Tuesday, March 2, 2021

#ShareTheMicInCyber: Rob Duhart

Posted by Matt Levine, Director, Risk Management In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a series in support of #ShareTheMicInCyber that aims to elevate and celebrate the Black+...

Celebrating the influence and contributions of Black+ Security & Privacy Googlers

Posted by Royal Hansen, Vice President, SecurityBlack History Month may be coming to a close, but our work to build sustainable equity for Google’s Black+ community, and externally is ongoing. Currently, Black Americans make up less than 12% of...

New Password Checkup Feature Coming to Android

Posted by Arvind Kumar Sugumar, Software Engineer, Android TeamWith the proliferation of digital services in our lives, it’s more important than ever to make sure our online information remains safe and secure. Passwords are usually the first line of...

Mitigating Memory Safety Issues in Open Source Software

Posted by Dan Lorenc, Infrastructure Security TeamMemory-safety vulnerabilities have dominated the security field for years and often lead to issues that can be exploited to take over entire systems. A recent study found that "~70% of the vulnerabilities addressed through...

Launching OSV – Better vulnerability triage for open source

Posted by Oliver Chang and Kim Lewandowski, Google Security TeamWe are excited to launch OSV (Open Source Vulnerabilities), our first step towards improving vulnerability triage for developers and consumers of open source software. The goal of OSV is to...

Vulnerability Reward Program: 2020 Year in Review

Posted by Anna Hupa, Senior Strategist, Vulnerability Rewards TeamDespite the challenges of this unprecedented year, our vulnerability researchers have achieved more than ever before, partnering with our Vulnerability Reward Programs (VRPs) to protect Google’s users by discovering security and...

Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source

Posted by Eric Brewer, Rob Pike, Abhishek Arya, Anne Bertucio and Kim Lewandowski Executive Summary:The security of open source software has rightfully garnered the industry’s attention, but solutions require consensus about the challenges and cooperation in the execution. The problem...

Data Driven Security Hardening in Android

Posted by Kevin Deus, Joel Galenson, Billy Lau and Ivan Lozano, Android Security & Privacy TeamThe Android platform team is committed to securing Android for every user across every device. In addition to monthly security updates to patch vulnerabilities...

New Year, new password protections in Chrome

Posted by Ali Sarraf, Product Manager, ChromePasswords help protect our online information, which is why it’s never been more important to keep them safe. But when we’re juggling dozens (if not hundreds!) of passwords across various websites—from shopping, to...

How the Atheris Python Fuzzer Works

Posted by Ian Eldred Pudney, Google Information Security On Friday, we announced that we’ve released the Atheris Python fuzzing engine as open source. In this post, we’ll briefly talk about its origins, and then go into lots more detail on...

Announcing Bonus Rewards for V8 Exploits

Posted by Martin Barbella, Chrome Vulnerability Rewards PanelistStarting today, the Chrome Vulnerability Rewards Program is offering a new bonus for reports which demonstrate exploitability in V8, Chrome’s JavaScript engine. We have historically had many great V8 bugs reported (thank...

OpenTitan at One Year: the Open Source Journey to Secure Silicon

Posted by Dominic Rizzo, OpenTitan Lead, Google During the past year, OpenTitan has grown tremendously as an open source project and is on track to provide transparent, trustworthy, and cost-free security to the broader silicon ecosystem. OpenTitan, the industry’s first...

Improving open source security during the Google summer internship program

Posted by the Information Security Engineering team at Google Every summer, Google’s Information Security Engineering (ISE) team hosts a number of interns who work on impactful projects to help improve security at Google. This year was no different—well, actually...

Fostering research on new web security threats

Posted by Artur Janc and Jan Gora, Information Security Engineers The web is an ecosystem built on openness and composability. It is an excellent platform for building capable applications, and it powers thousands of services created and maintained by...

Announcing our open source security key test suite

Posted by  Elie Bursztein, Security and Anti-abuse Research Lead, Jean-Michel Picod, Software Engineer and Fabian Kaczmarczyck, Software Engineer Security keys and your phone’s built-in security keys are reshaping the way users authenticate online. These technologies are trusted by a growing...
Graham Cluley

Crypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak

Controversial cryptocurrency developer Tether says it will not give in to extortionists who are demanding a 500 Bitcoin ransom payment (currently worth approximately US $24 million).
Bruce Schneier

Mysterious Macintosh Malware

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload...

What Did I Just Read? A Conversation With the Authors of '2034'

Elliot Ackerman and Admiral James Stavridis discuss their inspirations, personal experiences, and what keeps them up at night.

2034, Part VI: Crossing the Red Line

“Eventually, the Americans would find them. But by then it would be too late.”

Oxfam Australia supporters embroiled in new data breach

Personal data, including partial payment information, is thought to be included.