Tuesday, March 31, 2020
Google

Announcing our first GCP VRP Prize winner and updates to 2020 program

Posted by Harshvardan Sharma, Information Security Engineer, GoogleLast year, we announced a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. Since then, we’ve received many interesting entries as part of this new initiative from...
Google

How Google Play Protect kept users safe in 2019

Posted by Rahul Mishra, Program Manager, Android Security and Privacy TeamThrough 2019, Google Play Protect continued to improve the security for 2.5 billion Android devices. Built into Android, Play Protect scans over 100 billion apps every day for malware...
Google

How Google does certificate lifecycle management

Posted by Siddharth Bhai and Ryan Hurst, Product Managers, Google Cloud Over the last few years, we’ve seen the use of Transport Layer Security (TLS) on the web increase to more than 96% of all traffic seen by a Chrome...
Google

FuzzBench: Fuzzer Benchmarking as a Service

Posted by Jonathan Metzman, Abhishek Arya, Google OSS-Fuzz Team and László Szekeres‎, Google Software Analysis TeamWe are excited to launch FuzzBench, a fully automated, open source, free service for evaluating fuzzers. The goal of FuzzBench is to make it...
Google

Helping Developers with Permission Requests

Posted by Sai Teja Peddinti, Nina Taft and Igor Bilogrevic from PDPO Applied Privacy Research, and Pauline Anthonysamy from Android Security and Privacy. User trust is critical to the success of developers of every size. On the Google Play...
Google

Data Encryption on Android with Jetpack Security

Posted by Jon Markoff, Staff Developer Advocate, Android Security Have you ever tried to encrypt data in your app? As a developer, you want to keep data safe, and in the hands of the party...
Google

Improving Malicious Document Detection in Gmail with Deep Learning

Posted by Elie Bursztein, Security & Anti-Abuse Research Lead; David Tao, Software Engineer; Neil Kumaran, Product Manager, Gmail Security Gmail protects your incoming mail against spam, phishing attempts, and malware. Our existing machine learning models are highly effective at doing...
Google

Disruptive ads enforcement and our new approach

Posted by Per Bjorke, Senior Product Manager, Ad Traffic QualityAs part of our ongoing efforts — along with help from newly developed technologies — today we’re announcing nearly 600 apps have been removed from the Google Play Store and...
Google

Titan Security Keys – now available in Austria, Canada, France, Germany, Italy, Japan, Spain, Switzerland, and the UK

Posted by Christiaan Brand, Product Manager, Google Cloud Security keys provide the strongest protection against phishing attacks. That’s why they are an important feature of the Advanced Protection Program that provides Google’s strongest account protections for users that consider themselves...
Google

How we fought bad apps and malicious developers in 2019

Posted by Andrew Ahn, Product Manager, Google Play + Android App Safety Google Play connects users with great digital experiences to help them be more productive and entertained, as well as providing app developers with tools to...
Google

Protecting users from insecure downloads in Google Chrome

Posted by Joe DeBlasio, Chrome security team Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, we’ll start blocking "mixed content downloads" (non-HTTPS downloads started...
Google

Say hello to OpenSK: a fully open-source security key implementation

Posted by Elie Bursztein, Security & Anti-abuse Research Lead, and Jean-Michel Picod, Software Engineer, Google  Today, FIDO security keys are reshaping the way online accounts are protected by providing an easy, phishing-resistant form of two-factor authentication (2FA) that is...
Google

Vulnerability Reward Program: 2019 Year in Review

Posted by Natasha Pabrai, Jan Keller, Jessica Lin, Anna Hupa, and Adam Bacchus, Vulnerability Reward Programs at GoogleOur Vulnerability Reward Programs were created to reward researchers for protecting users by telling us about the security bugs they find. Their...
Google

Have an iPhone? Use it to protect your Google Account with the Advanced Protection Program

Posted by Christiaan Brand, Product Manager, Google Cloud and Kaiyu Yan, Software Engineer, GooglePhishing—when an online attacker tries to trick you into giving them your username and password—is one of the most common causes of account compromises. We recently...
Google

Securing open-source: how Google supports the new Kubernetes bug bounty

Posted by Maya Kaczorowski, Product Manager, Container Security and Aaron Small, Product Manager, GKE On-Prem SecurityAt Google, we care deeply about the security of open-source projects, as they’re such a critical part of our infrastructure—and indeed everyone’s. Today, the...

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...

Zoom’s privacy problems are growing as platform explodes in popularity

Enlarge / Zoom's San Jose, Calif., headquarters looks like a lovely place to be socially distanced from. (credit: Smith Collection | Gado | Getty Images) We have several more weeks, if not several more months, to go in...
TechRepublic

FBI warns about Zoom bombing as hijackers take over school and business video conferences

Teleconferences are being disrupted by internet trolls shouting profanity and racist remarks and posting pornographic and hate images.