Tuesday, May 21, 2019
Google

New research: How effective is basic account hygiene at preventing hijacking

Posted by Kurt Thomas and Angelika Moscicki Every day, we protect users from hundreds of thousands of account hijacking attempts. Most attacks stem from automated bots with access to third-party password breaches, but we also see phishing and targeted...
Google

Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys

Posted by Christiaan Brand, Product Manager, Google Cloud We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) version of the Titan Security Key available in the U.S. and are providing users with the immediate steps...
Google

Queue the Hardening Enhancements

Posted by Jeff Vander Stoep, Android Security & Privacy Team and Chong Zhang, Android Media TeamAndroid Q Beta versions are now publicly available. Among the various new features introduced in Android Q are some important security hardening changes. While...
Google

What’s New in Android Q Security

Posted by Rene Mayrhofer and Xiaowen Xin, Android Security & Privacy Team With every new version of Android, one of our top priorities is raising the bar for security. Over the last few years, these improvements have led to...
Google

Quantifying Measurable Security

Posted by Eugene Liderman, Android Security & Privacy Team With Google I/O this week you are going to hear about a lot of new features in Android that are coming in Q. One thing that you will also hear...
Google

Google CTF 2019 is here

Posted by Jan Keller, Security Technical Program ManagerJune has become the month where we’re inviting thousands of security aficionados to put their skills to the test...In 2018, 23,563 people submitted at least one flag on their hunt for the...
Google

Better protection against Man in the Middle phishing attacks

Posted by Jonathan Skelker, Product Manager, Account SecurityWe’re constantly working to improve our phishing protections to keep your information secure. Last year, we announced that we would require JavaScript to be enabled in your browser when you sign in...
Google

The Android Platform Security Model

Posted by Jeff Vander Stoep, Android Security & Privacy TeamEach Android release comes with great new security and privacy features. When it comes to implementing these new features we always look at ways to measure the impact with data...
Google

Gmail making email more secure with MTA-STS standard

Posted by Nicolas Lidzborski, Senior Staff Software Engineer, Google Cloud and Nicolas Kardas, Senior Product Manager, Google Cloud We’re excited to announce that Gmail will become the first major email provider to follow the new SMTP MTA Strict Transport Security (MTA-STS)...
Google

Android Security & Privacy Year in Review 2018: Keeping two billion users, and their data, safe and sound

Posted by Meghan Kelly, Android Security & Privacy Team We're excited to release today the 2018 Android Security and Privacy Year in Review. This year's report highlights the advancements we made in Android throughout the year, and how we've...
Google

Managed Google Play earns key certifications for security and privacy

Posted by Mike Burr, Android Enterprise Platform SpecialistWith managed Google Play, organizations can build a customized and secure mobile application storefront for their teams, featuring public and private applications. Organizations' employees can take advantage of the familiarity of a...
Google

Open-sourcing Sandboxed API

Posted by Christian Blichmann & Robert Swiecki, ISE Sandboxing teamMany software projects process data which is externally generated, and thus potentially untrusted. For example, this could be the conversion of user-provided picture files into different formats, or even executing...
Google

Disclosing vulnerabilities to protect users across platforms

Posted by Clement Lecigne, Threat Analysis GroupOn Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together.To remediate the Chrome vulnerability (CVE-2019-5786),...
Google

Android Security Improvement update: Helping developers harden their apps, one thwarted vulnerability at a time

Posted by Patrick Mutchler and Meghan Kelly, Android Security & Privacy TeamHelping Android app developers build secure apps, free of known vulnerabilities, means helping the overall ecosystem thrive. This is why we launched the Application Security Improvement Program five...
Google

Google Play Protect in 2018: New updates to keep Android users secure

Posted by Rahul Mishra and Tom Watkins, Android Security & Privacy Team In 2018, Google Play Protect made Android devices running Google Play some of the most secure smartphones available, scanning over 50 billion apps everyday...
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...