Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 497

Feed: Google Online Security Blog

Articles recieved 13/04/2022
Article: How to SLSA Part 2 - The Details - published over 2 years ago.
Content: Posted by Tom  Hennen, software engineer, BCID & GOSST In our last post we introduced a fictional example of Squirrel, Oppy, and Acme learning to use SLSA and covered the basics of what their implementations might look like. Today we’ll cover the details: where to store attestations and policies, what policies should check, and how to handle key distribu...
http://security.googleblog.com/2022/04/how-to-slsa-part-2-details.html 
🔥🔥
 
Published: 2022 04 13 16:00:00
Received: 2022 04 13 16:45:52
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
16:45 How to SLSA Part 2 - The Details
🔥🔥
Articles recieved 12/04/2022
Article: Vulnerability Reward Program: 2021 Year in Review - published almost 3 years ago.
Content: Posted by Sarah Jacobus, Vulnerability Rewards Team Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of  vulnerabilities – helping keep our users and the internet safe. Thanks to these incredible researchers, Vulnerability Rewar...
http://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html 
🔥🔥
 
Published: 2022 02 10 17:00:00
Received: 2022 04 12 22:05:57
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: How to SLSA Part 1 - The Basics - published over 2 years ago.
Content: Posted by Tom Hennen, Software Engineer, BCID & GOSST One of the great benefits of SLSA (Supply-chain Levels for Software Artifacts) is its flexibility. As an open source framework designed to improve the integrity of software packages and infrastructure, it is as applicable to small open source projects as to enterprise organizations. But with this flex...
http://security.googleblog.com/2022/04/how-to-slsa-part-1-basics.html 
🔥🔥
 
Published: 2022 04 12 16:00:00
Received: 2022 04 12 16:05:58
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
22:05 Vulnerability Reward Program: 2021 Year in Review
🔥🔥
16:05 How to SLSA Part 1 - The Basics
🔥🔥
Articles recieved 07/04/2022
Article: Improving software supply chain security with tamper-proof builds - published over 2 years ago.
Content: Posted by Asra Ali and Laurent Simon, Google Open Source Security Team (GOSST)Many of the recent high-profile software attacks that have alarmed open-source users globally were consequences of supply chain integrity vulnerabilities: attackers gained control of a build server to use malicious source files, inject malicious artifacts into a compromised build p...
http://security.googleblog.com/2022/04/improving-software-supply-chain.html 
🔥🔥
 
Published: 2022 04 07 13:00:00
Received: 2022 04 07 15:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
15:45 Improving software supply chain security with tamper-proof builds
🔥🔥
Articles recieved 05/04/2022
Article: Find and $eek! Increased rewards for Google Nest & Fitbit devices - published over 2 years ago.
Content: Posted by Medha Jain, Program Manager, Devices & Services Security At Google, we constantly invest in security research to raise the bar for our devices, keeping our users safe and building their trust in our products. In 2021, we published Google Nest security commitments, in which we committed to engage with the research community to examine our produc...
http://security.googleblog.com/2022/04/find-and-eek-increased-rewards-for.html 
🔥🔥
 
Published: 2022 04 05 13:00:00
Received: 2022 04 05 15:05:55
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
15:05 Find and $eek! Increased rewards for Google Nest & Fitbit devices
🔥🔥
Articles recieved 24/03/2022
Article: Simplifying Titan Security Key options for our users - published over 3 years ago.
Content: Posted by Christiaan Brand, Product Manager, Google CloudToday we are excited to announce some changes to our lineup of Titan Security Keys on the Google Store which provide a simpler experience and make choosing the right security key for you even easier. We will now offer only two types of Titan Security Keys: a USB-A and a USB-C version. Both of these key...
http://security.googleblog.com/2021/08/simplifying-titan-security-key-options.html 
🔥🔥
 
Published: 2021 08 09 16:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: AllStar: Continuous Security Policy Enforcement for GitHub Projects - published over 3 years ago.
Content: Posted by Mike Maraya, Google Open Source Security Team As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain attacks against OSS we use and develop. Building on our efforts to improve OSS security with an end-to-end framework (SLSA), metrics (Scorecards), and coordinated vulnerability ...
http://security.googleblog.com/2021/08/allstar-continuous-security-policy.html 
🔥🔥
 
Published: 2021 08 11 12:05:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Updates on our continued collaboration with NIST to secure the Software Supply Chain - published about 3 years ago.
Content: Posted by Eric Brewer and Dan LorencYesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply ch...
http://security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html 
🔥🔥
 
Published: 2021 08 26 17:47:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Introducing Android’s Private Compute Services - published about 3 years ago.
Content: Posted by Suzanne Frey, VP, Product, Android & Play Security and PrivacyWe introduced Android’s Private Compute Core in Android 12 Beta. Today, we're excited to announce a new suite of services that provide a privacy-preserving bridge between Private Compute Core and the cloud. Recap: What is Private Compute Core? Android’s Private Compute Core is an o...
http://security.googleblog.com/2021/09/introducing-androids-private-compute.html 
🔥🔥
 
Published: 2021 09 09 17:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Google Supports Open Source Technology Improvement Fund - published about 3 years ago.
Content: Posted by Kaylin Trychon, Google Open Source Security Team We recently pledged to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. As part of this commitment, we are excited to announce our support of the Open Source Technology Improvement Fund (OSTIF) to improve security of eig...
http://security.googleblog.com/2021/09/google-supports-open-source-technology.html 
🔥🔥
 
Published: 2021 09 15 18:17:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: An update on Memory Safety in Chrome - published about 3 years ago.
Content: Adrian Taylor, Andrew Whalley, Dana Jansens and Nasko Oskov, Chrome security team Security is a cat-and-mouse game. As attackers innovate, browsers always have to mount new defenses to stay ahead, and Chrome has invested in ever-stronger multi-process architecture built on sandboxing and site isolation. Combined with fuzzing, these are still our primary line...
http://security.googleblog.com/2021/09/an-update-on-memory-safety-in-chrome.html 
🔥🔥
 
Published: 2021 09 21 17:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Distroless Builds Are Now SLSA 2 - published about 3 years ago.
Content: Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security TeamA few months ago we announced that we started signing all distroless images with cosign, which allows users to verify that they have the correct image before starting the build process. Signing our images was our first step towards fully securing the distroless supply chain. Since then,...
http://security.googleblog.com/2021/09/distroless-builds-are-now-slsa-2.html 
🔥🔥
 
Published: 2021 09 22 16:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Announcing New Patch Reward Program for Tsunami Security Scanner - published about 3 years ago.
Content: Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management TeamOne year ago, we published the Tsunami security scanner with the goal of detecting high severity, actively exploited vulnerabilities with high confidence. In the last several months, the Tsunami scanner team has been working closely with our vulnerability reward...
http://security.googleblog.com/2021/09/announcing-new-patch-reward-program-for.html 
🔥🔥
 
Published: 2021 09 28 13:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Introducing the Secure Open Source Pilot Program - published about 3 years ago.
Content: Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security TeamOver the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $10 billion commitment to cybersecurity defense including $100 million to support third-party foundations that manage open source securi...
http://security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html 
🔥🔥
 
Published: 2021 10 01 14:22:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Google Protects Your Accounts – Even When You No Longer Use Them - published about 3 years ago.
Content: Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves, because when we are no longer keeping tabs on what’s happening with old accounts, they can become targets for cybercrime.In fact, quite a few recent high-profile breaches ta...
http://security.googleblog.com/2021/10/google-protects-your-accounts-even-when.html 
🔥🔥
 
Published: 2021 10 05 13:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Launching a collaborative minimum security baseline - published about 3 years ago.
Content: Posted by Royal Hansen, Vice President, Security According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties. Outsourcing operations to third-party vendors has become a popular business strategy as it allows organizations to save money and increase operational efficiency. W...
http://security.googleblog.com/2021/10/launching-collaborative-minimum.html 
🔥🔥
 
Published: 2021 10 27 14:47:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Pixel 6: Setting a new standard for mobile security - published about 3 years ago.
Content: Posted by Dave Kleidermacher, Jesse Seed, Brandon Barbello, and Stephan Somogyi, Android, Pixel & Tensor security teams With Pixel 6 and Pixel 6 Pro, we’re launching our most secure Pixel phone yet, with 5 years of security updates and the most layers of hardware security. These new Pixel smartphones take a layered security approach, with innovations spa...
http://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html 
🔥🔥
 
Published: 2021 10 27 17:01:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Protecting your device information with Private Set Membership - published about 3 years ago.
Content: Posted by Kevin Yeo and Sarvar Patel, Private Computing Team At Google, keeping you safe online is our top priority, so we continuously build the most advanced privacy-preserving technologies into our products. Over the past few years, we've utilized innovations in cryptographic research to keep your personal information private by design and secure by defau...
http://security.googleblog.com/2021/10/protecting-your-device-information-with.html 
🔥🔥
 
Published: 2021 10 28 17:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes - published about 3 years ago.
Content: Posted by Eduardo Vela, Google Bug Hunters Team Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique.We are constan...
http://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html 
🔥🔥
 
Published: 2021 11 01 16:30:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: ClusterFuzzLite: Continuous fuzzing for all - published about 3 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamIn recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human e...
http://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html 
🔥🔥
 
Published: 2021 11 11 12:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Exploring Container Security: A Storage Vulnerability Deep Dive - published almost 3 years ago.
Content: Posted by Fabricio Voznika and Mauricio Poppe, Google Cloud Kubernetes Security is constantly evolving - keeping pace with enhanced functionality, usability and flexibility while also balancing the security needs of a wide and diverse set of use-cases.Recently, the GKE Security team discovered a high severity vulnerability that allowed workloads to have acce...
http://security.googleblog.com/2021/12/exploring-container-security-storage.html 
🔥🔥
 
Published: 2021 12 02 20:00:00
Received: 2022 03 24 22:45:49
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Empowering the next generation of Android Application Security Researchers - published almost 3 years ago.
Content: Posted by Jon Bottarini, Security Program Manager & Lena Katib, Strategic Partnerships ManagerThe external security researcher community plays an integral role in making the Google Play ecosystem safe and secure. Through this partnership with the community, Google has been able to collaborate with third-party developers to fix thousands of security issue...
http://security.googleblog.com/2021/12/empowering-next-generation-of-android.html 
🔥🔥
 
Published: 2021 12 14 18:00:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Improving OSS-Fuzz and Jazzer to catch Log4Shell - published almost 3 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamThe discovery of the Log4Shell vulnerability has set the internet on fire. Similar to shellshock and heartbleed, Log4Shell is just the latest catastrophic vulnerability in software that runs the internet. Our mission as the Google Open Source Security Team is to secure the open source libraries the ...
http://security.googleblog.com/2021/12/improving-oss-fuzz-and-jazzer-to-catch.html 
🔥🔥
 
Published: 2021 12 16 22:04:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Understanding the Impact of Apache Log4j Vulnerability - published almost 3 years ago.
Content: Posted by James Wetter and Nicky Ringland, Open Source Insights Team Editors Note:The below numbers were calculated based on both log4j-core and log4j-api, as both were listed on the CVE. Since then, the CVE has been updated with the clarification that only log4j-core is affected.The ecosystem impact numbers for just log4j-core, as of 19th December are over ...
http://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html 
🔥🔥
 
Published: 2021 12 17 17:25:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Apache Log4j Vulnerability - published almost 3 years ago.
Content: Like many other companies, we’re closely following the multiple CVEs regarding Apache Log4j 2. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers.We encourage anyone who manages environments containing Log4j 2 to update to the latest version.Based on findings in our ...
http://security.googleblog.com/2021/12/apache-log4j-vulnerability.html 
🔥🔥
 
Published: 2021 12 18 02:08:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4 - published almost 3 years ago.
Content: Posted by Laurent Simon and Azeem Shaikh, Google Open Source Security Team (GOSST) Since our July announcement of Scorecards V2, the Scorecards project—an automated security tool to flag risky supply chain practices in open source projects—has grown steadily to over 40 unique contributors and 18 implemented security checks. Today we are proud to announce the...
http://security.googleblog.com/2022/01/reducing-security-risks-in-open-source.html 
🔥🔥
 
Published: 2022 01 19 15:00:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Vulnerability Reward Program: 2021 Year in Review - published almost 3 years ago.
Content: Posted by Sarah Jacobus, Vulnerability Rewards Team Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of  vulnerabilities – helping keep our users and the internet safe. Thanks to these incredible researchers, Vulnerability Rewar...
http://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html 
🔥🔥
 
Published: 2022 02 10 17:00:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: 🌹 Roses are red, Violets are blue 💙 Giving leets 🧑‍💻 more sweets 🍭 All of 2022! - published almost 3 years ago.
Content: Posted by Eduardo Vela, Vulnerability Matchmaker Until December 31 2022 we will pay 20,000 to 91,337 USD for exploits of vulnerabilities in the Linux Kernel, Kubernetes, GKE or kCTF that are exploitable on our test lab.We launched an expansion of kCTF VRP on November 1, 2021 in which we paid 31,337 to 50,337 USD to those that are able to compromise our kCTF ...
http://security.googleblog.com/2022/02/roses-are-red-violets-are-blue-giving.html 
🔥🔥
 
Published: 2022 02 14 17:07:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Mitigating kernel risks on 32-bit ARM - published over 2 years ago.
Content: Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation.Now 20+ years lat...
http://security.googleblog.com/2022/02/mitigating-kernel-risks-on-32-bit-arm.html 
🔥🔥
 
Published: 2022 02 23 17:00:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: What's up with in-the-wild exploits? Plus, what we're doing about it. - published over 2 years ago.
Content: Posted by Adrian Taylor, Chrome Security TeamIf you are a regular reader of our Chrome release blog, you may have noticed that phrases like 'exploit for CVE-1234-567 exists in the wild' have been appearing more often recently. In this post we'll explore why there seems to be such an increase in exploits, and clarify some misconceptions in the process. We'll ...
http://security.googleblog.com/2022/03/whats-up-with-in-wild-exploits-plus.html 
🔥🔥
 
Published: 2022 03 10 18:33:00
Received: 2022 03 24 22:45:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
22:45 Simplifying Titan Security Key options for our users
🔥🔥
22:45 AllStar: Continuous Security Policy Enforcement for GitHub Projects
🔥🔥
22:45 Updates on our continued collaboration with NIST to secure the Software Supply Chain
🔥🔥
22:45 Introducing Android’s Private Compute Services
🔥🔥
22:45 Google Supports Open Source Technology Improvement Fund
🔥🔥
22:45 An update on Memory Safety in Chrome
🔥🔥
22:45 Distroless Builds Are Now SLSA 2
🔥🔥
22:45 Announcing New Patch Reward Program for Tsunami Security Scanner
🔥🔥
22:45 Introducing the Secure Open Source Pilot Program
🔥🔥
22:45 Google Protects Your Accounts – Even When You No Longer Use Them
🔥🔥
22:45 Launching a collaborative minimum security baseline
🔥🔥
22:45 Pixel 6: Setting a new standard for mobile security
🔥🔥
22:45 Protecting your device information with Private Set Membership
🔥🔥
22:45 Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes
🔥🔥
22:45 ClusterFuzzLite: Continuous fuzzing for all
🔥🔥
22:45 Exploring Container Security: A Storage Vulnerability Deep Dive
🔥🔥
22:45 Empowering the next generation of Android Application Security Researchers
🔥🔥
22:45 Improving OSS-Fuzz and Jazzer to catch Log4Shell
🔥🔥
22:45 Understanding the Impact of Apache Log4j Vulnerability
🔥🔥
22:45 Apache Log4j Vulnerability
🔥🔥
22:45 Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4
🔥🔥
22:45 Vulnerability Reward Program: 2021 Year in Review
🔥🔥
22:45 🌹 Roses are red, Violets are blue 💙 Giving leets 🧑‍💻 more sweets 🍭 All of 2022!
🔥🔥
22:45 Mitigating kernel risks on 32-bit ARM
🔥🔥
22:45 What's up with in-the-wild exploits? Plus, what we're doing about it.
🔥🔥
Articles recieved 23/02/2022
Article: Mitigating kernel risks on 32-bit ARM - published over 2 years ago.
Content: Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation.Now 20+ years lat...
http://security.googleblog.com/2022/02/mitigating-kernel-risks-on-32-bit-arm.html 
🔥🔥
 
Published: 2022 02 23 17:00:00
Received: 2022 02 23 19:25:56
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
19:25 Mitigating kernel risks on 32-bit ARM
🔥🔥
Articles recieved 14/02/2022
Article: 🌹 Roses are red, Violets are blue 💙 Giving leets 🧑‍💻 more sweets 🍭 All of 2022! - published almost 3 years ago.
Content: Posted by Eduardo Vela, Vulnerability Matchmaker Until December 31 2022 we will pay 20,000 to 91,337 USD for exploits of vulnerabilities in the Linux Kernel, Kubernetes, GKE or kCTF that are exploitable on our test lab.We launched an expansion of kCTF VRP on November 1, 2021 in which we paid 31,337 to 50,337 USD to those that are able to compromise our kCTF ...
http://security.googleblog.com/2022/02/roses-are-red-violets-are-blue-giving.html 
🔥🔥
 
Published: 2022 02 14 17:07:00
Received: 2022 02 14 17:26:13
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
17:26 🌹 Roses are red, Violets are blue 💙 Giving leets 🧑‍💻 more sweets 🍭 All of 2022!
🔥🔥
Articles recieved 10/02/2022
Article: Vulnerability Reward Program: 2021 Year in Review - published almost 3 years ago.
Content: Posted by Sarah Jacobus, Vulnerability Rewards Team Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of  vulnerabilities – helping keep our users and the internet safe. Thanks to these incredible researchers, Vulnerability Rewar...
http://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html 
🔥🔥
 
Published: 2022 02 10 17:00:00
Received: 2022 02 10 18:25:54
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
18:25 Vulnerability Reward Program: 2021 Year in Review
🔥🔥
Articles recieved 19/01/2022
Article: Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4 - published almost 3 years ago.
Content: Posted by Laurent Simon and Azeem Shaikh, Google Open Source Security Team (GOSST) Since our July announcement of Scorecards V2, the Scorecards project—an automated security tool to flag risky supply chain practices in open source projects—has grown steadily to over 40 unique contributors and 18 implemented security checks. Today we are proud to announce the...
http://security.googleblog.com/2022/01/reducing-security-risks-in-open-source.html 
🔥🔥
 
Published: 2022 01 19 15:00:00
Received: 2022 01 19 15:21:47
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
15:21 Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4
🔥🔥
Articles recieved 18/12/2021
Article: Apache Log4j Vulnerability - published almost 3 years ago.
Content: Like many other companies, we’re closely following the multiple CVEs regarding Apache Log4j 2. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers.We encourage anyone who manages environments containing Log4j 2 to update to the latest version.Based on findings in our ...
http://security.googleblog.com/2021/12/apache-log4j-vulnerability.html 
🔥🔥
 
Published: 2021 12 18 02:08:00
Received: 2021 12 18 02:23:44
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
02:23 Apache Log4j Vulnerability
🔥🔥
Articles recieved 17/12/2021
Article: Understanding the Impact of Apache Log4j Vulnerability - published almost 3 years ago.
Content: Posted by James Wetter and Nicky Ringland, Open Source Insights Team Editors Note:The below numbers were calculated based on both log4j-core and log4j-api, as both were listed on the CVE. Since then, the CVE has been updated with the clarification that only log4j-core is affected.The ecosystem impact numbers for just log4j-core, as of 19th December are over ...
http://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html 
🔥🔥
 
Published: 2021 12 17 17:25:00
Received: 2021 12 17 17:43:31
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
17:43 Understanding the Impact of Apache Log4j Vulnerability
🔥🔥
Articles recieved 16/12/2021
Article: Improving OSS-Fuzz and Jazzer to catch Log4Shell - published almost 3 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamThe discovery of the Log4Shell vulnerability has set the internet on fire. Similar to shellshock and heartbleed, Log4Shell is just the latest catastrophic vulnerability in software that runs the internet. Our mission as the Google Open Source Security Team is to secure the open source libraries the ...
http://security.googleblog.com/2021/12/improving-oss-fuzz-and-jazzer-to-catch.html 
🔥🔥
 
Published: 2021 12 16 22:04:00
Received: 2021 12 16 22:23:35
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
22:23 Improving OSS-Fuzz and Jazzer to catch Log4Shell
🔥🔥
Articles recieved 14/12/2021
Article: Empowering the next generation of Android Application Security Researchers - published almost 3 years ago.
Content: Posted by Jon Bottarini, Security Program Manager & Lena Katib, Strategic Partnerships ManagerThe external security researcher community plays an integral role in making the Google Play ecosystem safe and secure. Through this partnership with the community, Google has been able to collaborate with third-party developers to fix thousands of security issue...
http://security.googleblog.com/2021/12/empowering-next-generation-of-android.html 
🔥🔥
 
Published: 2021 12 14 18:00:00
Received: 2021 12 14 18:03:43
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
18:03 Empowering the next generation of Android Application Security Researchers
🔥🔥
Articles recieved 02/12/2021
Article: Exploring Container Security: A Storage Vulnerability Deep Dive - published almost 3 years ago.
Content: Posted by Fabricio Voznika and Mauricio Poppe, Google Cloud Kubernetes Security is constantly evolving - keeping pace with enhanced functionality, usability and flexibility while also balancing the security needs of a wide and diverse set of use-cases.Recently, the GKE Security team discovered a high severity vulnerability that allowed workloads to have acce...
http://security.googleblog.com/2021/12/exploring-container-security-storage.html 
🔥🔥
 
Published: 2021 12 02 20:00:00
Received: 2021 12 02 20:23:31
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
20:23 Exploring Container Security: A Storage Vulnerability Deep Dive
🔥🔥
Articles recieved 11/11/2021
Article: ClusterFuzzLite: Continuous fuzzing for all - published about 3 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamIn recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human e...
http://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html 
🔥🔥
 
Published: 2021 11 11 12:00:00
Received: 2021 11 11 12:04:40
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
12:04 ClusterFuzzLite: Continuous fuzzing for all
🔥🔥
Articles recieved 01/11/2021
Article: Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes - published about 3 years ago.
Content: Posted by Eduardo Vela, Google Bug Hunters Team Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique.We are constan...
http://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html 
🔥🔥
 
Published: 2021 11 01 16:30:00
Received: 2021 11 01 17:03:43
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
17:03 Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes
🔥🔥
Articles recieved 28/10/2021
Article: Protecting your device information with Private Set Membership - published about 3 years ago.
Content: Posted by Kevin Yeo and Sarvar Patel, Private Computing Team At Google, keeping you safe online is our top priority, so we continuously build the most advanced privacy-preserving technologies into our products. Over the past few years, we've utilized innovations in cryptographic research to keep your personal information private by design and secure by defau...
http://security.googleblog.com/2021/10/protecting-your-device-information-with.html 
🔥🔥
 
Published: 2021 10 28 17:00:00
Received: 2021 10 28 17:04:52
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
17:04 Protecting your device information with Private Set Membership
🔥🔥
Articles recieved 27/10/2021
Article: Pixel 6: Setting a new standard for mobile security - published about 3 years ago.
Content: Posted by Dave Kleidermacher, Jesse Seed, Brandon Barbello, and Stephan Somogyi, Android, Pixel & Tensor security teams With Pixel 6 and Pixel 6 Pro, we’re launching our most secure Pixel phone yet, with 5 years of security updates and the most layers of hardware security. These new Pixel smartphones take a layered security approach, with innovations spa...
http://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html 
🔥🔥
 
Published: 2021 10 27 17:01:00
Received: 2021 10 27 17:04:10
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Launching a collaborative minimum security baseline - published about 3 years ago.
Content: Posted by Royal Hansen, Vice President, Security According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties. Outsourcing operations to third-party vendors has become a popular business strategy as it allows organizations to save money and increase operational efficiency. W...
http://security.googleblog.com/2021/10/launching-collaborative-minimum.html 
🔥🔥
 
Published: 2021 10 27 14:47:00
Received: 2021 10 27 15:04:19
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
17:04 Pixel 6: Setting a new standard for mobile security
🔥🔥
15:04 Launching a collaborative minimum security baseline
🔥🔥
Articles recieved 05/10/2021
Article: Google Protects Your Accounts – Even When You No Longer Use Them - published about 3 years ago.
Content: Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves, because when we are no longer keeping tabs on what’s happening with old accounts, they can become targets for cybercrime.In fact, quite a few recent high-profile breaches ta...
http://security.googleblog.com/2021/10/google-protects-your-accounts-even-when.html 
🔥🔥
 
Published: 2021 10 05 13:00:00
Received: 2021 10 05 13:04:06
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
13:04 Google Protects Your Accounts – Even When You No Longer Use Them
🔥🔥
Articles recieved 01/10/2021
Article: Introducing the Secure Open Source Pilot Program - published about 3 years ago.
Content: Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security TeamOver the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $10 billion commitment to cybersecurity defense including $100 million to support third-party foundations that manage open source securi...
http://security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html 
🔥🔥
 
Published: 2021 10 01 14:22:00
Received: 2021 10 01 15:05:38
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
15:05 Introducing the Secure Open Source Pilot Program
🔥🔥
Articles recieved 28/09/2021
Article: Announcing New Patch Reward Program for Tsunami Security Scanner - published about 3 years ago.
Content: Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management TeamOne year ago, we published the Tsunami security scanner with the goal of detecting high severity, actively exploited vulnerabilities with high confidence. In the last several months, the Tsunami scanner team has been working closely with our vulnerability reward...
http://security.googleblog.com/2021/09/announcing-new-patch-reward-program-for.html 
🔥🔥
 
Published: 2021 09 28 13:00:00
Received: 2021 09 28 13:03:53
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
13:03 Announcing New Patch Reward Program for Tsunami Security Scanner
🔥🔥
Articles recieved 22/09/2021
Article: Distroless Builds Are Now SLSA 2 - published about 3 years ago.
Content: Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security TeamA few months ago we announced that we started signing all distroless images with cosign, which allows users to verify that they have the correct image before starting the build process. Signing our images was our first step towards fully securing the distroless supply chain. Since then,...
http://security.googleblog.com/2021/09/distroless-builds-are-now-slsa-2.html 
🔥🔥
 
Published: 2021 09 22 16:00:00
Received: 2021 09 22 16:03:54
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
16:03 Distroless Builds Are Now SLSA 2
🔥🔥
Articles recieved 21/09/2021
Article: An update on Memory Safety in Chrome - published about 3 years ago.
Content: Adrian Taylor, Andrew Whalley, Dana Jansens and Nasko Oskov, Chrome security team Security is a cat-and-mouse game. As attackers innovate, browsers always have to mount new defenses to stay ahead, and Chrome has invested in ever-stronger multi-process architecture built on sandboxing and site isolation. Combined with fuzzing, these are still our primary line...
http://security.googleblog.com/2021/09/an-update-on-memory-safety-in-chrome.html 
🔥🔥
 
Published: 2021 09 21 17:00:00
Received: 2021 09 21 17:04:24
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
17:04 An update on Memory Safety in Chrome
🔥🔥
Articles recieved 15/09/2021
Article: Google Supports Open Source Technology Improvement Fund - published about 3 years ago.
Content: Posted by Kaylin Trychon, Google Open Source Security Team We recently pledged to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. As part of this commitment, we are excited to announce our support of the Open Source Technology Improvement Fund (OSTIF) to improve security of eig...
http://security.googleblog.com/2021/09/google-supports-open-source-technology.html 
🔥🔥
 
Published: 2021 09 15 18:17:00
Received: 2021 09 15 19:03:55
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
19:03 Google Supports Open Source Technology Improvement Fund
🔥🔥
Articles recieved 09/09/2021
Article: Introducing Android’s Private Compute Services - published about 3 years ago.
Content: Posted by Suzanne Frey, VP, Product, Android & Play Security and PrivacyWe introduced Android’s Private Compute Core in Android 12 Beta. Today, we're excited to announce a new suite of services that provide a privacy-preserving bridge between Private Compute Core and the cloud. Recap: What is Private Compute Core? Android’s Private Compute Core is an o...
http://security.googleblog.com/2021/09/introducing-androids-private-compute.html 
🔥🔥
 
Published: 2021 09 09 17:00:00
Received: 2021 09 09 18:04:23
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
18:04 Introducing Android’s Private Compute Services
🔥🔥
Articles recieved 26/08/2021
Article: Updates on our continued collaboration with NIST to secure the Software Supply Chain - published about 3 years ago.
Content: Posted by Eric Brewer and Dan LorencYesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply ch...
http://security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html 
🔥🔥
 
Published: 2021 08 26 17:47:00
Received: 2021 08 26 18:06:03
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
18:06 Updates on our continued collaboration with NIST to secure the Software Supply Chain
🔥🔥
Articles recieved 11/08/2021
Article: AllStar: Continuous Security Policy Enforcement for GitHub Projects - published over 3 years ago.
Content: Posted by Mike Maraya, Google Open Source Security Team As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain attacks against OSS we use and develop. Building on our efforts to improve OSS security with an end-to-end framework (SLSA), metrics (Scorecards), and coordinated vulnerability ...
http://security.googleblog.com/2021/08/allstar-continuous-security-policy.html 
🔥🔥
 
Published: 2021 08 11 12:05:00
Received: 2021 08 11 12:05:08
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
12:05 AllStar: Continuous Security Policy Enforcement for GitHub Projects
🔥🔥
Articles recieved 09/08/2021
Article: Simplifying Titan Security Key options for our users - published over 3 years ago.
Content: Posted by Christiaan Brand, Product Manager, Google CloudToday we are excited to announce some changes to our lineup of Titan Security Keys on the Google Store which provide a simpler experience and make choosing the right security key for you even easier. We will now offer only two types of Titan Security Keys: a USB-A and a USB-C version. Both of these key...
http://security.googleblog.com/2021/08/simplifying-titan-security-key-options.html 
🔥🔥
 
Published: 2021 08 09 16:00:00
Received: 2021 08 09 16:04:45
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
16:04 Simplifying Titan Security Key options for our users
🔥🔥
Articles recieved 03/08/2021
Article: Linux Kernel Security Done Right - published over 3 years ago.
Content: Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway, you're not sprayed in the face with oil and gasoline, and you quickly get where you want to go. However, in th...
http://security.googleblog.com/2021/08/linux-kernel-security-done-right.html 
🔥🔥
 
Published: 2021 08 03 16:00:00
Received: 2021 08 03 16:04:52
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
16:04 Linux Kernel Security Done Right
🔥🔥
Articles recieved 27/07/2021
Article: A new chapter for Google’s Vulnerability Reward Program - published over 3 years ago.
Content: Posted by Jan Keller, Technical Program Manager, Google VRP A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an efficient way for us to thank them for helping make Google, our users, and the Internet a safer place. To recap our prog...
http://security.googleblog.com/2021/07/a-new-chapter-for-googles-vulnerability.html 
🔥🔥
 
Published: 2021 07 27 13:00:00
Received: 2021 07 27 13:04:44
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
13:04 A new chapter for Google’s Vulnerability Reward Program
🔥🔥
Articles recieved 20/07/2021
Article: Advancing an inclusive, diverse security industry - published over 3 years ago.
Content: Posted by Sarah Morales, Community Outreach Manager, Security It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve female representation in the cybersecurity industry, Google teamed up with Women in Cybersecurity (WiCyS) and SANS Institute a year ago to establish the Security...
http://security.googleblog.com/2021/07/advancing-inclusive-diverse-security.html 
🔥🔥
 
Published: 2021 07 20 16:20:00
Received: 2021 07 20 17:05:03
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Protecting more with Site Isolation - published over 3 years ago.
Content: Posted by Charlie Reis​ and Alex Moshchuk, Chrome Security TeamChrome's Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from other web sites. On Windows, Mac, Linux, and Chrome OS, Site Isolation protects all web sites from each other, and also ensures they do not share processes with extensions, whi...
http://security.googleblog.com/2021/07/protecting-more-with-site-isolation.html 
🔥🔥
 
Published: 2021 07 20 17:00:00
Received: 2021 07 20 17:05:03
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
17:05 Advancing an inclusive, diverse security industry
🔥🔥
17:05 Protecting more with Site Isolation
🔥🔥
Articles recieved 15/07/2021
Article: Verifiable design in modern systems - published over 3 years ago.
Content: Posted by Ryan Hurst, Production Security TeamThe way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software. One of the ways we can do that is by designing software so that you can get cryptogra...
http://security.googleblog.com/2021/07/verifiable-design-in-modern-systems.html 
🔥🔥
 
Published: 2021 07 15 17:18:00
Received: 2021 07 15 18:05:02
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
18:05 Verifiable design in modern systems
🔥🔥
Articles recieved 01/07/2021
Article: Measuring Security Risks in Open Source Software: Scorecards Launches V2 - published over 3 years ago.
Content: Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security TeamContributors to the Scorecards project, an automated security tool that produces a “risk score” for open source projects, have accomplished a lot since our launch last fall. Today, in collaboration with the Open Source Security Foundation community, we are announcing Sco...
http://security.googleblog.com/2021/07/measuring-security-risks-in-open-source.html 
🔥🔥
 
Published: 2021 07 01 13:00:00
Received: 2021 07 01 13:06:23
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
13:06 Measuring Security Risks in Open Source Software: Scorecards Launches V2
🔥🔥
Articles recieved 24/06/2021
Article: Announcing a unified vulnerability schema for open source - published over 3 years ago.
Content: Posted by Oliver Chang, Google Open Source Security team and Russ Cox, Go team In recent months, Google has launched several efforts to strengthen open-source security on multiple fronts. One important focus is improving how we identify and respond to known security vulnerabilities without doing extensive manual work. It is essential to have a precise common...
http://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html 
🔥🔥
 
Published: 2021 06 24 13:00:00
Received: 2021 06 24 13:05:00
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
13:05 Announcing a unified vulnerability schema for open source
🔥🔥
Articles recieved 18/06/2021
Article: Get ready for the 2021 Google CTF - published over 3 years ago.
Content: Posted by Kristoffer Janke, Information Security EngineerAre you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF is back!The competition kicks off on Saturday July 17 00:00:01 AM UTC and runs through Sunday July 18 23:59:59 UTC. Teams can register at http://goo.gle/ctf. Just like last year, the top 16 teams will qualify for our Hack...
http://security.googleblog.com/2021/06/get-ready-for-2021-google-ctf.html 
🔥🔥
 
Published: 2021 06 18 13:11:00
Received: 2021 06 18 14:05:12
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
14:05 Get ready for the 2021 Google CTF
🔥🔥
Articles recieved 16/06/2021
Article: Introducing SLSA, an End-to-End Framework for Supply Chain Integrity - published over 3 years ago.
Content: Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development and ...
http://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html 
🔥🔥
 
Published: 2021 06 16 15:36:00
Received: 2021 06 16 16:05:00
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
16:05 Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
🔥🔥
Articles recieved 08/06/2021
Article: Rust/C++ interop in the Android Platform - published over 3 years ago.
Content: Posted by Joel Galenson and Matthew Maurer, Android Team One of the main challenges of evaluating Rust for use within the Android platform was ensuring we could provide sufficient interoperability with our existing codebase. If Rust is to meet its goals of improving security, stability, and quality Android-wide, we need to be able to use Rust anywhere in the...
http://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html 
🔥🔥
 
Published: 2021 06 08 17:00:00
Received: 2021 06 08 18:04:39
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Verifiable Supply Chain Metadata for Tekton - published over 3 years ago.
Content: Posted by Dan Lorenc, Priya Wadhwa, Open Source Security TeamIf you've been paying attention to the news at all lately, you've probably noticed that software supply chain attacks are rapidly becoming a big problem. Whether you're trying to prevent these attacks, responding to an ongoing one or recovering from one, you understand that knowing what is happenin...
http://security.googleblog.com/2021/06/verifiable-supply-chain-metadata-for.html 
🔥🔥
 
Published: 2021 06 08 16:02:00
Received: 2021 06 08 16:04:57
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
18:04 Rust/C++ interop in the Android Platform
🔥🔥
16:04 Verifiable Supply Chain Metadata for Tekton
🔥🔥
Articles recieved 06/06/2021
Article: Vulnerability Reward Program: 2020 Year in Review - published almost 4 years ago.
Content: Posted by Anna Hupa, Senior Strategist, Vulnerability Rewards TeamDespite the challenges of this unprecedented year, our vulnerability researchers have achieved more than ever before, partnering with our Vulnerability Reward Programs (VRPs) to protect Google’s users by discovering security and abuse bugs and reporting them to us for remediation. Their dilige...
http://security.googleblog.com/2021/02/vulnerability-reward-program-2020-year.html 
🔥🔥
 
Published: 2021 02 04 18:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Launching OSV - Better vulnerability triage for open source - published almost 4 years ago.
Content: Posted by Oliver Chang and Kim Lewandowski, Google Security TeamWe are excited to launch OSV (Open Source Vulnerabilities), our first step towards improving vulnerability triage for developers and consumers of open source software. The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consu...
http://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html 
🔥🔥
 
Published: 2021 02 05 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Mitigating Memory Safety Issues in Open Source Software - published almost 4 years ago.
Content: Posted by Dan Lorenc, Infrastructure Security TeamMemory-safety vulnerabilities have dominated the security field for years and often lead to issues that can be exploited to take over entire systems. A recent study found that "~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.” Another analysis on s...
http://security.googleblog.com/2021/02/mitigating-memory-safety-issues-in-open.html 
🔥🔥
 
Published: 2021 02 17 14:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: New Password Checkup Feature Coming to Android - published over 3 years ago.
Content: Posted by Arvind Kumar Sugumar, Software Engineer, Android Team(Note: We’ve updated this post to reflect that the API works by collecting 3.25 bytes of the hashed username)With the proliferation of digital services in our lives, it’s more important than ever to make sure our online information remains safe and secure. Passwords are usually the first line of ...
http://security.googleblog.com/2021/02/new-password-checkup-feature-coming-to.html 
🔥🔥
 
Published: 2021 02 23 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Celebrating the influence and contributions of Black+ Security & Privacy Googlers - published over 3 years ago.
Content: Posted by Royal Hansen, Vice President, SecurityBlack History Month may be coming to a close, but our work to build sustainable equity for Google’s Black+ community, and externally is ongoing. Currently, Black Americans make up less than 12% of information security analysts in the U.S. In an industry that consistently requires new ideas to spark positive cha...
http://security.googleblog.com/2021/02/celebrating-influence-and-contributions.html 
🔥🔥
 
Published: 2021 02 25 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: #ShareTheMicInCyber: Rob Duhart - published over 3 years ago.
Content: Posted by Matt Levine, Director, Risk Management In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a series in support of #ShareTheMicInCyber that aims to elevate and celebrate the Black+ voices in security and privacy we have here at Google.Today, we will hear from Rob Duhart, he leads a cr...
http://security.googleblog.com/2021/03/sharethemicincyber-rob-duhart.html 
🔥🔥
 
Published: 2021 03 01 17:07:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity - published over 3 years ago.
Content: Posted by Kim Lewandowski & Dan Lorenc, Google Open Source Security TeamOne of the fundamental security issues with open source is that it’s difficult to know where the software comes from or how it was built, making it susceptible to supply chain attacks. A few recent examples of this include dependency confusion attack and malicious RubyGems package t...
http://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html 
🔥🔥
 
Published: 2021 03 09 21:14:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Fuzzing Java in OSS-Fuzz - published over 3 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamOSS-Fuzz, Google’s open source fuzzing service, now supports fuzzing applications written in Java and other Java Virtual Machine (JVM) based languages (e.g. Kotlin, Scala, etc.). Open source projects written in JVM based languages can add their project to OSS-Fuzz by following our documentation.The ...
http://security.googleblog.com/2021/03/fuzzing-java-in-oss-fuzz.html 
🔥🔥
 
Published: 2021 03 10 17:02:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: #ShareTheMicInCyber: Brooke Pearson - published over 3 years ago.
Content: Posted by Parisa Tabriz, Head of Chrome Product, Engineering and UX In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a profile series that aims to elevate and celebrate the Black+ voices in security and privacy we have here at Google.Brooke Pearson manages the Privacy Sandbox program at Goo...
http://security.googleblog.com/2021/03/sharethemicincyber-brooke-pearson.html 
🔥🔥
 
Published: 2021 03 11 20:23:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Continuing to Raise the Bar for Verifiable Security on Pixel - published over 3 years ago.
Content: Posted by Eugene Liderman, Android Security and Privacy TeamEvaluating the security of mobile devices is difficult, and a trusted way to validate a company’s claims is through independent, industry certifications. When it comes to smartphones one of the most rigorous end-to-end certifications is the Common Criteria (CC) Mobile Device Fundamentals (MDF) Prote...
http://security.googleblog.com/2021/03/continuing-to-raise-bar-for-verifiable.html 
🔥🔥
 
Published: 2021 03 11 21:02:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: A Spectre proof-of-concept for a Spectre-proof web - published over 3 years ago.
Content: Posted by Stephen Röttger and Artur Janc, Information Security EngineersThree years ago, Spectre changed the way we think about security boundaries on the web. It quickly became clear that flaws in modern processors undermined the guarantees that web browsers could make about preventing data leaks between applications. As a result, web browser vendors have b...
http://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html 
🔥🔥
 
Published: 2021 03 12 14:59:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Google, HTTPS, and device compatibility - published over 3 years ago.
Content: Posted by Ryan Hurst, Product Management, Google Trust ServicesEncryption is a fundamental building block when you’re on a mission to organize the world’s information and make it universally accessible with strong security and privacy. This is why a little over four years ago we created Google Trust Services—our publicly trusted Certificate Authority (CA).Th...
http://security.googleblog.com/2021/03/google-https-and-device-compatibility.html 
🔥🔥
 
Published: 2021 03 15 13:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Announcing the winners of the 2020 GCP VRP Prize - published over 3 years ago.
Content: Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large. In the first iteration of the prize, we awarded $100,000 to th...
http://security.googleblog.com/2021/03/announcing-winners-of-2020-gcp-vrp-prize.html 
🔥🔥
 
Published: 2021 03 17 14:40:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Announcing the Android Ready SE Alliance - published over 3 years ago.
Content: Posted by Sudhi Herle and Jason Wong, Android Team When the Pixel 3 launched in 2018, it had a new tamper-resistant hardware enclave called Titan M. In addition to being a root-of-trust for Pixel software and firmware, it also enabled tamper-resistant key storage for Android Apps using StrongBox. StrongBox is an implementation of the Keymaster HAL that resid...
http://security.googleblog.com/2021/03/announcing-android-ready-se-alliance.html 
🔥🔥
 
Published: 2021 03 25 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rust in the Android platform - published over 3 years ago.
Content: Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness. We invest a great deal of effort and resources into detecting, fixing...
http://security.googleblog.com/2021/04/rust-in-android-platform.html 
🔥🔥
 
Published: 2021 04 06 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rust in the Linux kernel - published over 3 years ago.
Content: Posted by Wedson Almeida Filho, Android Team In our previous post, we announced that Android now supports the Rust programming language for developing the OS itself. Related to this, we are also participating in the effort to evaluate the use of Rust as a supported language for developing the Linux kernel. In this post, we discuss some technical aspects of ...
http://security.googleblog.com/2021/04/rust-in-linux-kernel.html 
🔥🔥
 
Published: 2021 04 14 23:27:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: A New Standard for Mobile App Security - published over 3 years ago.
Content: Posted by Brooke Davis and Eugene Liderman, Android Security and Privacy TeamWith all of the challenges from this past year, users have become increasingly dependent on their mobile devices to create fitness routines, stay connected with loved ones, work remotely, and order things like groceries with ease. According to eMarketer, in 2020 users spent over thr...
http://security.googleblog.com/2021/04/a-new-standard-for-mobile-app-security.html 
🔥🔥
 
Published: 2021 04 15 13:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: How we fought bad apps and developers in 2020 - published over 3 years ago.
Content: Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google PlayProviding safe experiences to billions of users and millions of Android developers has been one of the highest priorities for Google Play for many years. Last year we introduced new policies, improved our systems, and further optimized our processes to better protect o...
http://security.googleblog.com/2021/04/how-we-fought-bad-apps-and-developers.html 
🔥🔥
 
Published: 2021 04 21 17:01:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome - published over 3 years ago.
Content: Alex Gough, Engineer, Chrome Platform Security TeamChrome 90 for Windows adopts Hardware-enforced Stack Protection, a mitigation technology to make the exploitation of security bugs more difficult for attackers. This is supported by Windows 20H1 (December Update) or later, running on processors with Control-flow Enforcement Technology (CET) such as Intel 11t...
http://security.googleblog.com/2021/05/enabling-hardware-enforced-stack.html 
🔥🔥
 
Published: 2021 05 04 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Making the Internet more secure one signed container at a time - published over 3 years ago.
Content: Posted by Priya Wadhwa, Jake Sanders, Google Open Source Security TeamWith over 16 million pulls per month, Google’s `distroless` base images are widely used and depended on by large projects like Kubernetes and Istio. These minimal images don’t include common tools like shells or package managers, making their attack surface (and download size!) smaller tha...
http://security.googleblog.com/2021/05/making-internet-more-secure-one-signed.html 
🔥🔥
 
Published: 2021 05 06 13:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Integrating Rust Into the Android Open Source Project - published over 3 years ago.
Content: Posted by Ivan Lozano, Android TeamThe Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe alternative for platform native code development. As with any large project, introducing a new language requires careful consideration. For Android, one important area was as...
http://security.googleblog.com/2021/05/integrating-rust-into-android-open.html 
🔥🔥
 
Published: 2021 05 11 17:31:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Introducing Half-Double: New hammering technique for DRAM Rowhammer bug - published over 3 years ago.
Content: Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double, a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory.Rowhammer is a DRAM vulnerability whereby repeated accesses to one addre...
http://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html 
🔥🔥
 
Published: 2021 05 25 15:59:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Introducing Security By Design - published over 3 years ago.
Content: Posted by Jon Markoff and Sean Smith, Android Security and Privacy Team Integrating security into your app development lifecycle can save a lot of time, money, and risk. That’s why we’ve launched Security by Design on Google Play Academy to help developers identify, mitigate, and proactively protect against security threats. The Android ecosystem, including ...
http://security.googleblog.com/2021/05/introducing-security-by-design.html 
🔥🔥
 
Published: 2021 05 26 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: New protections for Enhanced Safe Browsing users in Chrome - published over 3 years ago.
Content: Posted by Badr Salmi, Google Safe Browsing & Varun Khaneja, Chrome Security In 2020 we launched Enhanced Safe Browsing, which you can turn on in your Chrome security settings, with the goal of substantially increasing safety on the web. These improvements are being built on top of existing security mechanisms that already protect billions of devices. Sin...
http://security.googleblog.com/2021/06/new-protections-for-enhanced-safe.html 
🔥🔥
 
Published: 2021 06 03 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Article: Announcing New Abuse Research Grants Program - published over 3 years ago.
Content: Posted by Anna Hupa,  Marc Henson, and Martin Straka, Google VRP Team Our Abuse Bug Bounty program has proved tremendously successful in the past three years since its introduction – thanks to our incredibly engaged community of researchers. Their contributions resulted in +1,000 valid bugs, helping us raise the bar in combating product abuse.As a result of ...
http://security.googleblog.com/2021/06/announcing-new-abuse-research-grants.html 
🔥🔥
 
Published: 2021 06 04 13:03:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
09:04 Vulnerability Reward Program: 2020 Year in Review
🔥🔥
09:04 Launching OSV - Better vulnerability triage for open source
🔥🔥
09:04 Mitigating Memory Safety Issues in Open Source Software
🔥🔥
09:04 New Password Checkup Feature Coming to Android
🔥🔥
09:04 Celebrating the influence and contributions of Black+ Security & Privacy Googlers
🔥🔥
09:04 #ShareTheMicInCyber: Rob Duhart
🔥🔥
09:04 Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity
🔥🔥
09:04 Fuzzing Java in OSS-Fuzz
🔥🔥
09:04 #ShareTheMicInCyber: Brooke Pearson
🔥🔥
09:04 Continuing to Raise the Bar for Verifiable Security on Pixel
🔥🔥
09:04 A Spectre proof-of-concept for a Spectre-proof web
🔥🔥
09:04 Google, HTTPS, and device compatibility
🔥🔥
09:04 Announcing the winners of the 2020 GCP VRP Prize
🔥🔥
09:04 Announcing the Android Ready SE Alliance
🔥🔥
09:04 Rust in the Android platform
🔥🔥
09:04 Rust in the Linux kernel
🔥🔥
09:04 A New Standard for Mobile App Security
🔥🔥
09:04 How we fought bad apps and developers in 2020
🔥🔥
09:04 Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome
🔥🔥
09:04 Making the Internet more secure one signed container at a time
🔥🔥
09:04 Integrating Rust Into the Android Open Source Project
🔥🔥
09:04 Introducing Half-Double: New hammering technique for DRAM Rowhammer bug
🔥🔥
09:04 Introducing Security By Design
🔥🔥
09:04 New protections for Enhanced Safe Browsing users in Chrome
🔥🔥
09:04 Announcing New Abuse Research Grants Program
🔥🔥

Get your Free Scan and Score Certificate

Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate

Get your repeat Free Scan and Score Certificate

Cyber Tzar Score Summary
Cyber Tzar Score Summary

Cyber Security Made Simple

Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained

Cyber Tzar Platform Highlights

Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate

Cyber Tzar Sites

Cyber Tzar Score Analysis
Cyber Tzar Score Analysis

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Cyber Tzar Risk Impact Distribution
Cyber Tzar Risk Impact Distribution
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 497
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor