Google

Pierluigi Paganini February 27, 2017
CVE-2017-0037 – Google Project Zero discloses another unpatched Microsoft Edge and IE Vulnerability

The researchers at Google’s Project Zero have revealed another flaw, tracked as CVE-2017-0037, that affects Microsoft Edge and IE. It has happened again, the researchers at Google’s Project Zero have revealed another flaw, tracked as CVE-2017-0037, in Microsoft products. The flaw affects Microsoft’s Internet Explorer and Edge browsers, it was first reported on November 25 […]

Pierluigi Paganini February 24, 2017
Out-of-band resource load in Google allows attacker to launch a DDoS attack from its servers

A security researcher discovered an Out-of-band resource load flaw in Google’s servers that allowed him to perform a DDoS attack on remote hosts. Young security researcher, Luka Sikic from Croatia found a serious vulnerability in Google. He was able to servers of the IT giant to perform a DDoS attack on remote hosts. Out-of-band resource load (classified […]

Pierluigi Paganini February 16, 2017
Google was aware of Russian APT28 group years before others

Lorenzo Bicchierai from MotherBoard shared an interesting private report about Russian cyber espionage operations conducted by APT28, the document was leaked online by Google. The report dating 2014 includes information collected by Google on the hacking activities conducted by its hackers. In October 2014, the security experts at FireEye linked cyber attacks against a number of […]

Pierluigi Paganini January 27, 2017
Hacker discovered security flaws in Amazon, Apple and Google epub services

A hacker discovered a XXE flaw in the EpubCheck library that affects major epub services causing information disclosure and denial of service conditions. The security expert and bug hunter Craig Arendt (@craig_arendt) has discovered flaws in major eBook readers including the ones commercialized by Amazon, Apple, and Google. The expert discovered different XML external entity (XXE) […]

Pierluigi Paganini January 26, 2017
Gmail will stop allowing JavaScript (.js) file attachments starting February 13, 2017

Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. JavaScripts files, like many other file types (i,e, .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd) […]

Pierluigi Paganini November 09, 2016
Microsoft patches CVE-2016-7255 Windows zero-day exploited by Fancy Bear

Microsoft has issued a security patch that fixes the zero-day vulnerability tracked as CVE-2016-7255 exploited by Russian hackers. Microsoft has issued security patches that fixed also the zero-day vulnerability exploited by Russian hackers. One of the zero-days tracked as CVE-2016-7255  has been patched in the MS16-135 bulletin that also addresses two information disclosure and three […]

Pierluigi Paganini November 01, 2016
Google discloses Windows zero-day that has been exploited in the wild

Google has disclosed a Windows zero-day vulnerability after 7-day deadline it gives vendors when the flaw is actively exploited in the wild by hackers. Google has once again publicly disclosed a zero-day vulnerability affecting current versions of Windows operating system  and Microsoft still hasn’t issued a patch. Yes, you’ve got it right! There is a […]

Pierluigi Paganini September 23, 2016
As of October 5, automatic OAuth 2.0 token revocation upon password reset

Google announced a change to its security policy to increase the account security that includes the OAuth 2.0 token revocation upon password reset. Google has finally announced a new OAuth 2.0 token revocation according to its security policy, the company will roll out the change starting on Oct. 5. The change to the Google security policy […]

Pierluigi Paganini September 14, 2016
How to hack Google FR by exploiting a cross-site scripting flaw

The security expert Issam Rabhi (@issam_rabhi) has discovered a cross-site scripting vulnerability in Google France. The giant already fixed it. A security expert from French security outfit Sysdream, Issam Rabhi (@issam_rabhi), discovered a cross-site scripting vulnerability in Google France. Yes, you‘ve got it right, the website of the IT giant was affected by one of the […]

Pierluigi Paganini September 09, 2016
Chrome will mark HTTP connections to websites as non-secure from January 2017

From January 2017, Chrome will indicate connection security with an icon in the address bar labeling HTTP connections to sites as non-secure. Google continues its effort to make the web a better place by pushing the adoption of encryption, we left the IT giant in May when it announced the decision to switch on default HTTPS […]