuse your company for any effects. For your company, we appreciate you.”

The world's biggest technology and software giants, namely Microsoft, and Google are being threatened by a new group of cybercriminals who are targeting their cloud services. Working in coordination with their Chinese interests, the threat actors are attacking a wide range of organizations with the intent of exfiltrating data. 

Google has suspended US-based microblogging stage Parler, where the majority of the supporters of active President Donald Trump are moving their base from its application store, referring to posts inducing viciousness and requesting strong moderation for heinous content from the social networking service. All the while, Apple had given Parler, the social network supported by conservatives and extremists, an ultimatum to implement a full moderation plan of its platform inside the following 24 hours or face suspension from the App store. 

The move by the two Silicon Valley organizations came the day when Twitter forever suspended Trump's account because of the "danger of additional prompting of viciousness". 

In suspending the service, Google, whose software powers Android telephones, referred to its approach against applications that promote violence and gave recent examples from Parler, including a Friday post that started "How do we take back our country? Around 20 or so coordinated hits" and another promoting "Million Militia March" on Washington. 

"To ensure client security on Google Play, our longstanding strategies require that applications showing user-generated content have moderation policies and implementation that eliminates offensive substance like spots that prompt violence. All developers consent to these terms and we have reminded Parler of this clear policy in recent months," Google said in a statement. 

Meanwhile, Apple in a statement said it has gotten various complaints with respect to the offensive substance in Parler service, allegations that the application was utilized to plan, organize and encourage the criminal operations in Washington DC on January 6 that prompted death toll, various wounds and the devastation of property. 

Matze, who depicts himself as a libertarian, established Parler in 2018 as a "free-speech driven" alternative to mainstream platforms however started seeking right-leaning clients as prominent supporters of Trump moved there. On Parler, John Matze sent out an opposing vibe. "We won't give in to pressure from anti-competitive actors! We will and consistently have authorized our guidelines against brutality and criminal behavior. Yet, we won't cave to politically persuaded organizations and those authoritarians who scorn free speech!" he wrote in a message.

According to Google, the tech giant takes the following measures- 

Physical Security - Google claims that it provides 24/7 physical security to all data centers located across the world. The organization is also known for its advanced measures such as laser-based surveillance and biometric identification to protect its employees from cyber threats and identity theft. 

The company’s in-house disaster response team assures that even during natural disasters such as fire, flood, etc which hits the physical location of its data center Google still manages to use security monitoring to protect users from malware. The company also says, “We constantly monitor all applications, deploy patches through automated network analysis and proprietary technology, it helps us in detecting threats such as malware, viruses, and other forms of malicious code’’. 

Encryption-  Encryption means ‘the process of converting information or data into a code, especially to prevent unauthorized accesses’. The company states that ‘we use encryption into every data flow so customer’s data remain protected from any kind of snooping activities funded by official government actors. Furthermore, the tech giant added that it protects all the data access to security technologies such as HTTP and TLS or Transport Layer Security so that all email content remains inaccessible to malicious actors.

Malware protection-  According to Google, Google ensures protection to its users from any malware by deploying automated network analysis solution which keeps all kind of malicious codes away from customers credential information, with that company also use multi-purpose tools for software security and quality assurance.

Customized hardware- Google ensures that its hardware remains well protected with highly customized server components against any network infiltration by hackers. It also ensures that only its legitimate devices access the user’s data which are all under protection. 

Incident Response–A team of “Incident Management Program’’ (IMAG) at Google says, that our incident response team is 24/7 active at every data center to protect individuals' data by altering every individual if any malicious activity has been found on their account. 

Limited Access- Google gives limited access to important data which includes; business data, highly sensitive information to its employees, by doing this Google ensures security and privacy at every stage of its system.

 

Almost a week later, after getting his account suspended by Call of Duty's developer, Activision Blizzard, Google Project Zero's Williamson, who carried out the research in his personal capacity, published a blog post telling that the research he conducted required him to reverse engineer the networking code in COD'e executable ( For reviewing the code for memory corruption vulnerabilities). However, as the executable was heavily obfuscated, IDA failed to examine it, forcing him to as he said in the blog, "dump the unobfuscated code from the memory of a running game process." 

 

It was at that point when the developers of the game suspected him as a cheater and consequently, his activities were flagged for being suspicious in nature. To ensure he doesn't affect any players in the process, Williamson tried to read memory while he was in the main menu; he attached WinDbg debugging tool – in consequence to which the game exited, the incident was attributed to the flagging event as per Williamson who also attempted to pause the process prior to dumping memory from it. He dumped an image of the game from memory in the main menu and exited normally, as explained in his blog post. 

 

The researcher who was saddened by the ban for multiple reasons, told, "after spending a few days reviewing the binary, I decided that the binary was so large and unwieldy to deal with that I would table the project for a later date. But unfortunately, I was banned about a month later, losing over a year of progress on my account." 

 

"The ban saddens me on a personal level as I’ve reconnected with family and friends from throughout my life playing this game during the pandemic. But more importantly, this sends a clear signal: this research is not welcome. I believe I had a reasonable expectation that it would be. I had done similar work during a CTF, where I reverse engineered and fuzzed CS:GO without ever risking a ban," he further added. 

 

Williamson, while scaling the magnitude of 'cheating' as a threat to online gaming, said that, "I understand that the developers shoulder an impressive burden in preventing cheat development and use. They need to leverage a variety of signals to detect cheat development and use. I’m guessing that because they may not have seen security researchers reviewing their platform before, they interpret any attempt to reverse engineer as a sign of malicious behavior. No typical player would attach a debugger to the game, and therefore they probably assume they don’t need much more evidence beyond this to issue a ban." 

 

While voicing his concerns regarding the ban for security researchers, he said, "Let me be clear: at no point did I intend to develop or use a cheat, and at no point did I manipulate any aspect of the game for another player or even myself. To this day, I don’t know what exactly caused the ban, and there’s no process to appeal it. What if using a reversing tool as part of my job gets me flagged? This fear is in the back of my mind for all games with anti-cheat, not just Warzone."

This month Apple released iOS 14.2 and iPad 14.2, which patched up a sum total of 24 vulnerabilities in different parts of the OSes, including sound, crash reporter, kernel, and foundation. 

The multinational technology has fixed up three identified zero-day vulnerabilities in its iPhone, iPod, and iPad devices possibly associated with a spate of related flaws very recently found by the Google Project Zero team that additionally had an impact over Google Chrome and Windows. 

Ben Hawkes from Google Project Zero who was able to identify the zero-day vulnerabilities as "CVE-2020-27930 (RCE), CVE-2020-27950 (memory leak), and CVE-2020-27932 (kernel advantage escalation)," he said in a tweet. 

Apple likewise offered credit to Project Zero for recognizing these particular defects in its security update and gave a little more detail on each.

CVE-2020-27930 is 'a memory corruption flaw' in the FontParser on iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and iPad mini 4 and later, as indicated by Apple. 

The vulnerabilities take into account an attacker to process a “maliciously crafted font” that can prompt arbitrary code execution.

The defect would permit a pernicious application to reveal kernel memory, according to the company. The Apple update comes along with the time of updates by Google over the last two weeks to fix various zero days in Google Chrome for both the desktop and Android versions of the browser. 

Shane Huntley from Google's Threat Analysis Group claims that the recently fixed Apple zero-day flaws are identified with three Google Chrome zero-days and one Windows zero-day likewise uncovered over the last two weeks, possibly as a component of a similar exploit chain.

“Targeted exploitation in the wild similar to the other recently reported 0days,” he tweeted, adding that the attacks are “not related to any election targeting.” 

It is however critical to take into notice that both Apple and Google have had an infamous past with regards to vulnerability revelation. 

The two tech monsters famously butted heads a year ago over two zero-day bugs in the iPhone iOS after Google Project Zero analysts guaranteed that they had been exploited for quite a long time.

 

Google denied disclosing any details of the bug that had been exploited actively in the wild, as a lot of users have not updated yet; it's a part of Google's privacy policy. It prevents attackers from developing exploits alongside and gives users more time to get the updates installed. While Google's TAG hasn't confirmed if the threat actors behind the two bugs were the same, it assured that the acts were not motivated by the ongoing US presidential elections. 

 

Furthermore, a critical memory corruption flaw under active exploitation in the Google Chrome browser (CVE-2020-15999) was identified by the researchers at Google's TAG, who also told that this zero-day vulnerability was under attack in combination with CVE-2020-17087, windows zero-day. The zero-day vulnerability identified as CVE-2020-15999 affected the FreeType font rendering library, thereby demanding attention from all services making use of this library. 

 

Additionally, the latest security update will also allow users to experience a more stable and improved Chrome browser in terms of performance. 

 

In a blog post published on 2nd November, Google said, "The stable channel has been updated to 86.0.4240.183 for Windows, Mac, and Linux which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues." 

"Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," the blog further stated.

Google has now eliminated 17 infected android apps from its google play store. These apps contained the "Joker" malware, according to the findings by experts Zscaler. Joker is among the most effective malware that attacks Android applications.

The malware is infamous in the cybersecurity industry, but it always finds a new way to access Google's play store applications. Joker uses new codes, execution techniques, and retrieving methods to trespass the play store. The malware is used for stealing personal chats, contact information, call logs, and device data. Joker also secretly subscribes to users for premium WAP (wireless application protocol) services.

It's difficult to imagine life without Google and every day the search engine gets more involved and intricate in our lives. One of its features - the Google Assistant is used quite extensively by masses to make their life easier and tasks swifter.

 "Meet your Google Assistant. Ask it questions. Tell them to do things. It's your own personal Google, always ready to help whenever you need it." 

The presidential elections in the US are near. Keeping this in mind, Google has announced a new policy that will ban ads that advertise hacked political content or propaganda. This new policy will come into effect from 1 September 2020, as per the news available on Google's support page. After the new rule is implemented, the third party players won't be able to purchase ad-space on Google ads, directly or indirectly linked to the hacked content of any political party.

However, ads related to news articles or other pages that contain hacked political material may be allowed. But the news article and the page shouldn't be linked to the political content in any way, says the policy. The violators of this new Google Ads policy (Ad Buyers) will first receive a warning to remove the ad from their account or face account suspension after seven days.


The policy is made observing the 2016 US Elections. 

The new Google Ads policy is made to avoid the 2016 US presidential elections scenario. As we all know, during the 2016 election campaigns in the US, the Russian hackers were able to break into the servers of various political factions associated with the Democratic Party. The breach resulted in data leaks of the Democratic party on WikiLeaks and DC leaks. The attack resulted in biased media coverage and online ads on various social media and platforms that discussed the hacked political content. Google will become the first company to make such a move when the policy is enacted on 1 September.

Twitter, in a similar incident, banned the distribution of hacked content on its platform in 2018 before the US midterm elections. It included not only political content but every other hacked material. It resulted in an unofficial ban of the ads on Twitter, as they need tweets to advertise. According to Google's policy, the following is not allowed: "Ads that directly facilitate or advertise access to hacked material related to political entities within the scope of Google's elections ads policies. This applies to all protected material obtained through the unauthorized intrusion or access of a computer, computer network, or personal electronic device, even if distributed by a third party."