Monday, September 25, 2023
Home Tags Google Security

Tag: Google Security


Scaling Rust Adoption Through Training

Posted by Martin Geisler, Android team Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits: Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such as...

Capslock: What is your code really capable of?

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection TeamWhen you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that...

Android Goes All-in on Fuzzing

Posted by Jon Bottarini and Hamzeh Zawawy, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over the past few years Android has been focused on improving the effectiveness, scope, and convenience of fuzzing across the organization. This...

AI-Powered Fuzzing: Breaking the Bug Hunting Barrier

Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team Since 2016, OSS-Fuzz has been at the forefront of automated vulnerability discovery for open source projects. Vulnerability discovery is an important part of keeping software supply chains secure, so...

Toward Quantum Resilient Security Keys

Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineerAs part of our effort to deploy quantum resistant cryptography, we are happy to announce the release of the first quantum resilient FIDO2 security key implementation as part of...

Making Chrome more secure by bringing Key Pinning to Android

Posted by David Adrian, Joe DeBlasio and Carlos Joan Rafael Ibarra Lopez, Chrome Security Chrome 106 added support for enforcing key pins on Android by default, bringing Android to parity with Chrome on desktop platforms. But what is key pinning...

Downfall and Zenbleed: Googlers helping secure the ecosystem

Tavis Ormandy, Software Engineer and Daniel Moghimi, Senior Research ScientistFinding and mitigating security vulnerabilities is critical to keeping Internet users safe.  However, the more complex a system becomes, the harder it is to secure—and that is also the case...

Android 14 introduces first-of-its-kind cellular connectivity security features

Posted by Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises. Android 14 introduces support for IT administrators to disable 2G support in...

An update on Chrome Security updates – shipping security fixes to you faster

Posted by Amy Ressler, Chrome Security Team To get security fixes to you faster, starting now in Chrome 116, Chrome is shipping weekly Stable channel updates. Chrome ships a new milestone release every four weeks. In between those major releases, we...

Pixel Binary Transparency: verifiable security for Pixel devices

Jay Hou, Software Engineer, TrustFabric ( Pixel Binary TransparencyWith Android powering billions of devices, we’ve long put security first. There’s the more visible security features you might interact with regularly, like spam and phishing protection, as well as less obvious...

The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022

Maddie Stone, Security Researcher, Threat Analysis Group (TAG)This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit, but...

Supply chain security for Go, Part 3: Shifting left

Julie Qiu, Go Security & Reliability and Jonathan Metzman, Google Open Source Security TeamPreviously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part...

A look at Chrome’s security review culture

Posted by Alex Gough, Chrome Security Team Security reviewers must develop the confidence and skills to make fast, difficult decisions. A simplistic piece of advice to reviewers is “just be confident” but in reality that takes practice and experience. Confidence...

An important step towards secure and interoperable messaging

Posted by Giles Hogben, Privacy Engineering Director Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform. This is why Google is strongly supportive of...

Gmail client-side encryption: A deep dive

Nicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google WorkspaceIn February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets, and Meet.CSE in Gmail was...
Infosecurity Magazine

Researchers Spot Novel “Deadglyph” Backdoor

Malware is linked to UAE-backed spies
Infosecurity Magazine

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident

Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
The Hacker News

New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously...
The Register

T-mobile exposes some customer data – but don’t call it a breach

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief  T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...