Saturday, July 11, 2020

System hardening in Android 11

Posted by Android Platform Hardening Team In Android 11 we continue to increase the security of the Android platform. We have moved to safer default settings, migrated to a hardened memory allocator, and expanded the use of...

11 Weeks of Android: Privacy and Security

Posted by Charmaine D'Silva, Product Lead, Android Privacy and Framework, Narayan Kamath, Engineering Lead, Android Privacy and Framework, Stephan Somogyi, Product Lead, Android Security and Sudhi Herle, Engineering Lead, Android Security This blog post is part of a...

Making the Advanced Protection Program and Titan Security Keys easier to use on Apple iOS devices

Posted by Christiaan Brand, Product Manager, Google Cloud Starting today, we’re rolling out a change that enables native support for the W3C WebAuthn implementation for Google Accounts on Apple devices running iOS 13.3 and above. This capability, available for both...

The Advanced Protection Program comes to Google Nest

Posted by Shuvo Chatterjee, Product Manager, Advanced Protection ProgramThe Advanced Protection Program is our strongest level of Google Account security for people at high risk of targeted online attacks, such as journalists, activists, business leaders, and people working on...

Expanding our work with the open source security community

Posted by Eduardo Vela, Vulnerability Collector, Google At Google, we’ve always believed in the benefits and importance of using open source technologies to innovate. We enjoy being a part of the community and we want to give back in new...

Enhanced Safe Browsing Protection now available in Chrome

Posted by Nathan Parker, Varun Khaneja, Eric Mill and Kiran C Nair - Chrome Safe Browsing team Over the past few years we’ve seen threats on the web becoming increasingly sophisticated. Phishing sites rotate domains very quickly to avoid...

Introducing portability of Google Authenticator 2SV codes across Android devices

Posted by Dongjing He, Software Engineer; Teddy Katz, Software Engineer; Christiaan Brand, Product ManagerToday is World Password Day, and we found it fitting to release an update that'll make it even easier for users to manage Google Authenticator 2-Step Verification (2SV) codes...

Research Grants to support Google VRP Bug Hunters during COVID-19

Posted by Anna Hupa, Senior Strategist, Trust & Safety at GoogleIn 2015, we launched our Vulnerability Research Grant program, which allows us to recognize the time and efforts of security researchers, including the situations where they don't find any...

Research Grants to support Google VRP Bug Hunters during COVID-19

Posted by Anna Hupa, Senior Strategist, Trust & Safety at Google

Introducing our new book “Building Secure and Reliable Systems”

Posted by Royal Hansen, VP of Security Engineering, GoogleFor years, I’ve wished that someone would write a book like this. Since their publication, I’ve often admired and recommended the Google Site Reliability Engineering (SRE) books—so I was thrilled to...

Announcing our first GCP VRP Prize winner and updates to 2020 program

Posted by Harshvardan Sharma, Information Security Engineer, GoogleLast year, we announced a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. Since then, we’ve received many interesting entries as part of this new initiative from...

How Google Play Protect kept users safe in 2019

Posted by Rahul Mishra, Program Manager, Android Security and Privacy TeamThrough 2019, Google Play Protect continued to improve the security for 2.5 billion Android devices. Built into Android, Play Protect scans over 100 billion apps every day for malware...

How Google does certificate lifecycle management

Posted by Siddharth Bhai and Ryan Hurst, Product Managers, Google Cloud Over the last few years, we’ve seen the use of Transport Layer Security (TLS) on the web increase to more than 96% of all traffic seen by a Chrome...

FuzzBench: Fuzzer Benchmarking as a Service

Posted by Jonathan Metzman, Abhishek Arya, Google OSS-Fuzz Team and László Szekeres‎, Google Software Analysis TeamWe are excited to launch FuzzBench, a fully automated, open source, free service for evaluating fuzzers. The goal of FuzzBench is to make it...

Helping Developers with Permission Requests

Posted by Sai Teja Peddinti, Nina Taft and Igor Bilogrevic from PDPO Applied Privacy Research, and Pauline Anthonysamy from Android Security and Privacy. User trust is critical to the success of developers of every size. On the Google Play...

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.