Tuesday, September 25, 2018
Google

Android and Google Play Security Rewards Programs surpass $3M in payouts

Posted by Jason Woloz and Mayank Jain, Android Security & Privacy TeamOur Android and Play security reward programs help us work with top researchers from around the world to improve Android ecosystem security every day. Thank you to...
Google

Introducing the Tink cryptographic software library

Posted by Thai Duong, Information Security Engineer, on behalf of Tink teamAt Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires...
Google

Evolution of Android Security Updates

Posted by Dave Kleidermacher, VP, Head of Security - Android, Chrome OS, PlayAt Google I/O 2018, in our What's New in Android Security session, we shared a brief update on the Android security updates program. With the official release...
Google

A reminder about government-backed phishing

Posted by Shane Huntley, Threat Analysis GroupTLDR: Government-backed phishing has been in the news lately. If you receive a warning in Gmail, be sure to take prompt action. Get two-factor authentication on your account. And consider enrolling in the...
Google

Expanding our Vulnerability Reward Program to combat platform abuse

Posted by Eric Brown and Marc Henson, Trust & SafetySince 2010, Google’s Vulnerability Reward Programs have awarded more than $12 million dollars to researchers and created a thriving Google-focused security community. For the past two years, some of these...
Google

Google Public DNS turns 8.8.8.8 years old

Posted by Alexander Dupuy, Software EngineerOnce upon a time, we launched Google Public DNS, which you might know by its iconic IP address, 8.8.8.8. (Sunday, August 12th, 2018, at 00:30 UTC marks eight years, eight months, eight days and...
Google

Mitigating Spectre with Site Isolation in Chrome

Posted by Charlie Reis, Site IsolatorSpeculative execution side-channel attacks like Spectre are a newly discovered security risk for web browsers. A website could use such attacks to steal data or login information from other websites that are open in...
Google

Compiler-based security mitigations in Android P

Posted by Ivan Lozano, Information Security Engineer Android's switch to LLVM/Clang as the default platform compiler in Android 7.0 opened up more possibilities for improving our defense-in-depth security posture. In the past couple of releases, we've rolled out additional...
Google

Better Biometrics in Android P

Posted by Vishwath Mohan, Security EngineerTo keep users safe, most apps and devices have an authentication mechanism, or a way to prove that you're you. These mechanisms fall into three categories: knowledge factors, possession factors, and biometric factors. Knowledge...
Google

End-to-end encryption for push messaging, simplified

Posted by Giles Hogben, Privacy Engineer and Milinda Perera, Software Engineer Developers already use HTTPS to communicate with Firebase Cloud Messaging (FCM). The channel between FCM server endpoint and the device is encrypted with SSL over TCP. However,...
Google

Insider attack resistance

Posted by Shawn Willden, Staff Software EngineerOur smart devices, such as mobile phones and tablets, contain a wealth of personal information that needs to be kept safe. Google is constantly trying to find new and better ways to protect...
Google

Keeping 2 billion Android devices safe with machine learning

Posted by Sai Deep Tetali, Software Engineer, Google Play ProtectAt Google I/O 2017, we introduced Google Play Protect, our comprehensive set of security services for Android. While the name is new, the smarts powering Play Protect have protected Android...
Google

Google CTF 2018 is here

Posted by Jan Keller, Security TPMGoogle CTF 2017 was a big success! We had over 5,000 players, nearly 2,000 teams captured flags, we paid $31,1337.00, and most importantly: you had fun playing and we had fun hosting!Congratulations (for the...
Google

Leveraging AI to protect our users and the web

Posted by Elie Bursztein, Anti-Abuse Research Lead - Ian Goodfellow, Adversarial Machine Learning Research LeadRecent advances in AI are transforming how we combat fraud and abuse and implement new security protections. These advances are critical to meeting our users’...
Google

DNS over TLS support in Android P Developer Preview

Posted by Erik Kline, Android software engineer, and Ben Schwartz, Jigsaw software engineerThe first step of almost every connection on the internet is a DNS query. A client, such as a smartphone, typically uses a DNS server provided by...

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...