Latest news with #GoogleSecurity
Forbes
02-08-2025
- Forbes
Google Issues 3 Gmail Security Warnings — Fast Action Needed
Not all Google security warnings concern a surge in attacks requiring you to update your Gmail password, or vulnerabilities in the Chrome browser, or even an invisible hacking threat that can erase your Android phone data. Some, as was the case of the three security warnings that dropped in my Gmail inbox from Google just this last week, are less immediately frightening, but require your immediate attention nonetheless. Attacks are out of your control, all you can do is mitigate against the threat they pose, and that's what these new Gmail warnings are all about: putting you back in control of your account security. But you must respond quickly — here's why. Google's Gmail Security Warning Number One The first warning arrived in my Gmail inbox on July 29 and is definitely of the respond immediately variety. 'Your personal info was found on the dark web,' it stated, urging me to review the results. Truth be told, I didn't, and you shouldn't need much persuasion. After all, what's the point of being signed up to Google's dark web reporting if you don't? The information provided by the report can be sorted by such things as emails, passwords, usernames and other data. The most important, of course, being the password entries. As soon as you discover that your credentials have been leaked onto the dark web following a breach of any service, you should immediately change your password. You should also change the password at any other service or platform where you have reused it. This is a Gmail security warning that you must not ignore, and it's just the first of three in as many days that I received. Google's Gmail Security Warning Number Two The second security warning to drop in my Gmail inbox from Google also arrived on July 29 and had the slightly confusing subject of 'Sign into your Google account.' I say confusing, from my perspective as a security wonk and likely yours if you've read any of my, or other security wonks', warnings about phishing emails impersonating Google and asking you to do just that. Opening the email didn't help much, seeing as it consisted largely of a link asking me to sight in and a button doing the same, all tactics employed by hackers looking to compromise your account. I knew it was a genuine communication, however, as I received a copy to an email account that I have as the recovery account for the one the warning referred to, a Gmail address that nobody else would know is connected in this way. And the reason for wanting me to sign in? Yes, it's a new message about an old issue: an inactive Gmail account. 'You're receiving this message because your Google Account has not been used in at least 8 months,' the warning stated, adding that Google might delete activity and data if said account is not used within a two-year period. The reason behind the inactive account policy? They are far more likely to be compromised than an active one, according to Google and other security experts. "Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step verification set up," Ruth Kricheli, a vice president of product management at Google said. Boris Cipot, senior security engineer at Black Duck, confirmed that 'in the event of a data breach, attackers can use your outdated information to gain access to your current accounts or trick you into revealing more.' So, you know what to do if you get this security warning: sign in and save your account. It really is that simple. You don't have to follow the links in the email, in fact I'd suggest for improved security that you don't, rather go directly to the account using your web browser or the Google app. Google's Gmail Security Warning Number Three The final part of this security warning triumvirate arrived a day later, July 30, in the shape of a Gmail message urging me to 'Help strengthen the security of your Google Account.' Now, in a way, this is related to security warning numbers two, in as far as it concerns something that has not been used in a while. But in this case, it's a device rather than an account itself. 'Remove access from devices that you don't use anymore,' the warning continued. In this case it was, as my Gmail message told me, a tiny smartphone called the Unihertz Jelly 2E that had not been 'used in a while,: and, as such, should be removed. 'You should only stay signed in on devices that you use and trust,' the warning said, and that's excellent advice. Each redundant device is just another extension of the potential threat surface as it relates to your Google account and, of course, your Gmail account as part of that. The best mitigation is, as recommended by Google, to run a security checkup that will find such redundant devices and provide a myriad of other personalised security recommendations, including your Gmail settings. You know what to do, maybe don't wait until you get a Gmail security warning email to do it, though: act now and stay secure.
Android Authority
01-08-2025
- Android Authority
Here's how Android Identity Check will start taking advantage of your smartwatch (APK teardown)
Joe Maring / Android Authority TL;DR Identity Check offers an extra layer of protection when someone steals both your phone and your PIN. By requiring biometrics, Identity Check attempts to limit the harm bad actors could do. Google is working to let you bypass that biometric requirement when your device is connected to a trusted smartwatch. We all want our devices to be secure, but practical considerations mean we're often striking a balance between security and convenience. That's not a bad thing at all, as we don't always need to be taking advantage of every security protection available to us, and systems like Android's Identity Check are built for just this reason, letting us get away with just using a PIN or biometrics when we're at home, but beefing up security and insisting on both when outside a trusted location. Just last week, we looked at one way Identity Check could soon be changing, with the tool evolving to recognizing the presence of your connected smartwatch. At the time it wasn't yet clear exactly how the watch would alter Identity Check's behavior, but now it's starting to come into focus. ⚠️ An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release. Identity Check is designed to help save your bacon when you're in just about the worst situation: someone else not only has your phone, but they also have your PIN. Maybe they shoulder-surfed while you were unlocking the phone, or used threats to get you to reveal it, but Identity Check is built to assume that your PIN's been compromised. That's exactly why it also insists upon biometric authentication when trying to access saved passwords or change critical security settings from anywhere other than a trusted location. Here are the strings we spotted last time we looked: Code Copy Text With your watch connected, Identity Check automatically recognizes you while maintaining your security even when you're not in a trusted location Protection on the move with watch Those made it clear that Google's working on a way for Identity Check to use the presence of a paired watch as a signal of trust, just in the way a location already can. But what we didn't have at the time was confirmation of how Identity Check would work differently when it sensed your watch. Looking through the new 25.31.30 beta release of Google Play Services, we've spotted an additional string that provides some answers: Code Copy Text Outside of trusted places like your home • If you have a connected watch, you can use either biometrics or your PIN • If you don't have a connected watch, you'll be required to use Fingerprint or Face Unlock There we go: When you're using Identity Check with a smartwatch it recognizes, you'll be able to bypass the need to enter a PIN, even when away from home. Basically, it's like two-factor authentication, and you've got to choose any two of the three: PIN, biometrics, or the presence of your watch. We supposed it is conceivable that someone manages to learn your PIN, steal your phone, and also take your smartwatch, so hopefully there's a setting to choose whether or not we want to take advantage of this option once it finally arrives. Follow
Time of India
23-06-2025
- Time of India
Gen AI in cybersecurity: Will help defenders with better counter measures; India ahead of other nations
Generative artificial intelligence, while being increasingly exploited by cyber criminals to fuel their attacks, is also empowering defenders with faster and smarter responses to online threats, according to Heather Adkins, global VP of engineering at Google Security. Adkins, who has spent more than 20 years at Google, said, generative AI will give "defenders" a "leg up" over the threat actors.' 'We will be able to leverage Gen AI to protect infrastructure in new ways that we've never thought of before and also at a speed that we've never been able to achieve before,' she said, quoted by TNN. She said that the same technology being used to plan sophisticated cyberattacks can also help strengthen defence systems. Talking about cyberattacks in India, the Google security VP pointed out that the government is "very engaged" and has been ahead of many other nations in tackling these threats. 'It's a hot topic. They've done a very good job in getting involved quickly and partnering with companies. The workforce here and education levels in India are pretty high. There are parts of the world I go where they're just now starting to think about cyber security and they're much further behind India.' Google Security now plans to set up an engineering centre in India. She further warned of the growing threat posed by state-sponsored cyberattacks, particularly as geopolitical tensions continue to rise, putting the world at risk. 'It's a question of who has more time. And, if you think about a well-funded nation state, may be they'll create a project, put 100 people on it, and they just work on that project throughout the day... So, they often know more because they have more time, not because they're smarter. I would say they're more likely to be successful.' Adkins highlighted the need to educate users alongside building tools, stating that digital instincts must be developed to spot malicious content online. 'Unlike the physical world where you have instincts and senses to identify something dangerous, the online world does not have a parallel. We have to build that,' she said. Despite the rising tempo and complexity of attacks, Adkins believed that the cybersecurity landscape is in a better place today. 'There's no doubt that we're seeing an increase in the tempo and sophistication of attacks. But today, more than ever before, enterprises have better tools.' Cybersecurity looked 'primitive' 23 years ago, while now, most solutions have security built into them, she added. Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
18-06-2025
- Business
- Time of India
India leads many nations in tackling cyber threats, says top Google executive
Google Security's Heather Adkins highlights India's proactive approach to cybersecurity, surpassing many nations in building cyber resilience through government partnership and a skilled workforce. Google Security is establishing an engineering center in India to leverage local talent and enhance cyber safety measures. Tired of too many ads? Remove Ads Tired of too many ads? Remove Ads India is emerging as a global front-runner in cybersecurity, outpacing many countries in its proactive efforts to address digital threats, according to Heather Adkins, global VP of engineering for Google on the sidelines of the Safer with Google India Summit, Adkins stressed that India's government has taken a lead in building cyber resilience . 'They've done a very good job in getting involved quickly and partnering with companies. The workforce here and education levels in India are pretty high. There are parts of the world I go where they're just now starting to think about cyber security and they're much further behind India,' she who has spent over 20 years at Google, pointed to India's readiness to tackle evolving cyber threats even as geopolitical tensions risk escalating state-sponsored attacks globally. 'It's a hot topic,' she said, referring to the Indian government's engagement on cyber safety To strengthen its role in this ecosystem, Google Security is setting up an engineering centre in India, leveraging the country's skilled talent pool to enhance cyber safety underlined the dual nature of generative AI (Gen AI) in cybersecurity. While it enables cybercriminals to increase the speed and complexity of attacks, it also arms defenders with tools to outpace adversaries.'There's no doubt that we're seeing an increase in tempo and sophistication of attacks... But I also feel that today, more than ever before, enterprises have better tools,' she said. 'If I think about starting a company 23 years ago, cybersecurity looked primitive then. Today, most of the solutions you're going to buy have security built into them. So, you're in a much better place than you were, say, 20–30 years ago.'She added that Gen AI will give cybersecurity teams an edge. 'We will be able to leverage Gen AI to protect infrastructure in new ways that we've never thought of before and also at a speed that we've never been able to achieve before.'Adkins also flagged the growing threat of state-backed cyber operations. 'It's a question of who has more time. And, if you think about a well-funded nation state, maybe they'll create a project, put 100 people on it, and they just work on that project throughout the day… So, they often know more because they have more time, not because they're smarter. I would say they're more likely to be successful.'While tech companies are developing robust defences, Adkins said user awareness remains equally critical. 'Unlike the physical world where you have instincts and senses to identify something dangerous, the online world does not have a parallel. We have to build that,' she said, emphasising the need to educate users in identifying malicious and fraudulent content.
Time of India
18-06-2025
- Business
- Time of India
'India ahead of many in countering cyber threats'
Google Security's Heather Adkins highlights the dual role of generative AI in cybersecurity NEW DELHI: Generative AI, while being used by cyber criminals to further their activities, will also help create stronger and swifter counter-measures, making the internet safer to use, according to Heather Adkins, global VP of engineering for Google Security. Adkins, who spent over two decades at Google, also believes that rise in geopolitical tensions may fuel state-backed cyberattacks, making the world more vulnerable. However, she added that Indian govt has been at forefront of taking measures to counter cyber threats effectively, ahead of many other countries. This will also see Google Security set up an engineering centre in India. Talking to TOI on the sidelines of the 'Safer with Google India Summit', Adkins said while companies create tools to tackle cyber threats, it is equally important to sensitise users about measures to identify malicious and fraudulent content. "Unlike the physical world where you have instincts and senses to identify something dangerous, the online world does not have a parallel. We have to build that." Speaking about state-sponsored cyber threats, she said they can sometimes be more focused and successful with capabilities to deploy large teams towards such activities. "It's a question of who has more time. And, if you think about a well-funded nation state, may be they'll create a project, put 100 people on it, and they just work on that project throughout the day... by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Memperdagangkan CFD Emas dengan salah satu spread terendah? IC Markets Mendaftar Undo So, they often know more because they have more time, not because they're smarter. I would say they're more likely to be successful." On Gen AI and whether it aids cyber criminals too, Adkins said, "There's no doubt that we're seeing an increase in tempo and sophistication of attacks... But I also feel that today, more than ever before, enterprises have better tools. If I think about starting a company 23 years ago, cybersecurity looked primitive then. Today, most of the solutions you're going to buy have security built into them. So, you're in a much better place than you were, say, 20-30 years ago. " She said that Gen AI will give "defenders" a "leg up" over the threat actors. "We will be able to leverage Gen AI to protect infrastructure in new ways that we've never thought of before and also at a speed that we've never been able to achieve before." On India, she said govt here is "very engaged" on cyber safety. "... it's a hot topic. They've done a very good job in getting involved quickly and partnering with companies. The workforce here and education levels in India are pretty high. There are parts of the world I go where they're just now starting to think about cyber security and they're much further behind India." Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now
