Last Week: Google, Gooligan, and Amazon Glue

Google Security 

It has been revealed that over one million Google accounts have been hacked by an attack campaign called “Gooligan” – breaching 13,000 new devices every day. The malware attack was uncovered by a security group who immediately contacted the Google Security team and continue to work closely with Google to combat the malware.

Gooligan could potentially affect any devices running on Android 4 or 5 (that’s Jelly Bean, KitKat, or Lollipop), which accounts for over 74% of in-market devices.

Google’s director of Android security, Adrian Ludwig, released a statement on Thursday, thanking the group for their research and reassuring customers that they are working to fix the problem:

As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall…”

The malware itself exploited known weaknesses in older versions of the Android OS, it used this weakness to take control of devices and install apps and software without permission – using innocuous and harmless sounding names such as StopWatch or Wi-Fi Enhancer. There have also been cases of hackers using the victim’s username and password to post false reviews of the apps. The Malware can access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more – in a similar fashion to the Android malware campaign found by researchers in the SnapPea app last year.

Google have removed associated apps from Google Play, disrupted the servers used by the attackers, and taken steps to secure Google accounts that may have been compromised by the malware.

Amazon Glue

On Thursday at Re:Invent, AWS’s Las Vegas Conference, Amazon announced Amazon Glue, a fully managed ETL (Extract, Transform, Load) service that eases the process of moving data between your data stores. The program is designed to help you through the process of compiling and preparing your data for analytics, and loading it from source to destination with the utmost ease. CTO, Werner Vogels, said during the announcement that they want to turn the accepted notion, that it takes 80% of your time preparing data and only 20% analyzing it, on its head.

AWS wrote in their blog post announcement that:

AWS Glue simplifies and automates the difficult and time consuming data discovery, conversion, mapping, and job scheduling tasks,”

AWS Glue is integrated with Amazon S3, Amazon RDS, and Amazon Redshift, and can be connected to any data store that is JDBC (Java Database Connectivity)-compliant. AWS Glue will trawl through your data sources, identify data formats, and then offer suggested schemas and transformations, to save you the time spent hand-coding data flows. These transformations can be edited using tools like Python, Spark and Git, and shared with other AWS Glue users.

Google App Builder

On Thursday Google released their brand new App Maker, their new, super-fast way for businesses to build apps- to “go from idea to app in days, not months”. App Maker features built-in templates, a drag-and-drop UI editor, point-and-click data modelling, support for open standards (HTML, CSS, Javascript etc), and built in integration with G Suite and Google services like Maps, Contacts, and Groups. All of which work together to help developers move through the process as fast as possible.

Google have been using the buzzword “serverless” to promote the product, given the cloud-based infrastructure and drag-and-drop development. Despite the simplification of the developmental process, there is room for users who want to delve deeper into the coding thanks to the built-in script editor – one that purportedly function like a fully featured IDE (Integrated Development Environment). App Maker is available via Google’s Early Adopter Program for G Suite Business.

By Josh Hamilton

The Sticky Note.png
Disaster Plan.png
Byod.png
David Fletcher Blown Image
Gary Bernstein
Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...
Cloud Image Migration
Effective Cloud Migration Monitoring The global pandemic witnessed the digital transformation of businesses in the cloud.  Today, even as the world resumes to normal, the end-to-end innovation in business strategies has kept the momentum going ...
Suraj Kumar Singh
Make Smarter Business Decisions Updated: 08,18,2022 Launching a new start-up? You’ll need to invest in costly software packages, in-house servers, off-site back-ups and more. Right? Wrong. Thanks to the cloud, entrepreneurs are spoiled for choice ...
Gary Bernstein
WordPress Website Security You've spent time, effort, and money building your website, so don't let it become outdated and run-down by not taking proper care of it. Here are tips on WordPress Website security, speed, ...
Gilad David Maayan
Azure Storage Pricing Introduction to Azure Storage Services Azure Storage is a set of cloud storage services provided by Microsoft as part of the Azure public cloud. It offers highly scalable object storage, file systems ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.