Another Critical Bug Hits LastPass
A few days after LastPass released a fix for some critical security flaws in its extensions for Chrome and Firefox, a researcher has identified a new vulnerability in the browser extension that allows an attacker to get full code execution on a target machine. The details of the new bug are not public yet, but […]
Half of Android Devices Didn’t Get Security Patches in 2016
Google has made several changes to the Android security ecosystem recently, including providing monthly updates and working with manufacturers to get those patches in the hands of users more quickly. But despite those efforts, about 50 percent of Android devices didn’t install a single security update in 2016. One of the issues with Android security […]
Site Hacks Continue to Spike, Google Says
The number of sites hacked last year increased by nearly one third compared to 2015, Google said in a new report, a trend that the company expects will continue in years to come. Google’s crawlers constantly check sites for a number of different properties, including the presence of certain types of content that indicate they’ve […]
Google Roots Out Harmful Chamois Apps From Play Store
Fraudsters and cybercriminals continue to target mobile app stores with garbage apps disguised as benign ones, and Google has just identified a large family of potentially harmful apps in the Play marketplace and banned the apps and some people who were trying to take advantage of the company’s ad system to make money on the apps. […]
Google Steps Up Security on G Suite and Cloud Platform
Google has rolled out several new security features for its G Suite and Google Cloud Platform, including a DLP system that finds and redacts sensitive data, and a service that allows organizations to manage the lifecycle of encryption keys. Users of Google’s hosted apps are reliant on the company for the security and privacy controls, […]
Google Pushes Encrypted Email System Out Into the World
People have been trying to find a replacement for PGP almost since the day it was released, and with limited success. Encrypted email is still difficult to use and painful to implement in most cases, but Google has just released a Chrome plugin designed to address those problems. The new E2EMail extension doesn’t turn a user’s […]
Cloudflare Memory Leak Bug Exposed Private Customer Data
Cloudflare, one of the larger content-delivery networks and DNS providers on the Internet, had a critical bug in one of its services that resulted in sensitive customer data such as cookies, authentication tokens, and encryption keys being leaked and cached by servers around the world. The vulnerability was in an HTML parser that Cloudflare engineers […]
SHA-1 Collision Spells the End for Old Algorithm
Engineers at Google have created the first SHA-1 collision, an achievement that should lay to rest any remaining doubts about the practical security of the hash function. Cryptographers and security researchers have been warning about weaknesses in SHA-1 for several years, saying that modern computing power would soon put a collision within reach. A hash […]
Google Releases Upspin Secure File-Sharing Tool
Google has published a new open-source tool called Upspin that enables users to share files and other content securely across networks without the need for uploading and downloading. Unlike existing systems such as Dropbox or Google Drive, Upspin isn’t really a separate file storage and retrieval service. Instead, Google describes it as a global namespace […]