Real-Time Risk Mitigation in Google Cloud Platform
With Google Cloud Next happening this week, there’s been some recent water cooler talk where discussions about what makes Google Cloud Platform unique when it comes to security.
State-Sponsored Threat Actors Target Security Researchers
On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.
How to Set Up InsightVM in Your Google Cloud Environment
In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.
Metasploit, Google Summer of Code, and You!
Spend the summer with Metasploit
I'm proud to announce that the Metasploit Project has been accepted as a mentor
organization in the Google Summer of Code! For those unfamiliar with the
program, their about page [https://summerofcode.withgoogle.com/about/] sums it
> Google Summer of Code is a global program focused on introducing students to
open source software development. Students work on a 3 month programming project
with an open source organization during their break from univer
Disclosure: Android Chrome Address Bar Spoofing (R7-2015-07)
Android Chrome Address Bar Spoofing (R7-2015-07)
Due to a problem in handling 204 "No Content" responses combined with a
window.open event, an attacker can cause the stock Chrome browser on Android to
render HTML pages in a misleading context. This effect was confirmed on an
Android device running Lollipop (5.0). An attacker could use this vulnerability
to convince a victim of a phishing e-mail, text, or link to enter private
credentials to an untrusted page controlled by the attacker.
R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)
Due to a lack of complete coverage for X-Frame-Options
support on Google's Play Store [https://play.google.com/] web application
domain, a malicious user can leverage either a Cross-Site Scripting (XSS)
vulnerability in a particular area of the Google Play Store web application, or
a Universal XSS (UXSS) targeting affected browsers, to remotely install and
launch the main intent of an arbitrary Play S
Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business
You may fear that cloud services jeopardize your organization's security. Yet,
your business relies on cloud services to increase its productivity. Introducing
a policy to forbid these cloud services may not be a viable option. The better
option is to get visibility into your shadow IT and to enable your business to
use it securely to increase productivity and keep up with the market.
Step one: Find out which cloud services your organization is using
First, you'll want to figure out what is act