Archive for Google

« Older Entries

Google Warns Q-Day Now Coming in 2029

Posted in Commentary with tags on March 27, 2026 by itnerd

Google has issued a new warning urging companies that they should now prepare for Q-Day in 2029:

As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline. By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.

Quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures. The threat to encryption is relevant today with store-now-decrypt-later attacks, while digital signatures are a future threat that require the transition to PQC prior to a Cryptographically Relevant Quantum Computer (CRQC). That’s why we’ve adjusted our threat model to prioritize PQC migration for authentication services — an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit.

The full statement can be found here: https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/

Lieutenant General Ross Coffman (U.S. Army, Ret.) who currently serves as President of Forward Edge-AI, provided the following comment:

“I am elated by Google’s announcement. We’ve been saying it for two years. The shot clock has started. We don’t know when, but we know Q-Day is coming. It’s time to get ready.” 

This is a real threat that organizations need to prepare for. And preparations need to begin today because 2029 seems like a long time. But it isn’t/

Leave a comment »

Why Aren’t Apple And Google Acting To Remove Grok And X From Their App Stores?

Posted in Commentary with tags , , , on January 28, 2026 by itnerd

I have to wonder where are the backbones of Tim Cook and Sundar Pichai are. I say that because it has been weeks since the whole Grok allowing users to create objectionable content thing blew up. To recap:

To the last point, the EU is one of a number of governments who are up in arms about this. And rightfully so. Elon Musk has simply gone too far and he needs to be punished for his actions. And the best way to punish him is to pull his apps from the Apple App Store and from the Google Play Store. But that hasn’t happened and you have to wonder why. Is it because Apple and Google don’t want to pick a fight with Elon? Is it because Tim Cook and Sundar Pichai are cowards? Is it about the money that these companies make from their cut of the subscriptions to Grok and X? Who knows?

But I do know this. Section 1.1.4 of Apple’s review rules prohibit the sort of thing that Grok and X are doing at the moment. Ditto for Google Play. Given that, why aren’t these companies enforcing their own rules?

The fact is it’s beyond time for Apple and Google to stand up, grow a pair, and throw Elon’s apps off their respective app stores. Along with any other app that does this sort of thing. Because by not doing so, they are burning the trust that they have with consumers that their apps stores are safe places to get apps from down to the ground. Along with that, it also sends the message that rules are rules, except when they are not.

Apple and Google, you both need to do better. Now.

Leave a comment »

Reminder: Google shutting down the Dark Web Monitoring Tool this week

Posted in Commentary with tags on January 12, 2026 by itnerd

This week, Google will start shutting down its dark web monitoring tool — the Dark Web Report — which was designed to scan the dark web for users’ exposed personal information. Users who want to stay “in the loop” should seek other tools.

Shutdown timeline

  • January 15, 2026: The scans for new dark web breaches stop.
  • February 16, 2026: The dark web report is no longer available, all data related to the report will be deleted.

Google previously stated its intention to focus on tools that provide customers with clearer, more actionable steps to protect their online information. However, no concrete announcements regarding new cybersecurity tools have been made by the company to date.

Karolis Arbaciauskas, head of product at the cybersecurity company NordPass, comments:

“It’s a useful tool. But I guess it’s time for something new, especially since other similar tools already offer prescriptive advice and practical recommendations for users whose data is found on the dark web. Google often replaces its products and features with new ones instead of updating them. Users should look for reliable tools that are dedicated to this task and are constantly supported and updated.

“Proactively monitoring the dark web for your credentials is a critical security habit. Fortunately, Google’s tool was never the only option. Security-conscious users who wish to continue scanning the dark web can utilize the tools offered by modern password managers.

“These integrated tools have evolved significantly in recent years. Advanced password managers now feature built-in scanners that operate 24/7, continuously monitoring the dark web and instantly alerting users if credentials or credit card data are detected. This enables individuals to take swift action before threats escalate.

“In case of a breach, the key is to act quickly. If you get an alert about your data being exposed, take immediate steps: change all affected passwords, cancel compromised credit cards, and review your account activity for anything suspicious.”

I’m currently looking around for a tool or tools to replace this. If I come across any, I will let you know. But if you have any suggestions, please leave a comment and let us all know.

Leave a comment »

 Google is shutting down its Dark Web Monitoring tool in February 2026

Posted in Commentary with tags on December 18, 2025 by itnerd

 Google is shutting down its Dark Web Monitoring tool in February 2026 (less than 2 years after its launch). Google is sending out emails to anyone who signed up for a dark web monitoring profile, explaining that the service is shutting down. The company will stop monitoring for new results on January 15, 2026, and data will no longer be available from February 16, 2026.

Marcelo Casto Escalada, Senior Product Manager at Outpost24, has weighed in with this commentary: 

“Google’s decision to sunset its Dark Web Monitoring tool isn’t surprising. It reinforces a long-standing reality in threat intelligence: dark web monitoring is a specialized discipline, not a feature you can simply bolt onto an account management platform. Alerting users that their email may appear in illicit forums is very different from delivering actionable intelligence with context, prioritization, and clear remediation. Real threat intelligence is built on deep collection, expert analysis, and operational relevance — capabilities that mature providers have developed over many years. Organizations looking to genuinely reduce risk need proven expertise, not lightweight add-ons.”

While all of that is accurate, at least what Google was doing was something that you could use along with other tools. Now there’s one less tool in the toolkit that defenders can rely on. That’s a shame.

1 Comment »

So About Android Phones Getting AirDrop…. Apple May Not Have Signed Off On This

Posted in Commentary with tags , on November 22, 2025 by itnerd

A couple of days ago I posted a story about Pixel 10’s and ultimately all Android phones getting the ability to support Apple’s AirDrop functionality. One thing that sort of popped into my head at the time was the thought that Apple as a company was not mentioned in terms of signing off on this. As a result, I did some looking around and found my answer via  a statement that Google provided to Android Authority:

We accomplished this through our own implementation. Our implementation was thoroughly vetted by our own privacy and security teams, and we also engaged a third party security firm to pentest the solution.

So Apple was not involved. That really sounds like the whole Beeper situation where Beeper reverse engineered iMessage to give Android users the ability to send and receive iMessages in a very sketchy way. As a result Apple went scorched Earth on Beeper to stop that from working. Now Bepper was a very tiny company which truly had zero chance against Apple. Google is a much bigger company that will stand up to Apple if the latter tries to break this functionality. It should also be noted that Apple gets billions of dollars from Google via an agreement to have Google’s search engine as the default search engine on iDevices. Thus Apple may have a financial incentive not to do anything. Thus the fact that Apple didn’t sign off on this as far as I can tell may be a non factor. But we’ll find out soon enough.

Leave a comment »

Stealthy BRICKSTORM Backdoor Enables Espionage into Tech and Legal Sector

Posted in Commentary with tags on September 25, 2025 by itnerd

Researchers have tracked a stealthy “next-level” Chinese hacking campaign dubbed “BRICKSTONE” that targets and maintains persistent access to legal services and technology companies by stealing intellectual property, mining intelligence on national security and trade while developing other cyberattacks for the future.

More details are available here: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign

Ensar Seker, CISO at SOCRadar, commented:

“This Brickstorm campaign marks a striking evolution in adversary tradecraft. What makes it “next level” is not simply the long dwell times or precision targeting, though both are alarming, but rather the strategic layering of access, reconnaissance, and supply-chain influence. By infiltrating tech security and legal services firms, the attackers don’t just get to access those environments, they gain pathways into their clients and partners, giving them a multiplier effect on reach. Some of those downstream systems may not even realize they’ve been compromised yet.

“The motivation here is long-term, not opportunistic. Brickstorm’s operators are methodically exfiltrating intellectual property and internal designs, which gives them a unique insight into how to bypass defenses and identify zero-day opportunities. In effect, they’re embedding themselves into the ecosystem, harvesting the same tools and knowledge base they hope to exploit later. That kind of foresight suggests a campaign designed not just for espionage, but for building capabilities that can support multiple future attacks.

“From a defensive posture, this raises the bar. Security firms, the very guardians of trust, must now treat themselves as high-priority targets in their own right. That means rethinking how we design isolation, telemetry, and insider-monitoring within security operations. It means segmenting access zones not just for customers, but even among internal service components. It demands relentless threat hunting, especially in trust relationships and client integrations. In practical terms, organizations should assume that any vendor they trust may be compromised, not eventually, but right now. That means requiring stricter attestation, enforcing zero-trust architectures around vendor connections, validating every cross-tenant data flow, and adopting reciprocal visibility with those vendors. The fact that Brickstorm is already leveraging downstream infiltration highlights just how fragile the boundary between ‘client’ and ‘supplier’ has become.

“In a nutshell, Brickstorm is a wake-up call: adversaries are no longer treating high-value firms as endpoints to exploit, but as nodes in a broader intelligence and access network. Defending against that requires that we think in ecosystems and assume compromise, not just for ourselves, but for every connected party.”

I am actually quite disturbed by this as this sounds like the cold war all over again. This highlights the fact that the bad guys come in all shapes and sizes as well as agendas.

UPDATE: Cybercrime expert and VP of Cyber Risk for HITRUST, Tom Kellermann had this to say

“Since the Titan Rain campaign, China has pursued an insurgency strategy in American cyberspace, maintaining persistent access through sophisticated backdoors, like BRICKSTORM that serve as the cornerstone of their economic espionage operations. These initial compromises enable secondary infections and lateral movement across networks, creating a cascading security threat that must be systematically eradicated to protect both national and economic security.”

Leave a comment »

Google’s New DMARC Report: What It Means for Email Security

Posted in Commentary with tags , on August 14, 2025 by itnerd

Google recently rolled out an update to its DMARC reporting that provides unprecedented visibility into why emails might be getting throttled or blocked. This is a huge step forward for senders, who previously had to rely on guesswork to troubleshoot deliverability issues. Now, they have an early warning system that provides specific error codes, allowing them to fix problems before their emails are blocked.

This game-changing update was inspired by a conversation between Google and Valimail. Valimail believes it’s a critical new topic for anyone focused on email security (and has integrated this new data into Valimail Monitor.)


Scott Ziegler, Valimail’s Head of Product, shared thoughts about it here. It’s totally worth your time to read.

Leave a comment »

Google Issues A Warning About A Threat Actor Going After Salesforce Data

Posted in Commentary with tags , on June 4, 2025 by itnerd

Threat actor “UNC6040” is impersonating IT support personnel at organizations via vishing (voice phishing) attacks to trick employees into granting them access to sensitive credentials, ultimately facilitating the theft of an organization’s Salesforce data.

Google has put out a warning about this which you can read here: https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion

James McQuiggan, security awareness advocate at KnowBe4, commented:

“You wouldn’t blindly open your front door to a stranger, so we must consider whether you should pick up the phone and trust the voice on the other end.
Ask yourself: Were you expecting this call?

“Think about it. If someone knocked at your door and you weren’t expecting anyone, would you swing it open? Probably not. Most of us would peek through the window, check the camera, or at least ask, “Who is it?” The phone shouldn’t be any different. If you weren’t expecting a call from your IT support team, cloud service provider, or a software vendor, don’t assume the call is real. Cybercriminals are banking on that assumption. They’re hoping you’ll pick up the phone and follow instructions without pausing to think. If you do pick up, always verify. Sometimes, we do answer the door. The same goes for the phone. But once the conversation starts, stay skeptical. If the caller says they’re from a tech company and need access to your system, pause. Ask for their name, case number, and callback number. Then, hang up. Go to the company’s official support page or contact your tech team using another communication method. Contact them directly. See if there’s a case with your name on it. Assuredly, there isn’t.

Remember: legitimate tech companies don’t call you to fix an issue with your computer or application. That’s not how it works.

“There’s often a moment of hesitation. You don’t want to seem rude. You think, “What if this is real?” But being polite shouldn’t cost you your security when it comes to your data and username or password. Hanging up isn’t rude. It’s responsible.

Treat unexpected phone calls like you treat an unexpected knock at your door. Stop. Look. Verify. And if something feels off, it probably is. Stay cautious. Stay curious. And remember, security starts with a simple question: “Do I know who’s calling?”

Any organization that uses Salesforce should heed Google’s warnings and take action to educate their users so that they are not victims of this campaign. And I think it’s safe to say that we’ll be seeing more of this type of campaign going forward as threat actors wouldn’t do this if it were not effective.

Leave a comment »

Google Uncovers New LOSTKEYS Malware Linked to Russia-Based Hacker

Posted in Commentary with tags on May 7, 2025 by itnerd

Google has uncovered a new piece of malware called LOSTKEYS, attributed to the Russian government-backed threat group Cold River (also known as UNC4057, Star Blizzard, and Callisto). The group is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker. LOSTKEYS marks a new development in the toolset of Cold River, a group primarily known for credential phishing against high-profile targets like NATO governments, non-governmental organizations (NGOs), and former intelligence and diplomatic officers.

More info can be found here. https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos 

Erich Kron, security awareness advocate at cybersecurity firm KnowBe4, commented:

“There can be no doubt that intelligence gathering and cyber warfare is taking place at the nation-state level and will probably do so for the foreseeable future. This is simply the digital version of a spy sneaking in a micro camera and taking pictures of sensitive information and then providing it to whomever they work for. While these attacks are targeting mostly non-governmental organizations (NGOs), many of them do have ties to government agencies and could have information useful to that government’s adversaries.

“Because it seems they prefer tactics such as social engineering through email phishing, organizations should ensure that they have a well implemented human risk management (HRM) program in place that includes training and education to help employees fend off social engineering attacks.”

The human element is always the weakest point. Thus improving that would go a long way in terms of heading off attacks.

UPDATE: Another comment has come in from Darren Siegel, Lead Sales Engineer at Outpost24:

“This is yet another example showing that credential theft is an ongoing area of risk, as even the strongest passwords can be captured by this kind of malware attack.  While obviously the ideal outcome here would be to prevent such attacks from occurring in the first place, it underscores the need for organizations to implement continuous monitoring for compromised credentials, ideally using tools that are informed by threat intelligence that can quickly identify and respond to new breaches.” 

Leave a comment »

Fraudsters Abuse Google Forms via Phishing to Steal Logins

Posted in Commentary with tags , , on April 23, 2025 by itnerd

According to researchers, fraudsters are abusing Google Forms via phishing campaigns that steal email logins. You can read more here: https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/

Here’s the TL:DR:

Malicious actors are always looking for ways to add legitimacy to scams and evade email security filters. Google Forms offers a great opportunity to do both. It is favored by cybercriminals because it is:

  • Free, meaning threat actors can launch campaigns at scale with a potentially lucrative return on their investment
  • Trusted by users, which increases the chances of victims believing that the Google Form they’re being sent or redirected to is legitimate
  • A legitimate service, meaning that malicious Google Forms and links to malicious forms are often waved through by traditional email security tools
  • Easy to use, which is good for users but also handy for cybercriminals – meaning they can launch convincing phishing campaigns with very little effort or prior knowledge of the tool
  • Cybercriminals also take advantage of the fact that Google Forms communications are encrypted with TLS, which may make it harder for security tools to peer in and check for any malicious activity. Similarly, the solution often uses dynamic URLs, which may make it challenging for some email security filters to spot malicious forms.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“All public services like Google Forms, need to be better at defeating phishing attempts that use their product. I think most people can easily come up with a dozen signs that they can easily see in a message that indicates a scam. These services need to be doing more to fight cybercriminals using their products to conduct scams. Because they don’t, it causes trust issues and lessens the value of those products. Each of these services will tell you that they are already spending a bazillion dollars and lots of resources to fight scammers, but they simply aren’t doing enough. They are letting the revenue they are making by being bad at spotting cybercriminals get in the way of them better detecting and spotting scammers. It’s a business decision. One that isn’t being made correctly by many service providers and it’s unfortunate.”

This isn’t the first time that I’ve seen Google Forms used for nefarious purposes. And to Google’s credit, when I’ve reported a dodgy form, they’ve been quick to take it down. But it often pops up again in hours or days. I am not sure how Google addresses this, but they do need to address it.

Leave a comment »

« Older Entries