Wednesday, October 27, 2021

Google Protects Your Accounts – Even When You No Longer Use Them

Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves, because when we are no longer keeping tabs on what’s...

Introducing the Secure Open Source Pilot Program

Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security TeamOver the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $10 billion commitment to...

Announcing New Patch Reward Program for Tsunami Security Scanner

Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management TeamOne year ago, we published the Tsunami security scanner with the goal of detecting high severity, actively exploited vulnerabilities with high confidence. In the last several months,...

Distroless Builds Are Now SLSA 2

Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security TeamA few months ago we announced that we started signing all distroless images with cosign, which allows users to verify that they have the correct image before starting...

An update on Memory Safety in Chrome

Adrian Taylor, Andrew Whalley, Dana Jansens and Nasko Oskov, Chrome security team Security is a cat-and-mouse game. As attackers innovate, browsers always have to mount new defenses to stay ahead, and Chrome has invested in ever-stronger multi-process architecture built...

Google Supports Open Source Technology Improvement Fund

Posted by Kaylin Trychon, Google Open Source Security Team We recently pledged to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. As part of this commitment, we are excited to announce...

Introducing Android’s Private Compute Services

Posted by Suzanne Frey, VP, Product, Android & Play Security and PrivacyWe introduced Android’s Private Compute Core in Android 12 Beta. Today, we're excited to announce a new suite of services that provide a privacy-preserving bridge between Private Compute...

Updates on our continued collaboration with NIST to secure the Software Supply Chain

Posted by Eric Brewer and Dan LorencYesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over...

AllStar: Continuous Security Policy Enforcement for GitHub Projects

Posted by Mike Maraya, Google Open Source Security Team As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain attacks against OSS we use and develop. Building on our efforts...

Simplifying Titan Security Key options for our users

Posted by Christiaan Brand, Product Manager, Google CloudToday we are excited to announce some changes to our lineup of Titan Security Keys on the Google Store which provide a simpler experience and make choosing the right security key for...

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

A new chapter for Google’s Vulnerability Reward Program

Posted by Jan Keller, Technical Program Manager, Google VRP A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an...

Protecting more with Site Isolation

Posted by Charlie Reis​ and Alex Moshchuk, Chrome Security TeamChrome's Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from other web sites. On Windows, Mac, Linux, and Chrome OS,...

Advancing an inclusive, diverse security industry

Posted by Sarah Morales, Community Outreach Manager, Security It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve female representation in the cybersecurity industry, Google teamed up with...

Verifiable design in modern systems

Posted by Ryan Hurst, Production Security TeamThe way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new...
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.