A race condition in the Android mtk_jpeg driver can lead to memory corruption and potential local privilege escalation.

Android mtk_jpeg Driver Race Condition / Privilege Escalation

The Signal messaging service is testing support for usernames as a replacement for phone numbers to serve as user identities

Messaging service Signal is testing support for usernames as a replacement for phone numbers to serve as user identities.

Signal provides encrypted instant messaging and is popular among people that value their privacy. Compared to more popular services like WhatsApp, Signal offers more layers of privacy protection, customization of settings, and enhanced data security. These layers include hiding metadata, not using a user’s data, allowing call relay, and others.

The current Signal setup requires users to sign up with a phone number and this number will be shared if you want to message other users on the app. But not everyone wants to share their phone number when messaging someone and so Signal is doing something about that.

 On its forums, Signal announced the feature is ready for pre-beta-testing.

> “After rounds of internal testing, we have hit the point where we think the community that powers these forums can help us test even further before public launch.”

So, for now, the announced feature is currently only available for the app’s testers on Android, iOS, and desktop users. Once it’s finally released, you’ll be able to select your username by going to Settings > Profile and Settings > Privacy > Phone Number section.

From a screenshot posted on X, it looks like you’ll be able to invite new contacts by sending them a link or a QR code.

_Screenshot of new options_

It’s also likely you still have to have a phone number to create an account. The new feature just allows you to hide your number behind a username. Phone numbers will still be used as a unique identification and as an anti-spam measure.

We don’t know when the new feature will be generally available, but in an earlier interview, president Meredith Whitaker said she expected the feature’s launch in early 2024. However, this seems unlikely as it requires a major overhaul of the app’s architecture.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 Signal is testing usernames so you don’t have to share your phone number 

A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war.
The attacks have been attributed by CrowdStrike to a threat actor it tracks under the name Imperial Kitten, and which is also known as Crimson Sandstorm (previously Curium),

Cyber Attack / Cyber Threat

A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war.

The attacks have been attributed by CrowdStrike to a threat actor it tracks under the name **Imperial Kitten**, and which is also known as Crimson Sandstorm (previously Curium), TA456, Tortoiseshell, and Yellow Liderc.

The latest findings from the company build on prior reports from Mandiant, ClearSky, and PwC, the latter of which also detailed instances of strategic web compromises (aka watering hole attacks) leading to the deployment of IMAPLoader on infected systems.

"The adversary, active since at least 2017, likely fulfills Iranian strategic intelligence requirements associated with IRGC operations," CrowdStrike said in a technical report. "Its activity is characterized by its use of social engineering, particularly job recruitment-themed content, to deliver custom .NET-based implants."

Attack chains leverage compromised websites, primarily those related to Israel, to profile visitors using bespoke JavaScript and exfiltrate the information to attacker-controlled domains.

Besides watering hole attacks, there's evidence to suggest that Imperial Kitten resorts to exploitation of one-day exploits, stolen credentials, phishing, and even targeting upstream IT service providers for initial access.

Phishing campaigns involve the use of macro-laced Microsoft Excel documents to activate the infection chain and drop a Python-based reverse shell that connects to a hard-coded IP address for receiving further commands.

Among some of the notable post-exploitation activities entail achieving lateral movement through the use of PAExec, the open-source variant of PsExec, and NetScan, followed by the delivery of the implants IMAPLoader and StandardKeyboard.

Also deployed is a remote access trojan (RAT) that uses Discord for command-and-control, while both IMAPLoader and StandardKeyboard employ email messages (i.e., attachments and email body) to receive tasking and send results of the execution.

"StandardKeyboard's main purpose is to execute Base64-encoded commands received in the email body," the cybersecurity company pointed out. "Unlike IMAPLoader, this malware persists on the infected machine as a Windows Service named Keyboard Service."

The development comes as Microsoft noted that malicious cyber activity attributed to Iranian groups after the start of the war on October 7, 2023, is more reactive and opportunistic.

"Iranian operators \[are\] continuing to employ their tried-and-true tactics, notably exaggerating the success of their computer network attacks and amplifying those claims and activities via a well-integrated deployment of information operations," Microsoft said.

"This is essentially creating online propaganda seeking to inflate the notoriety and impact of opportunistic attacks, in an effort to increase their effects."

The disclosure also follows revelations that a Hamas-affiliated threat actor named Arid Viper has targeted Arabic speakers with an Android spyware known as SpyC23 through weaponized apps masquerading as Skipped and Telegram, according to Cisco Talos and SentinelOne.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors

Urdu-speaking readers of a regional news website that caters to the Gilgit-Baltistan region have likely emerged as a target of a watering hole attack designed to deliver a previously undocumented Android spyware dubbed Kamran.
The campaign, ESET has discovered, leverages Hunza News (urdu.hunzanews[.]net), which, when opened on a mobile device, prompts visitors of the Urdu version to install its

Privacy / Cyber Espionage

Urdu-speaking readers of a regional news website that caters to the Gilgit-Baltistan region have likely emerged as a target of a watering hole attack designed to deliver a previously undocumented Android spyware dubbed **Kamran**.

The campaign, ESET has discovered, leverages Hunza News (urdu.hunzanews\[.\]net), which, when opened on a mobile device, prompts visitors of the Urdu version to install its Android app directly hosted on the website.

The app, however, incorporates malicious espionage capabilities, with the attack compromising at least 20 mobile devices to date. It has been available on the website since sometime between January 7, and March 21, 2023, around when massive protests were held in the region over land rights, taxation, and extensive power cuts.

The malware, activated upon package installation, requests for intrusive permissions, allowing it to harvest sensitive information from the devices.

This includes contacts, call logs, calendar events, location information, files, SMS messages, photos, list of installed apps, and device metadata. The collected data is subsequently uploaded to a command-and-control (C2) server hosted on Firebase.

Kamran lacks remote control capabilities and is also simplistic by design, carrying out its exfiltration activities only when the victim opens the app and lacking in provisions to keep track of the data that has already been transmitted.

This means that it repeatedly sends the same information, along with any new data meeting its search criteria, to the C2 server. Kamran has yet to be attributed to any known threat actor or group.

"As this malicious app has never been offered through the Google Play store and is downloaded from an unidentified source referred to as unknown by Google, to install this app, the user is requested to enable the option to install apps from unknown sources," security researcher Lukáš Štefanko said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.

CVE-2023-41270: SMOLD TV: Old & Smart

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the October 2023 Android security bulletin:

Critical: CVE-2023-4863

High: CVE-2023-40128, CVE-2023-21266, CVE-2023-40121, CVE-2023-40123, CVE-2023-40133, CVE-2023-40134, CVE-2023-40135, CVE-2023-40136, CVE-2023-40137, CVE-2023-40138, CVE-2023-40139, CVE-2023-40140, CVE-2023-40125, CVE-2023-40127, CVE-2023-40130, CVE-2023-33034, CVE-2023-33035, CVE-2023-21394

Medium: none

Low: none

Already included in previous updates: CVE-2023-21281, CVE-2022-20281, CVE-2023-21177

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-48613: Race condition vulnerability in the kernel module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.

CVE-2023-44098: Vulnerability of missing encryption in the card management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44115: Vulnerability of improper permission control in the Booster module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46755: Vulnerability of input parameters being not strictly verified in the input method module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1 , EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the launcher to restart.

CVE-2023-46756: Permission control vulnerability in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1 , EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause malicious pop-up windows.

CVE-2023-46758: Permission management vulnerability in the multi-screen interaction module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1 , EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.

CVE-2023-46759: Permission control vulnerability in the call module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1 , EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46760: Out-of-bounds write vulnerability in the kernel driver module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46761: Out-of-bounds write vulnerability in the kernel driver module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46762: Out-of-bounds write vulnerability in the kernel driver module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46763: Vulnerability of background app permission management in the framework module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1 , EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause background apps to start maliciously.

CVE-2023-46764: Unauthorized startup vulnerability of background apps

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1 , EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause background apps to start maliciously.

CVE-2023-46765: Vulnerability of uncaught exceptions in the NFC module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can affect NFC availability.

CVE-2023-46766: Out-of-bounds write vulnerability in the kernel driver module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46767: Out-of-bounds write vulnerability in the kernel driver module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46768: Multi-thread vulnerability in the idmap module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-46769: Use-After-Free (UAF) vulnerability in the dubai module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-46770: Out-of-bounds vulnerability in the sensor module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.

CVE-2023-46771: Security vulnerability in the face unlock module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46772: Vulnerability of parameters being out of the value range in the QMI service module

Severity: Medium

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause errors in reading file data.

CVE-2023-46774: Vulnerability of uncaught exceptions in the NFC module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can affect NFC availability.

CVE-2023-5801: Vulnerability of identity verification being bypassed in the face unlock module

Severity: Critical

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2023-5801: November

With the release of ThreatDown, let's take a look at Malwarebytes' 15-year legacy and what's next.

November marks a significant shift in our legacy. After 15 years as Malwarebytes, we are proud to introduce our rebranded identity, ThreatDown powered by Malwarebytes.

Building off Malwarebytes’ initial recognition for removing every trace of viruses that others missed, ThreatDown powered by Malwarebytes combines award-winning technologies that cover all stages of an attack, with managed services for teams with limited resources.

To say it’s been quite a journey to this point would be an understatement. From our beginnings as a remediation consumer tool to becoming a titan in business cyber protection, let’s walk through where we’ve come and where we’re headed.

**Anti-Malware Small Business Edition (2008 – 2012)**

Malwarebytes for Business began its journey in the late 2000s, offering corporate licensing for its consumer anti-malware product. By 2012, our focus intensified as we launched the Anti-Malware Small Business Edition, introducing advanced features to meet the specific demands of businesses.

**Malwarebytes Enterprise Edition (September 2012 – 2016)**

The introduction of Malwarebytes Enterprise Edition (MEE) in late 2012 solidified our position in the enterprise market. Tailored for businesses, governments, and educational institutions, MEE provided comprehensive threat protection and malware remediation. As the demand for our expertise grew, esteemed institutions such as The University of Alabama and NextGen Healthcare became part of our clientele.

**Malwarebytes Endpoint Security (June 2014 – 2016)**

2014 saw the birth of the Anti-Malware Remediation Tool, a streamlined malware solution for businesses. Shortly after, Malwarebytes Endpoint Security was launched, merging multiple essential tools into one comprehensive package.

**Nebula (2017 – 2018)**

Transitioning into cloud security management, 2017 introduced Nebula 1.0, our cloud-based console. This platform brought together our machine learning-backed Malwarebytes Incident Response and Endpoint Protection products.

**OneView (2019)**

2019 heralded the debut of OneView, a multi-tenant console tailored for Managed Service Providers (MSPs). With OneView, MSPs could efficiently manage multiple clients’ security needs from a unified platform.

**Comprehensive Endpoint Detection and Response Offerings (2020 – 2021)**

Throughout 2020 and 2021, we fortified our EDR capabilities, including extensions to support Windows servers. With features such as Flight Recorder Search, Threat Hunting Alerts, and Brute Force Protection, we further strengthened our protective measures against cyber threats.

**Managed Detection and Response (2022)**

Last year, we delved into a multitude of new services and tools, including Device Control, Vulnerability Assessment, Patch Management Modules, and many more. Our crowning achievement was the introduction of Malwarebytes Managed Detection and Response (MDR) service, providing 24×7 monitoring and investigations for resource constrained IT teams.

**Securing The Against the Next Generation of Threats (2023 and beyond)**

2023 marked our foray into Mobile Protection for iOS, Android, and Chromebook platforms, helping organizations crush mobile threats on iOS, Android, and ChromeOS. The introduction of an Application Blocking Module gave administrators even greater control over app installations on devices.

Further, with the release of Malwarebytes Security Advisor, we transformed the Nebula customer experience to enable organizations to visualize and improve their security posture in just a few minutes. We also released Malwarebytes Managed Threat Hunting (MTH), a 24/7 service that proactively identifies and then alerts EDR customers to potential threats before an active attack begins.

**Into The Future With ThreatDown powered by Malwarebytes**

Originating from Malwarebytes’ 15-year legacy in combating daily malware threats, ThreatDown powered by Malwarebytes has evolved in tandem with the ever-changing threat landscape.

ThreatDown’s mission for businesses is straightforward: neutralize threats promptly and efficiently, without the need for extensive IT teams, prolonged setup times, or substantial budgets. We combine the technologies and services that resource constrained IT teams need into four streamlined, cost-effective bundles that take down threats, take down complexity and take down costs:

*   **ThreatDown Core Bundle**: Basic malware protection and threat surface reduction. A simple yet superior solution integrating award-winning endpoint protection technologies.
*   **ThreatDown Advanced Bundle**: Everything included in core plus Automated Threat Hunting and Ransomware Rollback. Tailored for smaller security teams with limited resources.
*   **ThreatDown Elite Bundle**: Everything in Advanced plus 24/7 expert monitoring and response by Malwarebytes MDR analysts. Purpose-built for organizations with small (to non-existent) security teams that lack the resources to address all security alerts.
*   **ThreatDown Ultimate Bundle**: Everything in Elite plus protection from categories of malicious websites. Perfect for teams looking for a SOC-in-a-box, a one-and-done shortcut to cybersecurity done right.

In short, with ThreatDown, the mission is clear: To take down threats to businesses and reduce attack surfaces immediately, without the need for an IT army or big budgets. Together, we can overpower threats—and empower IT.

Visit www.threatdown.com to learn more.

 ThreatDown powered by Malwarebytes: A 15 Year Journey 

A complaint filed with the EU’s independent data regulator accuses YouTube of failing to get explicit user permission for its ad blocker detection system, potentially violating the ePrivacy Directive.

Privacy campaigner Alexander Hanff claims that YouTube’s new ad blocker detection is illegal under European law, and he's taking the fight to the European Commission.

On November 6, German Pirate Party MEP Patrick Breyer addressed Hanff’s claim to the European Commission, formally requesting a legal position as to whether “protection of information stored on the device (Article 5(3) ePR) also cover information as to whether the user's device hides or blocks certain page elements, or whether ad-blocking software is used on the device” and—critically—if this kind of detection is “absolutely necessary to provide a service such as YouTube.”

YouTube began rolling out ad block detection to Europe earlier this year and is now preventing some European users from viewing its content if they have an ad blocker enabled. The EU’s ePrivacy Directive requires online service providers to get explicit permission to “gain access to information stored in the terminal equipment of a subscriber or user.” Hanff, an expert advisor to the European Data Protection Board, alleges that YouTube’s use of JavaScript-based detection scripts to look for specific HTML page elements rendered by a user’s browser is subject to that requirement and he believes it is failing to abide by it.

In a complaint lodged with Ireland's Data Protection Commissioner (DPC), Hanff called on the DPC to “take action against YouTube … for this breach of the law and demand YouTube cease their unlawful deployment of adblocker detection tools.”

Hanff, who helped to draft the forthcoming update to the EU’s ePrivacy regulations, says he believes YouTube’s JavaScript violates EU citizens' privacy.

“The script that \[YouTube\] deploys is detecting what software people are running on their machines or what behaviour their browser is exhibiting in relation to their private activities. It's not okay. It's illegal,” Hanff claims, echoing his complaint. We have a fundamental right to privacy under Article 7 of the European Charter of Fundamental Rights. We have a fundamental right to data protection under Article 8.”

YouTube reportedly started implementing anti-adblock measures in May 2023, and in June was still describing its ad blocker detection as a “experiment.” European users have reported seeing detection messages since at least mid-October. Not every user is affected, and you’ll only see these anti-adblocker messages if you’re signed into your YouTube account.

When YouTube detects an ad blocker or other privacy tool that blocks ads as part of its functions, you'll see a warning stating that “Ad blockers violate YouTube's Terms of Service” or “Ad blockers are not allowed on YouTube.” There are a few different versions of this message, including some that entirely prevent you from playing videos and others that allow you to view a number of videos with your blocker enabled before streaming is blocked.

A pop-up asking you to turn off your ad blocker is hardly an unusual sight on the internet, but could it be against the law?

All versions of YouTube's ad blocker detection that WIRED is aware of use a JavaScript program that runs in the client browser, although YouTube says that it could use non-invasive server-side methods to identify if a video ad served to a user has not been played.

Hanff’s complaint claims that YouTube’s client-side detection code meets the description, in Article 5(3) of the ePrivacy directive 2002/58/EC, of a process used to “gain access to information stored in the terminal equipment of a subscriber or user." If that’s the case, the user must be provided with “clear and comprehensive information” about what this information will be used for and given the “right to refuse such processing.”

You'll be familiar with this process from the cookie consent forms that appear whenever a website wishes to capture non-essential information about you and your browser. Right now, neither an explicit notification nor an opt-out are displayed when YouTube obtains data about whether ad blocking tools may be active on your device or network connection.

YouTube representative Christopher Lawton tells WIRED that “ads support a diverse ecosystem of creators globally and allow billions to access their favorite content on YouTube. The use of ad blockers violate\[s\] YouTube’s Terms of Service.”

YouTube’s current terms, last updated on January 5, 2022, don’t explicitly mention the use of ad blocking tools, nor any detection measures, although a Permissions and Restrictions clause that forbids user activity to “circumvent, disable, fraudulently engage, or otherwise interfere with the Service” could be read as covering this scenario.

But Hanff, who holds an advanced master of laws in privacy, cybersecurity and data management from Maastricht University, maintains that, “under EU Consumer Protection Law, you're not legally allowed to enforce any terms in the contract which infringe on the fundamental rights and freedoms of an EU resident.” The reason cookie consent forms are so intrusive is because consent for device access can’t be bundled up with other terms and conditions.

Breyer, the German MEP, echoes Hanff’s beliefs, telling WIRED that "ad blockers protect us from illegal tracking of our online life and online harms. YouTube's terms and conditions likely violate EU law. YouTube should offer surveillance-free advertising and stop its anti-adblock campaign now."

YouTube obviously wants to make money—that server bandwidth isn't going to pay for itself. In 2022, ad-free YouTube Music and Premium had 80 million subscribers, while YouTube reported ad revenue of $7.95 billion in the third quarter of 2023 alone.

Priced at $13.99 (or €12.99 in Europe), YouTube Premium's primary benefit is ad-free video and music streaming. But if you can use an ad blocker to obtain most of the benefits of a subscription, there's little incentive to pay.

YouTube also needs its content creators to make enough money to justify their efforts. If you don't watch the ads on a video, and aren’t paying for YouTube Premium, the video you’re watching doesn't make any money for its uploader. That includes if you have ads enabled but press the “skip ad” button as soon as it appears on a skippable ad.

YouTube also reserves the right to serve ads on videos by creators who are not in the YouTube Partner Program or under a monetizing agreement, without sharing any revenue from those ads with said creators.

The arguments in favor of ad blocking range from reducing bandwidth consumption to avoiding psychologically harmful ads. (YouTube, for example, runs ads for alcohol, diets, and online casinos.) But the most compelling argument in favor of ad blocking is online security. Security researchers regard online ad networks as a key threat vector when it comes to cybersecurity, and ads on YouTube have previously been cited as serving crypto-mining malware and links to scams and pornographic content.

Most ad-blocking browser extensions look for specific file paths and filenames (such as those in the ad blocking Easylist) being called from within a page, and remove them from the version of the page that is rendered in your browser.

For example, a JavaScript program called “clever\_ads.js” (the name of a script produced by the Clever Ads advertising automation service, which embeds ads in your page) would be identified by the ad blocker and removed, along with any content it would normally load. In the case of YouTube, the ad API returned JSON files, which the ad blockers would replace.

There are a few methods of detecting whether a user is blocking ads, most of which involve another JavaScript program that checks the rendered page for evidence that ad content has been removed. A frequent approach is to have your ad-loading script also insert a JavaScript variable or an HTML element that can be checked for.

Of course, ad blockers can look for and remove the anti-adblocker scripts as well, and that’s what’s happening in the case of blocking tools, such as Adblock Plus and uBlock Origin, that regularly provide extra filters to download and add to the blocker so that it can remove the latest scripts.

But as its anti-adblocker scripts are added to the filter lists, YouTube releases updated versions of those scripts. So now there’s an adblock detection arms race going on, embodied by the “Is YouTube Anti-Adblock Fixed” website, which monitors whether the uBlock Origin browser plugin is successfully circumventing YouTube’s adblock detection or not by comparing a list of YouTube anti-adblocker script IDs with the list of script IDs that are blocked by the plugin.

Fundamentally, the EU says that random websites aren't allowed to rummage around in your stuff without permission. That’s something most people agree on. Google itself forbids Android app developers from using the QUERY\_ALL\_PACKAGES permission, describing a user's installed apps as “personal and sensitive information.”

The question facing the DPC is whether YouTube’s adblock detection scripts are invasive enough to qualify: Is downloading and running a JavaScript routine equivalent to downloading and storing a cookie?

It looks like YouTube intends to argue that it isn’t, and is emphatic that it only seeks to identify whether ads have been served but not played. When WIRED asked the company if it was using or testing server-side ad blocker detection, YouTube’s Lawton said that it was currently carrying out ad blocker detection within YouTube and not on users’ devices. That doesn’t line up with our observations or those of the ad blocker developers, as a JavaScript detection routine on a website has to be run by the browser to function.

Lawton says that YouTube “will of course cooperate fully with any questions or queries from the DPC.”

The Irish Data Protection Commissioner’s office did not provide a comment for this feature, but Hanff says that the DPC has confirmed to him that it’s investigating the case.

YouTube's Ad Blocker Detection Believed to Break EU Privacy Law

EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.

**更新履歴**

2023/11/09 15:00

目次の追加

2023/11/07 14:00

JVNからの公表内容情報へのリンクを追加

2023/10/26 13:00

初版公開

**目次**

*   EC-CUBEにおけるRCE可能な脆弱性
*   脆弱性の概要
*   Twigの更新手順
*   修正方法1: 修正ファイルを利用する場合(4.0系)
*   修正方法2: 修正差分を確認して適宜反映する場合(4.0系)
*   問い合わせ先
*   謝辞

**EC-CUBEにおけるRCE可能な脆弱性**

EC-CUBE 4.0系におけるRCE可能な脆弱性(危険度: 低)があることが判明いたしました。

脆弱性そのものは、修正の反映によりすぐに解決するものです。  
以下のいずれかの方法により、ご対応をお願いいたします。

*   修正ファイルを適用する
*   修正差分を確認して適用する

皆様にはお手数おかけし誠に申し訳ございません。  
本脆弱性における被害報告は現時点でございませんが、できるだけ速やかにご対応をお願いいたします。

**脆弱性の概要****EC-CUBEにおけるRCE可能な脆弱性****危険度:**

低

**不具合が存在するEC-CUBEのバージョン:**

*   **4.0.0〜4.0.6-p3**

**詳細:**

該当バージョンのEC-CUBEにはRCE可能な脆弱性が存在します。EC-CUBEはテンプレートエンジンとしてTwigを利用していますが、EC-CUBEの一部画面でTwigに対する設定不備が存在し、攻撃者が対象のシステム上で任意のコードを実行できる可能性があります。

**JVNからの公表内容 (2023/11/07公開)**

JVN#29195731: EC-CUBE 3系および 4系において任意のコードを実行される脆弱性

*   EC-CUBE 3系および 4系において任意のコードを実行される脆弱性 CVE-2023-46845

**Twigの更新手順**

EC-CUBE4.0系で利用している場合、Twigの不具合によりSandBox機能が動作しません。  
修正方法を実施する前に、Twigのアップデートを行ってください。

Twigをアップデートするためには、composerを使用する方法とファイルを手動でアップデートする方法の2つがあります。  
以下のどちらかを実施してください。

*   **composerコマンドにて、Twigをアップデート:**
    
    以下のコマンドを実行し、Twigを新しいバージョンに更新してください。  
    $ composer update twig/twig  
    $ composer update twig/extensions
    
    また、以下のコマンドを実行し、Twigが更新されていることを確認してください。
    
    $ composer show twig/twig  
    ※以下のように表示されることを確認してください。  
    name : twig/twig  
    versions : \* v2.15.5
    
    $ composer show twig/extensions  
    ※以下のように表示されることを確認してください。  
    name : twig/extensions  
    versions : \* v1.5.4
    

*   **Twigのファイルを手動でアップデート:**
    
    Twigを手動でアップデートする時は、以下の手順に従ってください。
    
    twig/twigのファイルを以下のURLからダウンロードします。  
    https://github.com/twigphp/Twig/archive/refs/tags/v2.15.5.zip
    
    \[EC-CUBEの設置先\]/vendor/twig/twigディレクトリ内を削除してください。  
    ダウンロードしたZIPファイルを\[EC-CUBEの設置先\]/vendor/twig/twigディレクトリに展開してください。
    
    twig/extensionのファイルを以下のURLからダウンロードします。  
    https://github.com/twigphp/Twig-extensions/archive/refs/tags/v1.5.4.zip
    
    \[EC-CUBEの設置先\]/vendor/twig/extensionsディレクトリ内を削除してください。  
    ダウンロードしたZIPファイルを\[EC-CUBEの設置先\]/vendor/twig/extensionsディレクトリに展開してください。
    
    ファイルが正しく上書きされたことを確認してください。  
    また、EC-CUBEの動作を確認し、テンプレートが正しく表示されることを確認してください。
    

**修正方法1: 修正ファイルを利用する場合**(4.0系)****

**※本修正を実施する前に、Twigの更新を必ず行ってください。**

開発環境がある場合は、まず開発環境でお試しください。  
以下の手順に従って、修正ファイルの反映をお願いいたします。

1.  修正ファイルのダウンロード
    
    ご利用中のEC-CUBEのバージョンに該当する修正ファイルをダウンロードしてください。  
    ※EC-CUBEのバージョンはこちらの手順でご確認ください。  
    ※修正ファイルは各バージョンの最新版に対して作成しています。旧バージョンをご利用の場合は、「修正方法2」のご対応をお願いします。  
    ※対象のファイルに対して既にカスタマイズをしている場合は、「修正方法2」のご対応をお願いします。
    
    *   **修正ファイル(4.0.6-p3)** (SHA256:0bcbb847ea1aaf8443f49f30015066122ce27f253574dcc92cae4b5859a6646f)
    
    ダウンロードし、解凍していただきますと、以下の修正ファイルがあります。必ず該当するバージョンのファイルをご利用ください。
    
    **4.0.6-p3**
    *   app/config/eccube/packages/twig\_extensions.yaml
    *   src/Eccube/Resource/template/default/Product/detail.twig
    *   src/Eccube/Resource/template/default/default\_frame.twig
    *   src/Eccube/Twig/Extension/IgnoreTwigSandboxErrorExtension.php
    *   src/Eccube/Twig/Sandbox/SecurityPolicyDecorator.php
2.  EC-CUBEファイルのバックアップ
    
    あらかじめEC-CUBEファイル全体のバックアップを行ってください。  
    
3.  修正ファイルの反映
    
    以下のファイルを上書き更新してください。
    
    上書きするファイル
    
    **4.0.6-p3**
    
    *   app/config/eccube/packages/twig\_extensions.yaml
    *   src/Eccube/Resource/template/default/Product/detail.twig
    *   src/Eccube/Resource/template/default/default\_frame.twig
    *   src/Eccube/Twig/Extension/IgnoreTwigSandboxErrorExtension.php
    *   src/Eccube/Twig/Sandbox/SecurityPolicyDecorator.php
    
    下記にファイルが存在する場合は同様に上書きをお願いします
    
    *   app/template/default/Product/detail.twig
    *   app/template/default/default\_frame.twig
    
    また、snippet.twigに関してはプラグインで拡張する箇所となるため対応不要となります。
    
    ※デザインテンプレートの適用や、EC-CUBE本体のカスタマイズをしている場合、修正箇所の差分をご確認のうえ反映をお願いします。  
    ※開発環境がある場合は、開発環境での反映・動作確認を行った後に、本番環境への反映をおすすめします。
4.  キャッシュの削除
    
    EC-CUBE のキャッシュの削除が必要です。  
    EC-CUBE の管理画面にログインいただき、コンテンツ管理 -> キャッシュ管理 のページからキャッシュの削除をお願いいたします。
    
5.  動作確認
    
    フロント画面と管理画面（ログインが必要）それぞれにおいて、基本操作が正常に行えることをご確認ください。  
    

**修正方法2: 修正差分を確認して適宜反映する場合**(4.0系)****

**※本修正を実施する前に、Twigの更新を必ず行ってください。**

以下のコード差分情報を参照して頂き、必要な箇所に修正を反映してください。

本修正方法はEC-CUBE 4.0.6-p3のバージョンを例として提示しております。  
過去バージョンをご利用の場合は、下記修正対象ファイルの修正差分を参考にご対応お願いいたします。  

**修正差分**

1.  app/config/eccube/packages/twig\_extensions.yaml +143 \-0
2.  src/Eccube/Resource/template/default/Product/detail.twig +1 \-1
3.  src/Eccube/Resource/template/default/default\_frame.twig +1 \-1
4.  src/Eccube/Twig/Extension/IgnoreTwigSandboxErrorExtension.php +78 \-0
5.  src/Eccube/Twig/Sandbox/SecurityPolicyDecorator.php +47 \-0

@@ -8,3 +8,146 @@ services:

8

8

  #Twig\\Extensions\\DateExtension: ~

9

9

  Twig\\Extensions\\IntlExtension: ~

10

10

  #Twig\\Extensions\\TextExtension: ~

11

+  

12

+ eccube.twig\_sandbox.policy:

13

+ class: Twig\\Sandbox\\SecurityPolicy

14

+ arguments:

15

+ $allowedTags: "%eccube.twig\_sandbox.allowed\_tags%"

16

+ $allowedFilters: "%eccube.twig\_sandbox.allowed\_filters%"

17

+ $allowedFunctions: "%eccube.twig\_sandbox.allowed\_functions%"

18

+ $allowedMethods: "%eccube.twig\_sandbox.allowed\_methods%"

19

+ $allowedProperties: "%eccube.twig\_sandbox.allowed\_properties%"

20

+ eccube.twig\_sandbox.extension:

21

+ class: Twig\\Extension\\SandboxExtension

22

+ arguments:

23

+ \- '@eccube.twig\_sandbox.policy'

24

+ \- false

25

+ tags: \['twig.extension'\]

26

+ Eccube\\Twig\\Sandbox\\SecurityPolicyDecorator:

27

+ decorates: 'eccube.twig\_sandbox.policy'

28

+ parameters:

29

+ eccube.twig\_sandbox.allowed\_tags:

30

+ \- 'apply'

31

+ \- 'block'

32

+ \- 'deprecated'

33

+ \- 'embed'

34

+ \- 'extends'

35

+ \- 'flush'

36

+ \- 'for'

37

+ \- 'if'

38

+ \- 'set'

39

+ \- 'spaceless'

40

+ \- 'verbatim'

41

+ \- 'with'

42

+ \- 'form\_theme'

43

+ \- 'stopwatch'

44

+ \- 'trans'

45

+ \- 'trans\_default\_domain'

46

+ eccube.twig\_sandbox.allowed\_filters:

47

+ \- 'abs'

48

+ \- 'batch'

49

+ \- 'capitalize'

50

+ \- 'column'

51

+ \- 'convert\_encoding'

52

+ \- 'date'

53

+ \- 'date\_modify'

54

+ \- 'default'

55

+ \- 'escape'

56

+ \- 'first'

57

+ \- 'format'

58

+ \- 'join'

59

+ \- 'json\_encode'

60

+ \- 'keys'

61

+ \- 'last'

62

+ \- 'length'

63

+ \- 'lower'

64

+ \- 'merge'

65

+ \- 'nl2br'

66

+ \- 'number\_format'

67

+ \- 'replace'

68

+ \- 'reverse'

69

+ \- 'round'

70

+ \- 'slice'

71

+ \- 'spaceless'

72

+ \- 'split'

73

+ \- 'striptags'

74

+ \- 'title'

75

+ \- 'trim'

76

+ \- 'upper'

77

+ \- 'url\_encode'

78

+ \- 'abbr\_class'

79

+ \- 'abbr\_method'

80

+ \- 'file\_link'

81

+ \- 'format\_args'

82

+ \- 'format\_args\_as\_text'

83

+ \- 'humanize'

84

+ \- 'trans'

85

+ \- 'yaml\_dump'

86

+ \- 'yaml\_encode'

87

+ \- 'date\_day'

88

+ \- 'date\_day\_with\_weekday'

89

+ \- 'date\_format'

90

+ \- 'date\_min'

91

+ \- 'date\_sec'

92

+ \- 'doctrine\_pretty\_query'

93

+ \- 'doctrine\_replace\_query\_parameters'

94

+ \- 'e'

95

+ \- 'ellipsis'

96

+ \- 'file\_ext\_icon'

97

+ \- 'form\_encode\_currency'

98

+ \- 'format\_log\_message'

99

+ \- 'no\_image\_product'

100

+ \- 'price'

101

+ \- 'time\_ago'

102

+ \- 'doctrine\_minify\_query'

103

+ \- 'localizedcurrency'

104

+ \- 'localizeddate'

105

+ \- 'localizednumber'

106

+ \- 'transchoice'

107

+ eccube.twig\_sandbox.allowed\_functions:

108

+ \- 'cycle'

109

+ \- 'date'

110

+ \- 'max'

111

+ \- 'min'

112

+ \- 'random'

113

+ \- 'range'

114

+ \- 'absolute\_url'

115

+ \- 'asset'

116

+ \- 'asset\_version'

117

+ \- 'csrf\_token'

118

+ \- 'is\_granted'

119

+ \- 'logout\_path'

120

+ \- 'logout\_url'

121

+ \- 'path'

122

+ \- 'relative\_path'

123

+ \- 'url'

124

+ \- 'active\_menus'

125

+ \- 'class\_categories\_as\_json'

126

+ \- 'csrf\_token\_for\_anchor'

127

+ \- 'currency\_symbol'

128

+ \- 'get\_all\_carts'

129

+ \- 'get\_cart'

130

+ \- 'get\_carts\_total\_price'

131

+ \- 'get\_carts\_total\_quantity'

132

+ \- 'has\_errors'

133

+ \- 'is\_reduced\_tax\_rate'

134

+ \- 'product'

135

+ \- 'workflow\_can'

136

+ \- 'workflow\_has\_marked\_place'

137

+ \- 'workflow\_marked\_places'

138

+ \- 'workflow\_transitions'

139

+ \- 'device\_version'

140

+ \- 'full\_view\_url'

141

+ \- 'is\_android\_os'

142

+ \- 'is\_device'

143

+ \- 'is\_full\_view'

144

+ \- 'is\_ios'

145

+ \- 'is\_mobile'

146

+ \- 'is\_mobile\_view'

147

+ \- 'is\_not\_mobile\_view'

148

+ \- 'is\_tablet'

149

+ \- 'is\_tablet\_view'

150

+ eccube.twig\_sandbox.allowed\_methods:

151

+ 'Symfony\\Bridge\\Twig\\AppVariable': \[ 'getrequest' \]

152

+ 'Symfony\\Component\\HttpFoundation\\Request': \[ 'geturi' \]

153

+ eccube.twig\_sandbox.allowed\_properties: \[\]

@@ -375,7 +375,7 @@ file that was distributed with this source code.

375

375

  </div>

376

376

  {% if Product.freearea %}

377

377

  <div class="ec-productRole\_\_description">

378

\- {{ include(template\_from\_string(Product.freearea)) }}

378

+ {{ include(template\_from\_string(Product.freearea), sandboxed = true) }}

379

379

  </div>

380

380

  {% endif %}

381

381

  </div>

@@ -28,7 +28,7 @@ file that was distributed with this source code.

28

28

  <meta name="robots" content="{{ Page.meta\_robots }}">

29

29

  {% endif %}

30

30

  {% if Page.meta\_tags is not empty %}

31

\- {{ include(template\_from\_string(Page.meta\_tags)) }}

31

+ {{ include(template\_from\_string(Page.meta\_tags), sandboxed = true) }}

32

32

  {% endif %}

33

33

  <link rel="icon" href="{{ asset('assets/img/common/favicon.ico', 'user\_data') }}">

34

34

  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css" integrity="sha384-HSMxcRTRxnN+Bdg0JdbxYKrThecOKuH5zCYotlSAcp1+c8xmyTe9GYg1l9a69psu" crossorigin="anonymous">

@@ -0,0 +1,78 @@

1

+ <?php

2

+  

3

+ /\*

4

+ \* This file is part of EC-CUBE

5

+ \*

6

+ \* Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.

7

+ \*

8

+ \* http://www.ec-cube.co.jp/

9

+ \*

10

+ \* For the full copyright and license information, please view the LICENSE

11

+ \* file that was distributed with this source code.

12

+ \*/

13

+  

14

+ namespace Eccube\\Twig\\Extension;

15

+  

16

+ use Twig\\Environment;

17

+ use Twig\\Error\\LoaderError;

18

+ use Twig\\Extension\\AbstractExtension;

19

+ use Twig\\Extension\\SandboxExtension;

20

+ use Twig\\Sandbox\\SecurityError;

21

+ use Twig\\TwigFunction;

22

+  

23

+ /\*\*

24

+ \* \\vendor\\twig\\twig\\src\\Extension\\CoreExtension の拡張

25

+ \*/

26

+ class IgnoreTwigSandboxErrorExtension extends AbstractExtension

27

+ {

28

+ /\*\*

29

+ \* {@inheritdoc}

30

+ \*/

31

+ public function getFunctions(): array

32

+ {

33

+ return \[

34

+ new TwigFunction('include', \[$this, 'twig\_include'\], \['needs\_environment' => true, 'needs\_context' => true, 'is\_safe' => \['all'\]\]),

35

+ \];

36

+ }

37

+  

38

+ /\*\*

39

+ \* twig sandboxの例外を操作します

40

+ \* app\_env = devの場合、エラーを表示する

41

+ \* app\_env = prodの場合、エラーを表示しない

42

+ \*

43

+ \* @param Environment $env

44

+ \* @param $context

45

+ \* @param $template

46

+ \* @param $variables

47

+ \* @param $withContext

48

+ \* @param $ignoreMissing

49

+ \* @param $sandboxed

50

+ \*

51

+ \* @return string|void

52

+ \*

53

+ \* @throws LoaderError

54

+ \* @throws SecurityError

55

+ \*/

56

+ public function twig\_include(Environment $env, $context, $template, $variables = \[\], $withContext = true, $ignoreMissing = false, $sandboxed = false)

57

+ {

58

+ try {

59

+ return \\twig\_include($env, $context, $template, $variables, $withContext, $ignoreMissing, $sandboxed);

60

+ } catch (SecurityError $e) {

61

+  

62

+ // devではエラー画面が表示されるようにする

63

+ $appEnv = env('APP\_ENV');

64

+ if ($appEnv === 'dev') {

65

+ throw $e;

66

+ } else {

67

+ // ログ出力

68

+ log\_warning($e->getMessage(), \['exception' => $e\]);

69

+  

70

+ // 例外がスローされた場合、sandboxが効いた状態になってしまうため追加

71

+ $sandbox = $env->getExtension(SandboxExtension::class);

72

+ if (!$sandbox->isSandboxedGlobally()) {

73

+ $sandbox->disableSandbox();

74

+ }

75

+ }

76

+ }

77

+ }

78

+ }

@@ -0,0 +1,47 @@

1

+ <?php

2

+  

3

+ /\*

4

+ \* This file is part of EC-CUBE

5

+ \*

6

+ \* Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.

7

+ \*

8

+ \* http://www.ec-cube.co.jp/

9

+ \*

10

+ \* For the full copyright and license information, please view the LICENSE

11

+ \* file that was distributed with this source code.

12

+ \*/

13

+  

14

+ namespace Eccube\\Twig\\Sandbox;

15

+  

16

+ use Twig\\Sandbox\\SecurityPolicy as BasePolicy;

17

+ use Twig\\Sandbox\\SecurityPolicyInterface;

18

+  

19

+ class SecurityPolicyDecorator implements SecurityPolicyInterface {

20

+  

21

+ /\*\* @var BasePolicy \*/

22

+ private $securityPolicy;

23

+  

24

+ public function \_\_construct(BasePolicy $securityPolicy)

25

+ {

26

+ $this->securityPolicy = $securityPolicy;

27

+ }

28

+  

29

+ public function checkSecurity($tags, $filters, $functions)

30

+ {

31

+ $this->securityPolicy->checkSecurity($tags, $filters, $functions);

32

+ }

33

+  

34

+ public function checkMethodAllowed($obj, $method)

35

+ {

36

+ // \_\_toStringの場合はチェックをスキップする

37

+ if ($method === '\_\_toString') {

38

+ return;

39

+ }

40

+ $this->securityPolicy->checkMethodAllowed($obj, $method);

41

+ }

42

+  

43

+ public function checkPropertyAllowed($obj, $method)

44

+ {

45

+ $this->securityPolicy->checkPropertyAllowed($obj, $method);

46

+ }

47

+ }

**問い合わせ先**

本脆弱性に関するお問合せ：

EC-CUBE 運営チーム  
MAIL: support@ec-cube.net

**謝辞**

本脆弱性は、

*   株式会社エヌ・エフ・ラボラトリーズ 三浦 剛様

よりご報告いただきました。  
この場をお借りして、厚く御礼申し上げます。

CVE-2023-46845: EC-CUBE4系におけるRCE可能な脆弱性(JVN#29195731)

By Deeba Ahmed
The new feature will add an Independent Security Review badge at the top of the Google Play search results page when users search for VPN apps. 
This is a post from HackRead.com Read the original post: Google Launches Verification Badges for Security Tested VPN Apps

The new feature is the latest in line with increasing security and precautionary measures by Google to keep malicious Android apps away from its Play Store.

Google Play has introduced a new feature to inform users looking for reliable VPN (virtual private network) apps if the apps have undergone an independent security review. The new feature will add an Independent Security Review badge at the top of the Google Play search results page when users search for VPN apps. 

This badge will ensure the app has been scanned through an independent security review. That’s not all! The banner will provide additional information under the Learn More option, which will redirect them to the App Validation Directory, providing technical assessment details so that users can make informed decisions when downloading VPNs.

Screenshot: Google

The certification can be checked in the app’s Data Safety section on Google Play Store. Its presence means the application has been tested against pre-determined security criteria, which Google has developed with several cybersecurity partners.

The badge will inform users that the app has been verified and validated by an independent third party and meets the minimum best practices standards of the industry’s mobile security and privacy guidelines. It will also indicate that the app’s developers will identify/mitigate vulnerabilities promptly.

For your information, in 2022, the App Defense Alliance (ADA) launched the Mobile App Security Assessment (MASA) to let developers evaluate their apps independently against a strict global security standard.

This serves as an assurance for users that app developers are following best practices for privacy and security. Successful validation will allow the developers to display the badge in their app’s Data Safety section. This addition will make it more challenging for cybercriminals to access users’ devices through compromised apps and improve the app’s quality.

Although adhering to “baseline security standards” won’t guarantee that the app will be vulnerability-free, the badge will serve as a “visual cue” for users that it has been scanned and validated.

The new feature has been rolled out for VPN apps and selected app categories as the company wants to secure sensitive apps initially. VPNs hold a substantial volume of data as they are primarily used for searching and accessing websites. In a blog post, Nataliya Stanetsky, Android Security and Privacy Team wrote that:

> _“VPN providers such as NordVPN, Google One, ExpressVPN, and others have already undergone independent security testing and publicly declared the badge showing their good standing with the MASA program. We encourage and anticipate additional VPN app developers to undergo independent security testing, bringing even more transparency to users.”_
> 
> Google

This is a proactive move to enhance app security and protect user data, underscoring the company’s commitment to improving cybersecurity in the digital space. Users are generally unaware of the risks associated with VPN apps. Many of these apps can be designed to collect sensitive device or user data and may even inject malware onto their devices. 

1.  Google Makes Passkeys Default for All Users
2.  Google offers Dark Web monitoring for US Gmail users
3.  Google Buys Cyber Security Firm Mandiant for $5.4 Billion
4.  Google Chrome to Mask User IP Addresses to Protect Privacy
5.  Google Introduces Bug Bounty Program for Open-Source Software
6.  Google Removes Swing VPN Android App Exposed as DDoS Botnet
7.  Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID
8.  Essential Insights on Google Cloud Backup and Disaster Recovery Service

Tag

#android