Saturday, July 20, 2019

Bigger Rewards for Security Bugs

Posted by Natasha Pabrai and Andrew Whalley, Chrome Security Team Chrome has always been built with security at its core, by a passionate worldwide community as part of the Chromium open source project. We're proud that community includes world...

How Google adopted BeyondCorp

Posted by Lior Tishbi, Program Manager and Puneet Goel, Product Manager It's been almost five years since we released the first of multiple BeyondCorp papers, describing the motivation and design principles that eliminated network-based trust from our internal networks....

Google Public DNS over HTTPS (DoH) supports RFC 8484 standard

Posted by Marshall Vale, Product Manager and Alexander Dupuy, Software EngineerEver since we launched Google Public DNS in 2009, our priority has been the security of DNS resolution. In 2016, we launched a unique and innovative experimental service --...

Helping organizations do more without collecting more data

Posted by Amanda Walker - Engineering Director, Sarvar Patel - Software Engineer, and Moti Yung - Research Scientist, Private ComputingWe continually invest in new research to advance innovations that preserve individual privacy while enabling valuable insights from data. Earlier...

New Chrome Protections from Deception

Posted by Emily Schechter, Chrome Product Manager Chrome was built with security in mind from the very beginning. Today we’re launching two new features to help protect users from deceptive websites. The Suspicious Site Reporter Extension will improve security...

Improving Security and Privacy for Extensions Users

No, Chrome isn’t killing ad blockers -- we’re making them saferPosted by Devlin Cronin, Chrome Extensions TeamThe Chrome Extensions ecosystem has seen incredible advancement, adoption, and growth since its launch over ten years ago. Extensions are a great way...

Use your Android phone’s built-in security key to verify sign-in on iOS devices

Posted by Kaiyu Yan and Christiaan Brand Compromised credentials are one of the most common causes of security breaches. While Google automatically blocks the majority of unauthorized sign-in attempts, adding 2-Step Verification (2SV) considerably improves account security. At Cloud...

PHA Family Highlights: Triada

Posted by Lukasz Siewierski, Android Security & Privacy Team We continue our PHA family highlights series with the Triada family, which was first discovered early in 2016. The main purpose of Triada apps was to install spam apps on...

New research: How effective is basic account hygiene at preventing hijacking

Posted by Kurt Thomas and Angelika Moscicki Every day, we protect users from hundreds of thousands of account hijacking attempts. Most attacks stem from automated bots with access to third-party password breaches, but we also see phishing and targeted...

Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys

Posted by Christiaan Brand, Product Manager, Google Cloud We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) version of the Titan Security Key available in the U.S. and are providing users with the immediate steps...

Queue the Hardening Enhancements

Posted by Jeff Vander Stoep, Android Security & Privacy Team and Chong Zhang, Android Media TeamAndroid Q Beta versions are now publicly available. Among the various new features introduced in Android Q are some important security hardening changes. While...

What’s New in Android Q Security

Posted by Rene Mayrhofer and Xiaowen Xin, Android Security & Privacy Team With every new version of Android, one of our top priorities is raising the bar for security. Over the last few years, these improvements have led to...

Quantifying Measurable Security

Posted by Eugene Liderman, Android Security & Privacy Team With Google I/O this week you are going to hear about a lot of new features in Android that are coming in Q. One thing that you will also hear...

Google CTF 2019 is here

Posted by Jan Keller, Security Technical Program ManagerJune has become the month where we’re inviting thousands of security aficionados to put their skills to the test...In 2018, 23,563 people submitted at least one flag on their hunt for the...

Better protection against Man in the Middle phishing attacks

Posted by Jonathan Skelker, Product Manager, Account SecurityWe’re constantly working to improve our phishing protections to keep your information secure. Last year, we announced that we would require JavaScript to be enabled in your browser when you sign in...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.