Google Experiences International Outage

“Just Google it.”  You’ve probably heard that phrase a thousand times.  In fact, you may use it yourself on a regular basis.

Unfortunately, Googling it wasn’t possible recently.  The iconic search giant went dark across broad swaths of the world and simply could not be accessed at all for thirty 34 very long minutes.

It was a very strange experience, fumbling through the internet without Google to guide the way.  Strange and frustrating.

At the root of the outage was a botched software update that rendered both Google Search and Google Maps inoperable for a time, and #Googledown became a trending hashtag on Twitter.  Google Workspace users faced similar difficulties, as they rely on portions of the Google Search technology to function correctly.

Thankfully, Google’s engineers were quick to respond, and they corrected the issue with admirable speed.  Nonetheless, for many ‘netizines’, it was the first time in living memory that Google didn’t dominate the virtual landscape.

Of course, there are plenty of other search engines out there. During that time, many of them including Bing and DuckDuckGo in particular, saw impressive surges in use that they’ll be talking about for months if not years to come.

And then Google came back to life and those surges in use stopped as quickly as they had started, like the tide going out.

In any case, if you were one of the hundreds of millions of people around the world who experienced a sense of frustration at not having access to what has become the dominant search engine on the web, that’s why.  A botched software update brought the biggest search engine on the planet to its knees for a little over half an hour.  Here’s hoping that doesn’t happen again any time soon!

Microsoft Office And Google Docs Sync For Offline Use

Recently, Google announced a small but significant change to Google Docs.  Now, if you have enabled offline access for files you have stored on your Google Drive, the system will auto-sync any Microsoft PowerPoint, Excel, or Word files if you have opened them with Google Slides, Sheets, or Docs.

This is a tremendously handy change.

It allows you to switch freely between Google Docs and Microsoft Word, for example, giving you the best of both worlds and a fantastic amount of added convenience.

Since the update, there are a few lingering misconceptions about the capabilities of the new feature.

Here’s the scoop:

  • It only works if you’re using Chrome or Microsoft Edge as your desktop browser
  • You can create, open, and edit Google Docs, Sheets, and Slides offline
  • You can edit Microsoft Word files (.docx), Excel files (.xlsx), and PowerPoint files (.pptx) directly within Google Docs, Sheets, and Slides respectively with no need to convert the files you’re working on

Naturally, you must be signed into your Google account to make any offline syncing possible. Note that your Google Workspace administrator may choose to implement a policy that prevents access to Workspace data offline as a security protocol.

It’s hard to understate just how handy this feature is if you’re in the habit of moving between document editing and creation ecosystems.  Once you give it a try though, you’re probably going to wonder how you ever got along without it.

Kudos to Google for working with their tech rival and going the extra mile to create an even better user experience.  Though it’s certainly true that the company has made its share of missteps, it is improvements like these that demonstrate why Google is among the best of the best.

Give the new feature a try.  We think you’ll love it.

Simple Tips For Securing Smart Device Data

Data security isn’t something that’s at the forefront of most people’s minds, but it probably should be.  These days, we use far more than just our trusty laptops and desktops to do real, meaningful work.  Most people have a plethora of devices they tap into on a regular basis and take with them wherever they go.

From smart phones to smart watches and more, the average person has no less than four different devices they can and often do use to get stuff done.

How safe are they?  Probably not as safe and secure as you’d like.

Here are some simple ways to fix that:

1 – Software Solutions

There are a number of these, but BitDefender is a solid choice.  The great thing about BitDefender is that you can hook up to fifteen different devices to it per household, and it comes with a suite of tools designed to help keep your smart devices safe.

2 – Develop Good Password Habits

Yes, it can be easy to use the same password across multiple devices and multiple web properties you use on a regular basis.

Resist the lure of easy.  Unfortunately, easy makes you a target.  Even though it’s more trouble, take the time to develop good and robust passwords. Use a different password on every device.

Here, password vaults can be your best friend because it helps automate the process and gives you less to remember.  It’s also worth employing two-factor authentication (2FA) everywhere it’s offered. Again, it adds an extra step to your logon process, but it’s time well spent for the added security it provides.

3 – Learn to Be a Savvy Email User

Don’t click on any links embedded in any email you receive, even if you think you know the sender.  The sender’s address could be spoofed.

Similarly, don’t open an email attachment unless you’ve verified that it’s legitimate and that someone you trust has sent it to you.  Phishing emails are among the most common way that hackers gain access to systems they target.  Don’t be their next victim!

These three things do take a bit of time to set up and get working but it’s time well spent, and it will make all the smart devices you rely on significantly more secure.  That’s a very good thing.

Some Carrier Embedded Android Apps May Have Security Vulnerabilities

Recently, Microsoft reported high severity security vulnerabilities in multiple apps offered by large international mobile service providers.  What makes this especially noteworthy is the fact that these vulnerabilities aren’t app specific, but framework specific.  Many carriers use the same basic framework to construct their apps and now all have been found to contain vulnerabilities.

The vulnerabilities discovered to this point are being tracked as CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, respectively.

The framework is owned by a company called mce Systems.  All vulnerabilities center around command injection and privilege escalation type attacks.  Carriers with apps that are impacted include AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile.

Members of the Microsoft 365 Defender team had this to say about the issue:

“The apps were embedded in the devices’ system image, suggesting that they were default applications installed by phone providers.

All of the apps are available on the Google Play Store where they go through Google Play Protect’s automatic safety checks, but these checks previously did not scan for these types of issues.

As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device.”

This is a problem with a truly vast scope.  Just counting the number of downloads from the Google Play Store, the number runs into the millions.  Add to that the number of installed instances that were pre-installed on phones sold by the vendors above, and the scope and scale is simply mindboggling.

If there’s a silver lining to be found, it lies in the fact that all the vendors who have had apps impacted by this issue have already issued updates to fix the problem.

If you have a phone sold to you by any of the providers above, check all your installed apps and make sure you’re running the latest versions.  Better safe than sorry.

This Android Malware Is Stealing Login Credentials

If you’re deeply involved in IT security, you may already be familiar with the ERMAC Android banking trojan.

If this is the first time you’re hearing of it, be aware that the hackers who authored the malicious code have recently released ERMAC 2.0, which represents a significant upgrade in capabilities from the previous iteration.

ERMAC’s main purpose is to steal and send login credentials to the person controlling the code.  That person then uses the stolen passwords to take control of a target’s bank accounts and/or cryptocurrency wallets and conduct fraud. Or in some cases, simple theft.

Access to ERMAC is subscription based on the Dark Web.  The 1.0 version of the malware could be yours for $3k USD per month.  This latest iteration is subscription priced at $5k USD per month.  Pricey, yes, but those who use it swear by it and are happy to pay.

ERMAC 2.0 was first spotted during a fake Bolt Food application that targeted the Polish market.  Bolt Food is a quite legitimate European food delivery service.  In this case, the hackers created a fake site that looked convincingly like the real thing and tricked users into downloading what they thought was a food delivery app.

Naturally, it was nothing of the sort, and instead of convenient food service, what the victims got was ERMAC 2.0 and a whole slew of headaches after that.

Although the Bolt Food app was the first, it is by no means the only app that the malicious code impersonates.  In fact, according to the latest research, ERMAC 2.0 is currently impersonating nearly five hundred popular Android apps.

In every case however, the campaigns that have been seen so far rely on a user agreeing to download an app from what they believe to be a legitimate third-party vendor site.  While it’s an undeniably dangerous strain of malware, it is easily avoided simply by sticking to apps on the Google Play Store.  Stay vigilant, it’s getting dangerous out there.