Saturday, January 19, 2019
Google

PHA Family Highlights: Zen and its cousins

Posted Lukasz Siewierski, Android Security & Privacy Team Google Play Protect detects Potentially Harmful Applications (PHAs) which Google Play Protect defines as any mobile app that poses a potential security risk to users or to user data—commonly referred to...
Google

Google Public DNS now supports DNS-over-TLS

Posted by Marshall Vale, Product Manager and Puneet Sood, Software EngineerGoogle Public DNS is the world’s largest public Domain Name Service (DNS) recursive resolver, allowing anyone to convert Internet domain names like www.example.com into Internet addresses needed by an...
Google

Android Pie à la mode: Security & Privacy

Posted by Vikrant Nanda and René Mayrhofer, Android Security & Privacy TeamThere is no better time to talk about Android dessert releases than the holidays because who doesn't love dessert? And what is one of our favorite desserts during...
Google

New Keystore features keep your slice of Android Pie a little safer

Posted by Brian Claire Young and Shawn Willden, Android Security; and Frank Salim, Google Pay New Android Pie Keystore FeaturesThe Android Keystore provides application developers with a set of cryptographic tools that are designed to secure their users' data....
Google

Tackling ads abuse in apps and SDKs

Posted by Dave Kleidermacher, VP, Head of Security & Privacy - Android & PlayProviding users with safe and secure experiences, while helping developers build and grow quality app businesses, is our top priority at Google Play. And we’re constantly...
Google

ASPIRE to keep protecting billions of Android users

Posted by Billy Lau and René Mayrhofer, Android Security & Privacy TeamCustomization is one of Android's greatest strengths. Android's open source nature has enabled thousands of device types that cover a variety of use cases. In addition to adding...
Google

Announcing the Google Security and Privacy Research Awards

Posted by Elie Bursztein and Oxana Comanescu, Google Security and Privacy GroupWe believe that cutting-edge research plays a key role in advancing the security and privacy of users across the Internet. While we do significant in-house research and engineering...
Google

Industry collaboration leads to takedown of the “3ve” ad fraud operation

Posted by Per Bjorke, Product Manager, Ad Traffic QualityFor years, Google has been waging a comprehensive, global fight against invalid traffic through a combination of technology, policy, and operations teams to protect advertisers and publishers and increase transparency throughout...
Google

Combating Potentially Harmful Applications with Machine Learning at Google: Datasets and Models

Posted by Mo Yu, Android Security & Privacy TeamIn a previous blog post, we talked about using machine learning to combat Potentially Harmful Applications (PHAs). This blog post covers how Google uses machine learning techniques to detect and classify...
Google

Introducing the Android Ecosystem Security Transparency Report

Posted by Jason Woloz and Eugene Liderman, Android Security & Privacy TeamAs shared during the What's new in Android security session at Google I/O 2018, transparency and openness are important parts of Android's ethos. We regularly blog about new...
Google

A New Chapter for OSS-Fuzz

Posted by Matt Ruhstaller, TPM and Oliver Chang, Software Engineer, Google Security TeamOpen Source Software (OSS) is extremely important to Google, and we rely on OSS in a variety of customer-facing and internal projects. We also understand the difficulty...
Google

Announcing some security treats to protect you from attackers’ tricks

Posted by Jonathan Skelker, Product ManagerIt’s Halloween 🎃 and the last day of Cybersecurity Awareness Month 🔐, so we’re celebrating these occasions with security improvements across your account journey: before you sign in, as soon as you’ve entered your...
Google

Introducing reCAPTCHA v3: the new way to stop bots

Posted by Wei Liu, Google Product ManagerToday, we’re excited to introduce reCAPTCHA v3, our newest API that helps you detect abusive traffic on your website without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score...
Google

Google tackles new ad fraud scheme

Posted by Per Bjorke, Product Manager, Ad Traffic QualityFighting invalid traffic is essential for the long-term sustainability of the digital advertising ecosystem. We have an extensive internal system to filter out invalid traffic – from simple filters to large-scale...
Google

Android Protected Confirmation: Taking transaction security to the next level

Posted by Janis Danisevskis, Information Security Engineer, Android SecurityIn Android Pie, we introduced Android Protected Confirmation, the first major mobile OS API that leverages a hardware protected user interface (Trusted UI) to perform critical transactions completely outside the main...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more