Scaling Rust Adoption Through Training
Posted by Martin Geisler, Android team
Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits:
Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such as...
Capslock: What is your code really capable of?
Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection TeamWhen you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that...
Android Goes All-in on Fuzzing
Posted by Jon Bottarini and Hamzeh Zawawy, Android Security
Fuzzing is an effective technique for finding software vulnerabilities. Over the past few years Android has been focused on improving the effectiveness, scope, and convenience of fuzzing across the organization. This...
AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team Since 2016, OSS-Fuzz has been at the forefront of automated vulnerability discovery for open source projects. Vulnerability discovery is an important part of keeping software supply chains secure, so...
Toward Quantum Resilient Security Keys
Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineerAs part of our effort to deploy quantum resistant cryptography, we are happy to announce the release of the first quantum resilient FIDO2 security key implementation as part of...
Making Chrome more secure by bringing Key Pinning to Android
Posted by David Adrian, Joe DeBlasio and Carlos Joan Rafael Ibarra Lopez, Chrome Security
Chrome 106 added support for enforcing key pins on Android by default, bringing Android to parity with Chrome on desktop platforms. But what is key pinning...
Downfall and Zenbleed: Googlers helping secure the ecosystem
Tavis Ormandy, Software Engineer and Daniel Moghimi, Senior Research ScientistFinding and mitigating security vulnerabilities is critical to keeping Internet users safe. However, the more complex a system becomes, the harder it is to secure—and that is also the case...
An update on Chrome Security updates – shipping security fixes to you faster
Posted by Amy Ressler, Chrome Security Team
To get security fixes to you faster, starting now in Chrome 116, Chrome is shipping weekly Stable channel updates.
Chrome ships a new milestone release every four weeks. In between those major releases, we...
Android 14 introduces first-of-its-kind cellular connectivity security features
Posted by Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle
Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises. Android 14 introduces support for IT administrators to disable 2G support in...
Pixel Binary Transparency: verifiable security for Pixel devices
Jay Hou, Software Engineer, TrustFabric (transparency.dev) Pixel Binary TransparencyWith Android powering billions of devices, we’ve long put security first. There’s the more visible security features you might interact with regularly, like spam and phishing protection, as well as less obvious...
The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022
Maddie Stone, Security Researcher, Threat Analysis Group (TAG)This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit, but...
Supply chain security for Go, Part 3: Shifting left
Julie Qiu, Go Security & Reliability and Jonathan Metzman, Google Open Source Security TeamPreviously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part...
A look at Chrome’s security review culture
Posted by Alex Gough, Chrome Security Team
Security reviewers must develop the confidence and skills to make fast, difficult decisions. A simplistic piece of advice to reviewers is “just be confident” but in reality that takes practice and experience. Confidence...
An important step towards secure and interoperable messaging
Posted by Giles Hogben, Privacy Engineering Director
Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform. This is why Google is strongly supportive of...
Gmail client-side encryption: A deep dive
Nicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google WorkspaceIn February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets, and Meet.CSE in Gmail was...
In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers.
The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.
The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
BEC Scammer Pleads Guilty to Part in $6m Scheme
Nigerian was extradited to the US from Canada
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
