Article: Exploring Container Security: A Storage Vulnerability Deep Dive - published over 4 years ago.
Content: Posted by Fabricio Voznika and Mauricio Poppe, Google Cloud Kubernetes Security is constantly evolving - keeping pace with enhanced functionality, usability and flexibility while also balancing the security needs of a wide and diverse set of use-cases.Recently, the GKE Security team discovered a high severity vulnerability that allowed workloads to have acce...
Copy Link: http://security.googleblog.com/2021/12/exploring-container-security-storage.html   
Published: 2021 12 02 20:00:00
Received: 2021 12 02 20:23:31
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: ClusterFuzzLite: Continuous fuzzing for all - published over 4 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamIn recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human e...
Copy Link: http://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html   
Published: 2021 11 11 12:00:00
Received: 2021 11 11 12:04:40
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes - published over 4 years ago.
Content: Posted by Eduardo Vela, Google Bug Hunters Team Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique.We are constan...
Copy Link: http://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html   
Published: 2021 11 01 16:30:00
Received: 2021 11 01 17:03:43
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Protecting your device information with Private Set Membership - published over 4 years ago.
Content: Posted by Kevin Yeo and Sarvar Patel, Private Computing Team At Google, keeping you safe online is our top priority, so we continuously build the most advanced privacy-preserving technologies into our products. Over the past few years, we've utilized innovations in cryptographic research to keep your personal information private by design and secure by defau...
Copy Link: http://security.googleblog.com/2021/10/protecting-your-device-information-with.html   
Published: 2021 10 28 17:00:00
Received: 2021 10 28 17:04:52
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Pixel 6: Setting a new standard for mobile security - published over 4 years ago.
Content: Posted by Dave Kleidermacher, Jesse Seed, Brandon Barbello, and Stephan Somogyi, Android, Pixel & Tensor security teams With Pixel 6 and Pixel 6 Pro, we’re launching our most secure Pixel phone yet, with 5 years of security updates and the most layers of hardware security. These new Pixel smartphones take a layered security approach, with innovations spa...
Copy Link: http://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html   
Published: 2021 10 27 17:01:00
Received: 2021 10 27 17:04:10
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Launching a collaborative minimum security baseline - published over 4 years ago.
Content: Posted by Royal Hansen, Vice President, Security According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties. Outsourcing operations to third-party vendors has become a popular business strategy as it allows organizations to save money and increase operational efficiency. W...
Copy Link: http://security.googleblog.com/2021/10/launching-collaborative-minimum.html   
Published: 2021 10 27 14:47:00
Received: 2021 10 27 15:04:19
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Google Protects Your Accounts – Even When You No Longer Use Them - published over 4 years ago.
Content: Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves, because when we are no longer keeping tabs on what’s happening with old accounts, they can become targets for cybercrime.In fact, quite a few recent high-profile breaches ta...
Copy Link: http://security.googleblog.com/2021/10/google-protects-your-accounts-even-when.html   
Published: 2021 10 05 13:00:00
Received: 2021 10 05 13:04:06
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Introducing the Secure Open Source Pilot Program - published over 4 years ago.
Content: Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security TeamOver the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $10 billion commitment to cybersecurity defense including $100 million to support third-party foundations that manage open source securi...
Copy Link: http://security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html   
Published: 2021 10 01 14:22:00
Received: 2021 10 01 15:05:38
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Announcing New Patch Reward Program for Tsunami Security Scanner - published over 4 years ago.
Content: Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management TeamOne year ago, we published the Tsunami security scanner with the goal of detecting high severity, actively exploited vulnerabilities with high confidence. In the last several months, the Tsunami scanner team has been working closely with our vulnerability reward...
Copy Link: http://security.googleblog.com/2021/09/announcing-new-patch-reward-program-for.html   
Published: 2021 09 28 13:00:00
Received: 2021 09 28 13:03:53
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Distroless Builds Are Now SLSA 2 - published over 4 years ago.
Content: Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security TeamA few months ago we announced that we started signing all distroless images with cosign, which allows users to verify that they have the correct image before starting the build process. Signing our images was our first step towards fully securing the distroless supply chain. Since then,...
Copy Link: http://security.googleblog.com/2021/09/distroless-builds-are-now-slsa-2.html   
Published: 2021 09 22 16:00:00
Received: 2021 09 22 16:03:54
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: An update on Memory Safety in Chrome - published over 4 years ago.
Content: Adrian Taylor, Andrew Whalley, Dana Jansens and Nasko Oskov, Chrome security team Security is a cat-and-mouse game. As attackers innovate, browsers always have to mount new defenses to stay ahead, and Chrome has invested in ever-stronger multi-process architecture built on sandboxing and site isolation. Combined with fuzzing, these are still our primary line...
Copy Link: http://security.googleblog.com/2021/09/an-update-on-memory-safety-in-chrome.html   
Published: 2021 09 21 17:00:00
Received: 2021 09 21 17:04:24
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Google Supports Open Source Technology Improvement Fund - published over 4 years ago.
Content: Posted by Kaylin Trychon, Google Open Source Security Team We recently pledged to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. As part of this commitment, we are excited to announce our support of the Open Source Technology Improvement Fund (OSTIF) to improve security of eig...
Copy Link: http://security.googleblog.com/2021/09/google-supports-open-source-technology.html   
Published: 2021 09 15 18:17:00
Received: 2021 09 15 19:03:55
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Introducing Android’s Private Compute Services - published over 4 years ago.
Content: Posted by Suzanne Frey, VP, Product, Android & Play Security and PrivacyWe introduced Android’s Private Compute Core in Android 12 Beta. Today, we're excited to announce a new suite of services that provide a privacy-preserving bridge between Private Compute Core and the cloud. Recap: What is Private Compute Core? Android’s Private Compute Core is an o...
Copy Link: http://security.googleblog.com/2021/09/introducing-androids-private-compute.html   
Published: 2021 09 09 17:00:00
Received: 2021 09 09 18:04:23
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Updates on our continued collaboration with NIST to secure the Software Supply Chain - published over 4 years ago.
Content: Posted by Eric Brewer and Dan LorencYesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply ch...
Copy Link: http://security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html   
Published: 2021 08 26 17:47:00
Received: 2021 08 26 18:06:03
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: AllStar: Continuous Security Policy Enforcement for GitHub Projects - published over 4 years ago.
Content: Posted by Mike Maraya, Google Open Source Security Team As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain attacks against OSS we use and develop. Building on our efforts to improve OSS security with an end-to-end framework (SLSA), metrics (Scorecards), and coordinated vulnerability ...
Copy Link: http://security.googleblog.com/2021/08/allstar-continuous-security-policy.html   
Published: 2021 08 11 12:05:00
Received: 2021 08 11 12:05:08
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Simplifying Titan Security Key options for our users - published over 4 years ago.
Content: Posted by Christiaan Brand, Product Manager, Google CloudToday we are excited to announce some changes to our lineup of Titan Security Keys on the Google Store which provide a simpler experience and make choosing the right security key for you even easier. We will now offer only two types of Titan Security Keys: a USB-A and a USB-C version. Both of these key...
Copy Link: http://security.googleblog.com/2021/08/simplifying-titan-security-key-options.html   
Published: 2021 08 09 16:00:00
Received: 2021 08 09 16:04:45
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Linux Kernel Security Done Right - published over 4 years ago.
Content: Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway, you're not sprayed in the face with oil and gasoline, and you quickly get where you want to go. However, in th...
Copy Link: http://security.googleblog.com/2021/08/linux-kernel-security-done-right.html   
Published: 2021 08 03 16:00:00
Received: 2021 08 03 16:04:52
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: A new chapter for Google’s Vulnerability Reward Program - published over 4 years ago.
Content: Posted by Jan Keller, Technical Program Manager, Google VRP A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an efficient way for us to thank them for helping make Google, our users, and the Internet a safer place. To recap our prog...
Copy Link: http://security.googleblog.com/2021/07/a-new-chapter-for-googles-vulnerability.html   
Published: 2021 07 27 13:00:00
Received: 2021 07 27 13:04:44
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Advancing an inclusive, diverse security industry - published over 4 years ago.
Content: Posted by Sarah Morales, Community Outreach Manager, Security It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve female representation in the cybersecurity industry, Google teamed up with Women in Cybersecurity (WiCyS) and SANS Institute a year ago to establish the Security...
Copy Link: http://security.googleblog.com/2021/07/advancing-inclusive-diverse-security.html   
Published: 2021 07 20 16:20:00
Received: 2021 07 20 17:05:03
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Protecting more with Site Isolation - published over 4 years ago.
Content: Posted by Charlie Reis​ and Alex Moshchuk, Chrome Security TeamChrome's Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from other web sites. On Windows, Mac, Linux, and Chrome OS, Site Isolation protects all web sites from each other, and also ensures they do not share processes with extensions, whi...
Copy Link: http://security.googleblog.com/2021/07/protecting-more-with-site-isolation.html   
Published: 2021 07 20 17:00:00
Received: 2021 07 20 17:05:03
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Verifiable design in modern systems - published over 4 years ago.
Content: Posted by Ryan Hurst, Production Security TeamThe way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software. One of the ways we can do that is by designing software so that you can get cryptogra...
Copy Link: http://security.googleblog.com/2021/07/verifiable-design-in-modern-systems.html   
Published: 2021 07 15 17:18:00
Received: 2021 07 15 18:05:02
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Measuring Security Risks in Open Source Software: Scorecards Launches V2 - published over 4 years ago.
Content: Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security TeamContributors to the Scorecards project, an automated security tool that produces a “risk score” for open source projects, have accomplished a lot since our launch last fall. Today, in collaboration with the Open Source Security Foundation community, we are announcing Sco...
Copy Link: http://security.googleblog.com/2021/07/measuring-security-risks-in-open-source.html   
Published: 2021 07 01 13:00:00
Received: 2021 07 01 13:06:23
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Announcing a unified vulnerability schema for open source - published over 4 years ago.
Content: Posted by Oliver Chang, Google Open Source Security team and Russ Cox, Go team In recent months, Google has launched several efforts to strengthen open-source security on multiple fronts. One important focus is improving how we identify and respond to known security vulnerabilities without doing extensive manual work. It is essential to have a precise common...
Copy Link: http://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html   
Published: 2021 06 24 13:00:00
Received: 2021 06 24 13:05:00
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Get ready for the 2021 Google CTF - published over 4 years ago.
Content: Posted by Kristoffer Janke, Information Security EngineerAre you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF is back!The competition kicks off on Saturday July 17 00:00:01 AM UTC and runs through Sunday July 18 23:59:59 UTC. Teams can register at http://goo.gle/ctf. Just like last year, the top 16 teams will qualify for our Hack...
Copy Link: http://security.googleblog.com/2021/06/get-ready-for-2021-google-ctf.html   
Published: 2021 06 18 13:11:00
Received: 2021 06 18 14:05:12
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Introducing SLSA, an End-to-End Framework for Supply Chain Integrity - published over 4 years ago.
Content: Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development and ...
Copy Link: http://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html   
Published: 2021 06 16 15:36:00
Received: 2021 06 16 16:05:00
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Rust/C++ interop in the Android Platform - published almost 5 years ago.
Content: Posted by Joel Galenson and Matthew Maurer, Android Team One of the main challenges of evaluating Rust for use within the Android platform was ensuring we could provide sufficient interoperability with our existing codebase. If Rust is to meet its goals of improving security, stability, and quality Android-wide, we need to be able to use Rust anywhere in the...
Copy Link: http://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html   
Published: 2021 06 08 17:00:00
Received: 2021 06 08 18:04:39
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Verifiable Supply Chain Metadata for Tekton - published almost 5 years ago.
Content: Posted by Dan Lorenc, Priya Wadhwa, Open Source Security TeamIf you've been paying attention to the news at all lately, you've probably noticed that software supply chain attacks are rapidly becoming a big problem. Whether you're trying to prevent these attacks, responding to an ongoing one or recovering from one, you understand that knowing what is happenin...
Copy Link: http://security.googleblog.com/2021/06/verifiable-supply-chain-metadata-for.html   
Published: 2021 06 08 16:02:00
Received: 2021 06 08 16:04:57
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Vulnerability Reward Program: 2020 Year in Review - published about 5 years ago.
Content: Posted by Anna Hupa, Senior Strategist, Vulnerability Rewards TeamDespite the challenges of this unprecedented year, our vulnerability researchers have achieved more than ever before, partnering with our Vulnerability Reward Programs (VRPs) to protect Google’s users by discovering security and abuse bugs and reporting them to us for remediation. Their dilige...
Copy Link: http://security.googleblog.com/2021/02/vulnerability-reward-program-2020-year.html   
Published: 2021 02 04 18:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Launching OSV - Better vulnerability triage for open source - published about 5 years ago.
Content: Posted by Oliver Chang and Kim Lewandowski, Google Security TeamWe are excited to launch OSV (Open Source Vulnerabilities), our first step towards improving vulnerability triage for developers and consumers of open source software. The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consu...
Copy Link: http://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html   
Published: 2021 02 05 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Mitigating Memory Safety Issues in Open Source Software - published about 5 years ago.
Content: Posted by Dan Lorenc, Infrastructure Security TeamMemory-safety vulnerabilities have dominated the security field for years and often lead to issues that can be exploited to take over entire systems. A recent study found that "~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.” Another analysis on s...
Copy Link: http://security.googleblog.com/2021/02/mitigating-memory-safety-issues-in-open.html   
Published: 2021 02 17 14:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: New Password Checkup Feature Coming to Android - published about 5 years ago.
Content: Posted by Arvind Kumar Sugumar, Software Engineer, Android Team(Note: We’ve updated this post to reflect that the API works by collecting 3.25 bytes of the hashed username)With the proliferation of digital services in our lives, it’s more important than ever to make sure our online information remains safe and secure. Passwords are usually the first line of ...
Copy Link: http://security.googleblog.com/2021/02/new-password-checkup-feature-coming-to.html   
Published: 2021 02 23 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Celebrating the influence and contributions of Black+ Security & Privacy Googlers - published about 5 years ago.
Content: Posted by Royal Hansen, Vice President, SecurityBlack History Month may be coming to a close, but our work to build sustainable equity for Google’s Black+ community, and externally is ongoing. Currently, Black Americans make up less than 12% of information security analysts in the U.S. In an industry that consistently requires new ideas to spark positive cha...
Copy Link: http://security.googleblog.com/2021/02/celebrating-influence-and-contributions.html   
Published: 2021 02 25 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: #ShareTheMicInCyber: Rob Duhart - published about 5 years ago.
Content: Posted by Matt Levine, Director, Risk Management In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a series in support of #ShareTheMicInCyber that aims to elevate and celebrate the Black+ voices in security and privacy we have here at Google.Today, we will hear from Rob Duhart, he leads a cr...
Copy Link: http://security.googleblog.com/2021/03/sharethemicincyber-rob-duhart.html   
Published: 2021 03 01 17:07:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity - published about 5 years ago.
Content: Posted by Kim Lewandowski & Dan Lorenc, Google Open Source Security TeamOne of the fundamental security issues with open source is that it’s difficult to know where the software comes from or how it was built, making it susceptible to supply chain attacks. A few recent examples of this include dependency confusion attack and malicious RubyGems package t...
Copy Link: http://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html   
Published: 2021 03 09 21:14:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Fuzzing Java in OSS-Fuzz - published almost 5 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamOSS-Fuzz, Google’s open source fuzzing service, now supports fuzzing applications written in Java and other Java Virtual Machine (JVM) based languages (e.g. Kotlin, Scala, etc.). Open source projects written in JVM based languages can add their project to OSS-Fuzz by following our documentation.The ...
Copy Link: http://security.googleblog.com/2021/03/fuzzing-java-in-oss-fuzz.html   
Published: 2021 03 10 17:02:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: #ShareTheMicInCyber: Brooke Pearson - published almost 5 years ago.
Content: Posted by Parisa Tabriz, Head of Chrome Product, Engineering and UX In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a profile series that aims to elevate and celebrate the Black+ voices in security and privacy we have here at Google.Brooke Pearson manages the Privacy Sandbox program at Goo...
Copy Link: http://security.googleblog.com/2021/03/sharethemicincyber-brooke-pearson.html   
Published: 2021 03 11 20:23:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Continuing to Raise the Bar for Verifiable Security on Pixel - published almost 5 years ago.
Content: Posted by Eugene Liderman, Android Security and Privacy TeamEvaluating the security of mobile devices is difficult, and a trusted way to validate a company’s claims is through independent, industry certifications. When it comes to smartphones one of the most rigorous end-to-end certifications is the Common Criteria (CC) Mobile Device Fundamentals (MDF) Prote...
Copy Link: http://security.googleblog.com/2021/03/continuing-to-raise-bar-for-verifiable.html   
Published: 2021 03 11 21:02:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: A Spectre proof-of-concept for a Spectre-proof web - published almost 5 years ago.
Content: Posted by Stephen Röttger and Artur Janc, Information Security EngineersThree years ago, Spectre changed the way we think about security boundaries on the web. It quickly became clear that flaws in modern processors undermined the guarantees that web browsers could make about preventing data leaks between applications. As a result, web browser vendors have b...
Copy Link: http://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html   
Published: 2021 03 12 14:59:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Google, HTTPS, and device compatibility - published almost 5 years ago.
Content: Posted by Ryan Hurst, Product Management, Google Trust ServicesEncryption is a fundamental building block when you’re on a mission to organize the world’s information and make it universally accessible with strong security and privacy. This is why a little over four years ago we created Google Trust Services—our publicly trusted Certificate Authority (CA).Th...
Copy Link: http://security.googleblog.com/2021/03/google-https-and-device-compatibility.html   
Published: 2021 03 15 13:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Announcing the winners of the 2020 GCP VRP Prize - published almost 5 years ago.
Content: Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large. In the first iteration of the prize, we awarded $100,000 to th...
Copy Link: http://security.googleblog.com/2021/03/announcing-winners-of-2020-gcp-vrp-prize.html   
Published: 2021 03 17 14:40:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Announcing the Android Ready SE Alliance - published almost 5 years ago.
Content: Posted by Sudhi Herle and Jason Wong, Android Team When the Pixel 3 launched in 2018, it had a new tamper-resistant hardware enclave called Titan M. In addition to being a root-of-trust for Pixel software and firmware, it also enabled tamper-resistant key storage for Android Apps using StrongBox. StrongBox is an implementation of the Keymaster HAL that resid...
Copy Link: http://security.googleblog.com/2021/03/announcing-android-ready-se-alliance.html   
Published: 2021 03 25 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Rust in the Android platform - published almost 5 years ago.
Content: Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness. We invest a great deal of effort and resources into detecting, fixing...
Copy Link: http://security.googleblog.com/2021/04/rust-in-android-platform.html   
Published: 2021 04 06 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Rust in the Linux kernel - published almost 5 years ago.
Content: Posted by Wedson Almeida Filho, Android Team In our previous post, we announced that Android now supports the Rust programming language for developing the OS itself. Related to this, we are also participating in the effort to evaluate the use of Rust as a supported language for developing the Linux kernel. In this post, we discuss some technical aspects of ...
Copy Link: http://security.googleblog.com/2021/04/rust-in-linux-kernel.html   
Published: 2021 04 14 23:27:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: A New Standard for Mobile App Security - published almost 5 years ago.
Content: Posted by Brooke Davis and Eugene Liderman, Android Security and Privacy TeamWith all of the challenges from this past year, users have become increasingly dependent on their mobile devices to create fitness routines, stay connected with loved ones, work remotely, and order things like groceries with ease. According to eMarketer, in 2020 users spent over thr...
Copy Link: http://security.googleblog.com/2021/04/a-new-standard-for-mobile-app-security.html   
Published: 2021 04 15 13:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: How we fought bad apps and developers in 2020 - published almost 5 years ago.
Content: Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google PlayProviding safe experiences to billions of users and millions of Android developers has been one of the highest priorities for Google Play for many years. Last year we introduced new policies, improved our systems, and further optimized our processes to better protect o...
Copy Link: http://security.googleblog.com/2021/04/how-we-fought-bad-apps-and-developers.html   
Published: 2021 04 21 17:01:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome - published almost 5 years ago.
Content: Alex Gough, Engineer, Chrome Platform Security TeamChrome 90 for Windows adopts Hardware-enforced Stack Protection, a mitigation technology to make the exploitation of security bugs more difficult for attackers. This is supported by Windows 20H1 (December Update) or later, running on processors with Control-flow Enforcement Technology (CET) such as Intel 11t...
Copy Link: http://security.googleblog.com/2021/05/enabling-hardware-enforced-stack.html   
Published: 2021 05 04 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Making the Internet more secure one signed container at a time - published almost 5 years ago.
Content: Posted by Priya Wadhwa, Jake Sanders, Google Open Source Security TeamWith over 16 million pulls per month, Google’s `distroless` base images are widely used and depended on by large projects like Kubernetes and Istio. These minimal images don’t include common tools like shells or package managers, making their attack surface (and download size!) smaller tha...
Copy Link: http://security.googleblog.com/2021/05/making-internet-more-secure-one-signed.html   
Published: 2021 05 06 13:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Integrating Rust Into the Android Open Source Project - published almost 5 years ago.
Content: Posted by Ivan Lozano, Android TeamThe Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe alternative for platform native code development. As with any large project, introducing a new language requires careful consideration. For Android, one important area was as...
Copy Link: http://security.googleblog.com/2021/05/integrating-rust-into-android-open.html   
Published: 2021 05 11 17:31:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Introducing Half-Double: New hammering technique for DRAM Rowhammer bug - published almost 5 years ago.
Content: Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double, a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory.Rowhammer is a DRAM vulnerability whereby repeated accesses to one addre...
Copy Link: http://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html   
Published: 2021 05 25 15:59:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Introducing Security By Design - published almost 5 years ago.
Content: Posted by Jon Markoff and Sean Smith, Android Security and Privacy Team Integrating security into your app development lifecycle can save a lot of time, money, and risk. That’s why we’ve launched Security by Design on Google Play Academy to help developers identify, mitigate, and proactively protect against security threats. The Android ecosystem, including ...
Copy Link: http://security.googleblog.com/2021/05/introducing-security-by-design.html   
Published: 2021 05 26 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: New protections for Enhanced Safe Browsing users in Chrome - published almost 5 years ago.
Content: Posted by Badr Salmi, Google Safe Browsing & Varun Khaneja, Chrome Security In 2020 we launched Enhanced Safe Browsing, which you can turn on in your Chrome security settings, with the goal of substantially increasing safety on the web. These improvements are being built on top of existing security mechanisms that already protect billions of devices. Sin...
Copy Link: http://security.googleblog.com/2021/06/new-protections-for-enhanced-safe.html   
Published: 2021 06 03 17:00:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Announcing New Abuse Research Grants Program - published almost 5 years ago.
Content: Posted by Anna Hupa,  Marc Henson, and Martin Straka, Google VRP Team Our Abuse Bug Bounty program has proved tremendously successful in the past three years since its introduction – thanks to our incredibly engaged community of researchers. Their contributions resulted in +1,000 valid bugs, helping us raise the bar in combating product abuse.As a result of ...
Copy Link: http://security.googleblog.com/2021/06/announcing-new-abuse-research-grants.html   
Published: 2021 06 04 13:03:00
Received: 2021 06 06 09:04:48
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security