Bigger Rewards for Security Bugs
Posted by Natasha Pabrai and Andrew Whalley, Chrome Security Team Chrome has always been built with security at its core, by a passionate worldwide community as part of the Chromium open source project. We're proud that community includes world...
How Google adopted BeyondCorp
Posted by Lior Tishbi, Program Manager and Puneet Goel, Product Manager It's been almost five years since we released the first of multiple BeyondCorp papers, describing the motivation and design principles that eliminated network-based trust from our internal networks....
Google Public DNS over HTTPS (DoH) supports RFC 8484 standard
Posted by Marshall Vale, Product Manager and Alexander Dupuy, Software EngineerEver since we launched Google Public DNS in 2009, our priority has been the security of DNS resolution. In 2016, we launched a unique and innovative experimental service --...
Helping organizations do more without collecting more data
Posted by Amanda Walker - Engineering Director, Sarvar Patel - Software Engineer, and Moti Yung - Research Scientist, Private ComputingWe continually invest in new research to advance innovations that preserve individual privacy while enabling valuable insights from data. Earlier...
New Chrome Protections from Deception
Posted by Emily Schechter, Chrome Product Manager Chrome was built with security in mind from the very beginning. Today we’re launching two new features to help protect users from deceptive websites. The Suspicious Site Reporter Extension will improve security...
Improving Security and Privacy for Extensions Users
No, Chrome isn’t killing ad blockers -- we’re making them saferPosted by Devlin Cronin, Chrome Extensions TeamThe Chrome Extensions ecosystem has seen incredible advancement, adoption, and growth since its launch over ten years ago. Extensions are a great way...
Use your Android phone’s built-in security key to verify sign-in on iOS devices
Posted by Kaiyu Yan and Christiaan Brand Compromised credentials are one of the most common causes of security breaches. While Google automatically blocks the majority of unauthorized sign-in attempts, adding 2-Step Verification (2SV) considerably improves account security. At Cloud...
PHA Family Highlights: Triada
Posted by Lukasz Siewierski, Android Security & Privacy Team We continue our PHA family highlights series with the Triada family, which was first discovered early in 2016. The main purpose of Triada apps was to install spam apps on...
New research: How effective is basic account hygiene at preventing hijacking
Posted by Kurt Thomas and Angelika Moscicki Every day, we protect users from hundreds of thousands of account hijacking attempts. Most attacks stem from automated bots with access to third-party password breaches, but we also see phishing and targeted...
Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys
Posted by Christiaan Brand, Product Manager, Google Cloud We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) version of the Titan Security Key available in the U.S. and are providing users with the immediate steps...
Queue the Hardening Enhancements
Posted by Jeff Vander Stoep, Android Security & Privacy Team and Chong Zhang, Android Media TeamAndroid Q Beta versions are now publicly available. Among the various new features introduced in Android Q are some important security hardening changes. While...
What’s New in Android Q Security
Posted by Rene Mayrhofer and Xiaowen Xin, Android Security & Privacy Team With every new version of Android, one of our top priorities is raising the bar for security. Over the last few years, these improvements have led to...
Quantifying Measurable Security
Posted by Eugene Liderman, Android Security & Privacy Team With Google I/O this week you are going to hear about a lot of new features in Android that are coming in Q. One thing that you will also hear...
Google CTF 2019 is here
Posted by Jan Keller, Security Technical Program ManagerJune has become the month where we’re inviting thousands of security aficionados to put their skills to the test...In 2018, 23,563 people submitted at least one flag on their hunt for the...
Better protection against Man in the Middle phishing attacks
Posted by Jonathan Skelker, Product Manager, Account SecurityWe’re constantly working to improve our phishing protections to keep your information secure. Last year, we announced that we would require JavaScript to be enabled in your browser when you sign in...
Cisco Patches Critical Flaw in Vision Dynamic Signage Director
Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.
Tracked as CVE-2019-1917, the vulnerability was found in the REST...
The Great Hack: the film that goes behind the scenes of the Facebook data scandal
This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
Scotland Yard Twitter and Emails Hacked
London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages.
read more
Browser Extensions Scraped Data From Millions of People
Slack passwords, NSO spyware, and more of the week's top security news.
Hackers breach FSB contractor, expose Tor deanonymization project and more
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
