Saturday, November 17, 2018
Google

Combating Potentially Harmful Applications with Machine Learning at Google: Datasets and Models

Posted by Mo Yu, Android Security & Privacy TeamIn a previous blog post, we talked about using machine learning to combat Potentially Harmful Applications (PHAs). This blog post covers how Google uses machine learning techniques to detect and classify...
Google

Introducing the Android Ecosystem Security Transparency Report

Posted by Jason Woloz and Eugene Liderman, Android Security & Privacy TeamAs shared during the What's new in Android security session at Google I/O 2018, transparency and openness are important parts of Android's ethos. We regularly blog about new...
Google

A New Chapter for OSS-Fuzz

Posted by Matt Ruhstaller, TPM and Oliver Chang, Software Engineer, Google Security TeamOpen Source Software (OSS) is extremely important to Google, and we rely on OSS in a variety of customer-facing and internal projects. We also understand the difficulty...
Google

Announcing some security treats to protect you from attackers’ tricks

Posted by Jonathan Skelker, Product ManagerIt’s Halloween 🎃 and the last day of Cybersecurity Awareness Month 🔐, so we’re celebrating these occasions with security improvements across your account journey: before you sign in, as soon as you’ve entered your...
Google

Introducing reCAPTCHA v3: the new way to stop bots

Posted by Wei Liu, Google Product ManagerToday, we’re excited to introduce reCAPTCHA v3, our newest API that helps you detect abusive traffic on your website without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score...
Google

Google tackles new ad fraud scheme

Posted by Per Bjorke, Product Manager, Ad Traffic QualityFighting invalid traffic is essential for the long-term sustainability of the digital advertising ecosystem. We have an extensive internal system to filter out invalid traffic – from simple filters to large-scale...
Google

Android Protected Confirmation: Taking transaction security to the next level

Posted by Janis Danisevskis, Information Security Engineer, Android SecurityIn Android Pie, we introduced Android Protected Confirmation, the first major mobile OS API that leverages a hardware protected user interface (Trusted UI) to perform critical transactions completely outside the main...
Google

Building a Titan: Better security through a tiny chip

Posted by Nagendra Modadugu and Bill Richardson, Google Device Security GroupAt the Made by Google event last week, we talked about the combination of AI + Software + Hardware to help organize your information. To better protect that information...
Google

Modernizing Transport Security

Posted by David Benjamin, Chrome networkingTLS (Transport Layer Security) is the protocol which secures HTTPS. It has a long history stretching back to the nearly twenty-year-old TLS 1.0 and its even older predecessor, SSL. Over that time, we have...
Google

Google and Android have your back by protecting your backups

Posted by Troy Kensinger, Technical Program Manager, Android Security and PrivacyAndroid is all about choice. As such, Android strives to provide users many options to protect their data. By combining Android’s Backup Service and Google Cloud’s Titan Technology, Android...
Google

Control Flow Integrity in the Android kernel

Posted by Sami Tolvanen, Staff Software Engineer, Android SecurityAndroid's security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android...
Google

Trustworthy Chrome Extensions, by Default

Posted by James Wagner, Chrome Extensions Product Manager Incredibly, it’s been nearly a decade since we launched the Chrome extensions system. Thanks to the hard work and innovation of our developer community, there are now more than 180,000...
Google

Android and Google Play Security Rewards Programs surpass $3M in payouts

Posted by Jason Woloz and Mayank Jain, Android Security & Privacy TeamOur Android and Play security reward programs help us work with top researchers from around the world to improve Android ecosystem security every day. Thank you to...
Google

Introducing the Tink cryptographic software library

Posted by Thai Duong, Information Security Engineer, on behalf of Tink teamAt Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires...
Google

Evolution of Android Security Updates

Posted by Dave Kleidermacher, VP, Head of Security - Android, Chrome OS, PlayAt Google I/O 2018, in our What's New in Android Security session, we shared a brief update on the Android security updates program. With the official release...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.