Announcing our first GCP VRP Prize winner and updates to 2020 program
Posted by Harshvardan Sharma, Information Security Engineer, GoogleLast year, we announced a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. Since then, we’ve received many interesting entries as part of this new initiative from...
How Google Play Protect kept users safe in 2019
Posted by Rahul Mishra, Program Manager, Android Security and Privacy TeamThrough 2019, Google Play Protect continued to improve the security for 2.5 billion Android devices. Built into Android, Play Protect scans over 100 billion apps every day for malware...
How Google does certificate lifecycle management
Posted by Siddharth Bhai and Ryan Hurst, Product Managers, Google Cloud Over the last few years, we’ve seen the use of Transport Layer Security (TLS) on the web increase to more than 96% of all traffic seen by a Chrome...
FuzzBench: Fuzzer Benchmarking as a Service
Posted by Jonathan Metzman, Abhishek Arya, Google OSS-Fuzz Team and László Szekeres, Google Software Analysis TeamWe are excited to launch FuzzBench, a fully automated, open source, free service for evaluating fuzzers. The goal of FuzzBench is to make it...
Helping Developers with Permission Requests
Posted by Sai Teja Peddinti, Nina Taft and Igor Bilogrevic from PDPO Applied Privacy Research, and Pauline Anthonysamy from Android Security and Privacy. User trust is critical to the success of developers of every size. On the Google Play...
Data Encryption on Android with Jetpack Security
Posted by Jon Markoff, Staff Developer Advocate, Android Security Have you ever tried to encrypt data in your app? As a developer, you want to keep data safe, and in the hands of the party...
Improving Malicious Document Detection in Gmail with Deep Learning
Posted by Elie Bursztein, Security & Anti-Abuse Research Lead; David Tao, Software Engineer; Neil Kumaran, Product Manager, Gmail Security Gmail protects your incoming mail against spam, phishing attempts, and malware. Our existing machine learning models are highly effective at doing...
Disruptive ads enforcement and our new approach
Posted by Per Bjorke, Senior Product Manager, Ad Traffic QualityAs part of our ongoing efforts — along with help from newly developed technologies — today we’re announcing nearly 600 apps have been removed from the Google Play Store and...
Titan Security Keys – now available in Austria, Canada, France, Germany, Italy, Japan, Spain, Switzerland, and the UK
Posted by Christiaan Brand, Product Manager, Google Cloud Security keys provide the strongest protection against phishing attacks. That’s why they are an important feature of the Advanced Protection Program that provides Google’s strongest account protections for users that consider themselves...
How we fought bad apps and malicious developers in 2019
Posted by Andrew Ahn, Product Manager, Google Play + Android App Safety Google Play connects users with great digital experiences to help them be more productive and entertained, as well as providing app developers with tools to...
Protecting users from insecure downloads in Google Chrome
Posted by Joe DeBlasio, Chrome security team Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, we’ll start blocking "mixed content downloads" (non-HTTPS downloads started...
Say hello to OpenSK: a fully open-source security key implementation
Posted by Elie Bursztein, Security & Anti-abuse Research Lead, and Jean-Michel Picod, Software Engineer, Google Today, FIDO security keys are reshaping the way online accounts are protected by providing an easy, phishing-resistant form of two-factor authentication (2FA) that is...
Vulnerability Reward Program: 2019 Year in Review
Posted by Natasha Pabrai, Jan Keller, Jessica Lin, Anna Hupa, and Adam Bacchus, Vulnerability Reward Programs at GoogleOur Vulnerability Reward Programs were created to reward researchers for protecting users by telling us about the security bugs they find. Their...
Have an iPhone? Use it to protect your Google Account with the Advanced Protection Program
Posted by Christiaan Brand, Product Manager, Google Cloud and Kaiyu Yan, Software Engineer, GooglePhishing—when an online attacker tries to trick you into giving them your username and password—is one of the most common causes of account compromises. We recently...
Securing open-source: how Google supports the new Kubernetes bug bounty
Posted by Maya Kaczorowski, Product Manager, Container Security and Aaron Small, Product Manager, GKE On-Prem SecurityAt Google, we care deeply about the security of open-source projects, as they’re such a critical part of our infrastructure—and indeed everyone’s. Today, the...
Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
OpenWRT is vulnerable to attacks that execute malicious code
Enlarge (credit: OpenWRT)
For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
Privacy in critical care after telehealth demands jump
As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...
Zoom’s privacy problems are growing as platform explodes in popularity
Enlarge / Zoom's San Jose, Calif., headquarters looks like a lovely place to be socially distanced from. (credit: Smith Collection | Gado | Getty Images)
We have several more weeks, if not several more months, to go in...
FBI warns about Zoom bombing as hijackers take over school and business video conferences
Teleconferences are being disrupted by internet trolls shouting profanity and racist remarks and posting pornographic and hate images.
