Latest news with #ZakDoffman
Forbes
08-05-2025
- Forbes
Google's Gmail Warning—If You See This Message It's An Attack
You have been warned — this is the danger sign. dpa/picture alliance via Getty Images Google has confirmed the latest attack on Gmail users, another case of devious social engineering exploiting platform vulnerabilities. Again, the objective of the attack was to take-over the victim's email account, again it seemed to come from Google itself, again it has kept the headlines coming given Gmail's scale and global reach. Google's advice is clear, make sure you watch for the telltale message that's a clear sign of an attack. You're likely familiar with the details of the latest attack by now, with 'emails [that] appear to come from a legitimate Google account service, asking users to follow a link to take action. However, clicking on the link could lock you out of your account.' Those are the details you can ignore. The ways in which attackers can fake Google emails, the ways in which phishing sites can be hosted on legitimate Google domains. Forbes Microsoft's Free Windows Upgrade—Stop 60% Of Attacks On Your PC By Zak Doffman Google has patched these latest security holes, just as it patched security holes in February when a similar attack made headlines. This is a game if cat and mouse. As soon as Google takes action, hackers look for another way through. And they inevitably succeed. Watching a rearview mirror to guard against a repeat attack is pointless. This is about prevention, and fortunately one simple piece of advice foils all these attacks. For that reason Google is understandably frustrated. Gmail users are all now looking for specific emails from a specific Google address to keep safe. Don't. It's much more basic than that. As Google told me, 'please reiterate to your readers that Google will not contact you to reset your password or troubleshoot account issues.' It's really that simple. That's al you need to know. And the same applies to Microsoft and Apple and Meta and others. That could be a phone call or an email. It's the same. If you receive an unsolicited message of any kind from Google's technical support, it's an attack, a scam, a threat to your account, your finances, your data, your other platforms that rely on a Gmail address for a login or account recovery. Bad news all round. In the same way, the FBI's recent warning that scammers are impersonating its own staff to trick victims and the broader threat from law enforcement impersonation prompts the same warning — law enforcement will never reach out in this way. Forbes Google Starts Scanning All Your Emails After Gmail Upgrade By Zak Doffman And the raft of banking scams are also the same. Account holders contacted and told to move money to a safe account to protect it from a (made-up) attack. These so-called phantom hacker attacks have also solicited an FBI warning. That pattern, that a bank or agency or tech support desk reaches out is the telltale sign. You must never engage with those emails or calls. Reach out to the relevant organization through usual channels and check — it's almost 100% certain they'll advise it's a scam. That simple warning from Google, that it will never reach out to discuss an account issue or security risk, would have stopped these recent attacks at source. It's the single most critical piece of advice for Gmail's 2 billion users right now. And in addition, you should also set up passkeys on your account given all this furor, as that means even if you're tricked, your account should be protected from whatever comes next.
Forbes
07-05-2025
- Forbes
Samsung Galaxy Deadline—You Have 3 Weeks To Update Your Phone
Samsung's new update deadline confirmed. AFP via Getty Images Android is under attack — again. Google confirmed as much this week, before issuing an immediate update for its Pixel phones. Now Samsung has done the same, releasing details of its May security update with the fix included. There's a nasty twist with this one, though, with Samsung's phones particularly vulnerable to the attack. Meta was first to disclose CVE-2025-27363, detailing an arbitrary code execution vulnerability in FreeType font rendering software that 'may have been exploited in the wild.' Now Google says Android phones have been attacked. Forbes Samsung's Android Mistake—Do Not Leave Your Galaxy At Risk By Zak Doffman The twist is that Android's security bulletin says the fix only applies to Android 13 and 14, suggesting Android 15 has already been addressed. That means Samsungs are vulnerable where Pixels are not, given that the Galaxy-maker was late to the party with One UI 7's Android 15 rollout, and millions of phones have not yet been upgraded. Now America's cyber defense agency has issued an update warning for all affected devices, with a May 27 deadline to either update or stop using phones. The formal mandate applies just to U.S. federal employees, but CISA's remit is 'to help every organization better manage vulnerabilities and keep pace with threat activity.' The good news with this vulnerability and fix is that Samsung has been almost as fast as Google in confirming the fix. That's not always the case. We have seen multiple occasions where Samsungs have run a month behind Pixels with these updates, even with a CIAS mandate in place which Samsung devices have missed. Clearly, this only applies to those Galaxy phones yet to upgrade to Android 15, and that upgrade satisfies the update mandate per Android's security bulletin. If you're sticking with Android 14 for now — by choice or otherwise, then ensure you apply the update as soon as it's made available for your model, region and carrier. You should be able to meet the deadline, given it's late in the month. Forbes Google Starts Scanning All Your Emails After Gmail Upgrade By Zak Doffman CISA warns that 'FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.' Google explains this 'could lead to local code execution with no additional execution privileges needed,' and that 'user interaction is not needed for exploitation.' All of which means you need to take this seriously.
Forbes
07-05-2025
- Business
- Forbes
Google's Gmail Upgrade—You Must Decide If This Goes Too Far
Decision time for 2 billion users. NurPhoto via Getty Images Google is changing Gmail. Putting aside the procession of recent attacks, some of which seemed to come from Google itself, the biggest threat could come from within. This leaves 2 billion users of the world's most popular email platform with a decision to make — and that decision is getting more critical and more difficult. We're talking AI, and the accelerating updates to Gmail — and other platforms — as new AI features are added into the mix. We know that AI is driving a new tidal wave of threats from scams, malware and phishing attacks. But what we don't yet know is how safe and secure the exposure of personal data to corporate, cloud-based AI processing will turn out to be, once it has all bedded down and been exposed to leaks and attacks. Forbes Delete Any Texts On Your Phone That Include These Messages By Zak Doffman Google has confirmed its latest AI upgrade is now here. 'Responding to email is now faster and better with Contextual Smart Replies," the company says. These are 'powered by Gemini' and 'generate even more detailed and relevant replies, based on the context of the email thread, ensuring your reply is addressing the issues at hand.' Absent end-to-end encryption, which doesn't work outside walled garden platforms or enterprise systems, email is not an inherently private and secure medium. And so you should be wary of what you send. But even so, AI reviewing an entire email thread — potentially multiple threads — to formulate a smart reply takes us to a new level. Google explains that 'if you're short on time or need help finding the right words, Gemini can analyze the context of an email and offer more detailed responses to fully capture the intent of your message.' You will be given a choice of what to send, after Gemini has 'taken the full content of the email thread into consideration.' Contextual replies Google This is available for Workspace Business and Enterprise editions, and Google says that it can be enabled by Admins in Gemini feature settings and by end users enabling 'smart features and personalization." Google also cautions that 'Gemini feature suggestions don't represent Google's views, and should not be attributed to Google," that users should not rely on Gemini features as medical, legal, financial or other professional advice," and that 'Gemini features may suggest inaccurate or inappropriate information.' This is clearly clever and helpful, but it should prompt some thought as how far is too far. Google is a corporation, and the fear that its platforms — and others — will now use AI to scrutinize private, confidential, secure information warrants reflection. Forbes Has Your Phone Been Hacked—This New Update Lets You Know By Zak Doffman Google provides opt-outs and privacy guidance for all these features. It's down to you and the companies you work for to decide what happens next. As I've noted before, there's an interesting twist to this debate. Google's addition of quasi end-to-end encryption to Gmail stops AI working on those emails. This even includes its new AI driven relevancy search. That's because Google (rightly) can't see encrypted emails. That neatly frames the debate. Privacy or not — it's decision time.
Forbes
06-05-2025
- Forbes
Has Your Phone Been Attacked—This New Update Lets You Know
You need to check this. getty Timing is everything. And just as Google confirms the latest in a succession of Android attacks, here comes an update that could let you know if you're at risk. There's not much peace of mind for phone users these days, with malware and scam warnings coming almost daily. But Google is taking action — and that's to be welcomed. The Android-maker's most recent warning with its May security release relates to a memory vulnerability disclosed by Meta in March. It has been patched for Android 13 and 14, with those on the newer OS likely unaffected or protected. And it is especially painful for Samsung users, given the long delay in upgrading from Android 14. Forbes Google's Android Update—Bad News For Millions Of Samsung Owners By Zak Doffman There are several warning signs that your phone may have been attacked, and if you see any one of these you should immediately reboot; if that doesn't fix the problem and you're running the latest OS, you need to investigate. You can read about those warning signs here. But in short, look out for your phone running hot when not charging, your phone's battery draining unusually fast, or your phone seeming to be sluggish when carrying out everyday tasks, such as opening apps or typing. We already know Google is working on Advanced Protection Mode for Android, locking down high-risk functionality, including sideloading apps, insecure wireless connections and USB cable access, and risky web browsing. And now we know there may be more to come, with an update to let you know if you should worry your phone has been attacked. As spotted by Android Authority in its latest Play Services teardown, this Intrusion Detection system 'will collect a log of your device/network activities that can be accessed if you notice suspicious activity across your account or devices." And given the obvious sensitivities, "Google's code suggests this log is end-to-end encrypted and can only be accessed with your Google account password and device authentication.' The new teardown indicates 'activities collected as part of this log include USB events, app installs, Bluetooth connections, lock screen info, Wi-Fi, and browsing history.' While Advanced protection Mode has been billed as Android catching up with iPhone, this new Intrusion Detection system is something Apple would do well to copy. Forbes Microsoft's New Deadline—You Have 12 Weeks To Change Your Browser By Zak Doffman We have already seen third-party apps offer tests to see if fragments of spyware or other malware are present on phones, but a system-level feature that can offer a swift diagnosis or at least data that can be checked for anomalies is a major step forward. It's assumed this will come with Android 16 and it's not yet known if it will be wrapped into Advanced Protection Mode or will be offered separately. We will soon find out. Either way, it's needed.
