The Risks of Google Authenticator's Account Syncing
Google's updated Authenticator app adds Google account synchronization, but the sync process isn't end-to-end encrypted, potentially leaving the seed used to generate 2FA codes visible to Google when stored on its servers. Salesforce Community users are leaking private data due to misconfigured user permissions. A new Meltdown side-channel attack has been discovered that affects multiple generations of Intel CPUs and targets the EFLAGS register using a transient execution flaw to change context execution time.