Tuesday, March 19, 2019
Google

Open-sourcing Sandboxed API

Posted by Christian Blichmann & Robert Swiecki, ISE Sandboxing teamMany software projects process data which is externally generated, and thus potentially untrusted. For example, this could be the conversion of user-provided picture files into different formats, or even executing...
Google

Disclosing vulnerabilities to protect users across platforms

Posted by Clement Lecigne, Threat Analysis GroupOn Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together.To remediate the Chrome vulnerability (CVE-2019-5786),...
Google

Android Security Improvement update: Helping developers harden their apps, one thwarted vulnerability at a time

Posted by Patrick Mutchler and Meghan Kelly, Android Security & Privacy TeamHelping Android app developers build secure apps, free of known vulnerabilities, means helping the overall ecosystem thrive. This is why we launched the Application Security Improvement Program five...
Google

Google Play Protect in 2018: New updates to keep Android users secure

Posted by Rahul Mishra and Tom Watkins, Android Security & Privacy Team In 2018, Google Play Protect made Android devices running Google Play some of the most secure smartphones available, scanning over 50 billion apps everyday...
Google

How we fought bad apps and malicious developers in 2018

Posted by Andrew Ahn, Product Manager, Google PlayGoogle Play is committed to providing a secure and safe platform for billions of Android users on their journey discovering and experiencing the apps they love and enjoy. To deliver against this...
Google

Open sourcing ClusterFuzz

Posted by Abhishek Arya, Oliver Chang, Max Moroz, Martin Barbella and Jonathan Metzman (ClusterFuzz team)Fuzzing is an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program. It is effective at finding...
Google

Introducing Adiantum: Encryption for the Next Billion Users

Posted by Paul Crowley and Eric Biggers, Android Security & Privacy TeamStorage encryption protects your data if your phone falls into someone else's hands. Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices...
Google

Protect your accounts from data breaches with Password Checkup

Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Security and Anti-abuse researchGoogle helps keep your account safe from hijacking with a defense in depth strategy that spans prevention, detection, and mitigation. As part of this, we regularly reset...
Google

PHA Family Highlights: Zen and its cousins

Posted Lukasz Siewierski, Android Security & Privacy Team Google Play Protect detects Potentially Harmful Applications (PHAs) which Google Play Protect defines as any mobile app that poses a potential security risk to users or to user data—commonly referred to...
Google

Google Public DNS now supports DNS-over-TLS

Posted by Marshall Vale, Product Manager and Puneet Sood, Software EngineerGoogle Public DNS is the world’s largest public Domain Name Service (DNS) recursive resolver, allowing anyone to convert Internet domain names like www.example.com into Internet addresses needed by an...
Google

Android Pie à la mode: Security & Privacy

Posted by Vikrant Nanda and René Mayrhofer, Android Security & Privacy TeamThere is no better time to talk about Android dessert releases than the holidays because who doesn't love dessert? And what is one of our favorite desserts during...
Google

New Keystore features keep your slice of Android Pie a little safer

Posted by Brian Claire Young and Shawn Willden, Android Security; and Frank Salim, Google Pay New Android Pie Keystore FeaturesThe Android Keystore provides application developers with a set of cryptographic tools that are designed to secure their users' data....
Google

Tackling ads abuse in apps and SDKs

Posted by Dave Kleidermacher, VP, Head of Security & Privacy - Android & PlayProviding users with safe and secure experiences, while helping developers build and grow quality app businesses, is our top priority at Google Play. And we’re constantly...
Google

ASPIRE to keep protecting billions of Android users

Posted by Billy Lau and René Mayrhofer, Android Security & Privacy TeamCustomization is one of Android's greatest strengths. Android's open source nature has enabled thousands of device types that cover a variety of use cases. In addition to adding...
Google

Announcing the Google Security and Privacy Research Awards

Posted by Elie Bursztein and Oxana Comanescu, Google Security and Privacy GroupWe believe that cutting-edge research plays a key role in advancing the security and privacy of users across the Internet. While we do significant in-house research and engineering...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.

The Case of the Missing Data

The latest twist in the Equifax breach has serious implications for organizations.
SecurityWeek

Industrial Cybersecurity Firm Nozomi Launches Research Department

Industrial cybersecurity solutions provider Nozomi Networks on Tuesday announced the formal launch of the company’s research department, Nozomi Networks Labs. read more