Wednesday, December 11, 2019

Chrome UI for Deprecating Legacy TLS Versions

Posted by Chris Thompson, Chrome security teamLast October we announced our plans to remove support for TLS 1.0 and 1.1 in Chrome 81. In this post we’re announcing a pre-removal phase in which we’ll introduce a gentler warning UI,...

How Google adopted BeyondCorp: Part 3 (tiered access)

Posted by Daniel Ladenheim, Software Engineer, and Hunter King, Security Engineer Intro This is the third post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal...

Trust but verify attestation with revocation

Posted by Rob Barnes & Shawn Willden, Android Security & Privacy TeamBillions of people rely on their Android-powered devices to securely store their sensitive information. A vital component of the Android security stack is the key attestation system. Android...

Expanding bug bounties on Google Play

Posted by Adam Bacchus, Sebastian Porst, and Patrick Mutchler — Android Security & Privacy We’re constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support. At Google, we understand the strength...

Protecting Chrome users in Kazakhstan

Posted by Andrew Whalley, Chrome SecurityWhen making secure connections, Chrome trusts certificates that have been locally installed on a user's computer or mobile device. This allows users to run tools to inspect and debug connections during website development, or...

How Google adopted BeyondCorp: Part 2 (devices)

Posted by Matt McDonald, Software Engineer, and Sebastian Harl, Software Engineer Intro This is the second post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the...

New Research: Lessons from Password Checkup in action

Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse researchBack in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever...

Making authentication even easier with FIDO2-based local user verification for Google Accounts

Posted by Dongjing He, Software Engineer and Christiaan Brand, Product Manager Passwords, combined with Google's automated protections, help secure billions of users around the world. But, new security technologies are surpassing passwords in terms of both strength and convenience. With...

Awarding Google Cloud Vulnerability Research

Posted by Felix Groebert, Information Security EngineeringToday, we’re excited to announce a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. A prize of $100,000.00 will be paid to the reporter of the best vulnerability...

Understanding why phishing attacks are so effective and how to mitigate them

Posted by Elie Bursztein, Security & Anti-abuse Research Lead, Daniela Oliveira, Professor at the University of FloridaPhishing attacks continue to be one of the common forms of account compromise threats. Every day, Gmail blocks more than 100 million phishing emails and...

Adopting the Arm Memory Tagging Extension in Android

Posted by Kostya Serebryany, Google Core Systems, and Sudhi Herle, Android Security & Privacy Team As part of our continuous commitment to improve the security of the Android ecosystem, we are partnering with Arm to design the memory tagging...

Titan Security Keys are now available in Canada, France, Japan, and the UK

Posted by Christiaan Brand, Product Manager, Google Cloud Credential compromise as a result of phishing is one of the most common causes of security breaches. Security keys provide the strongest protection against these types of attacks, and that’s...

Chrome Fuzzer Program Update And How-To

Posted by Max Moroz, Fuzzing Evangelist, and Ned Williamson, Fuzzing Entrepreneur TL;DR We increased the Chrome Fuzzer Program bonus from $500 to $1,000 as part of our recent update of reward amounts. Chrome Fuzzer Program is a part of...

Bigger Rewards for Security Bugs

Posted by Natasha Pabrai and Andrew Whalley, Chrome Security Team Chrome has always been built with security at its core, by a passionate worldwide community as part of the Chromium open source project. We're proud that community includes world...

How Google adopted BeyondCorp

Posted by Lior Tishbi, Program Manager and Puneet Goel, Product Manager It's been almost five years since we released the first of multiple BeyondCorp papers, describing the motivation and design principles that eliminated network-based trust from our internal networks....
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.