Latest Google Cyber Alerts

Google Protects Your Accounts – Even When You No Longer Use Them

On October 5, 2021

Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves, because when we are no longer keeping tabs on what’s happening with old accounts, they can become targets for cybercrime.In fact, quite a few recent high-profile breaches targeted inactive accounts. The Colonial Pipeline ransomware attack came through an inactive account that didn’t use multifactor authentiRead more

Introducing the Secure Open Source Pilot Program

On October 1, 2021

Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security TeamOver the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $10 billion commitment to cybersecurity defense including $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. Today, we are excited to announce our sponsorship for the Secure Open Source (SOS) pilot programRead more

Announcing New Patch Reward Program for Tsunami Security Scanner

On September 28, 2021

Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management TeamOne year ago, we published the Tsunami security scanner with the goal of detecting high severity, actively exploited vulnerabilities with high confidence. In the last several months, the Tsunami scanner team has been working closely with our vulnerability rewards program, Bug Hunters, to further improve Tsunami's security detection capabilities.Today, we are announcing a new experimental Patch RewarRead more

Distroless Builds Are Now SLSA 2

On September 22, 2021

Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security TeamA few months ago we announced that we started signing all distroless images with cosign, which allows users to verify that they have the correct image before starting the build process. Signing our images was our first step towards fully securing the distroless supply chain. Since then, we’ve implemented even more accountability in our supply chain and are excited to announce that distroless builds have achieved SLSA 2. SLSRead more

An update on Memory Safety in Chrome

On September 21, 2021

Adrian Taylor, Andrew Whalley, Dana Jansens and Nasko Oskov, Chrome security team Security is a cat-and-mouse game. As attackers innovate, browsers always have to mount new defenses to stay ahead, and Chrome has invested in ever-stronger multi-process architecture built on sandboxing and site isolation. Combined with fuzzing, these are still our primary lines of defense, but they are reaching their limits, and we can no longer solely rely on this strategy to defeat in-the-wild attacks. Last yearRead more

Google Supports Open Source Technology Improvement Fund

On September 15, 2021

Posted by Kaylin Trychon, Google Open Source Security Team We recently pledged to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. As part of this commitment, we are excited to announce our support of the Open Source Technology Improvement Fund (OSTIF) to improve security of eight open-source projects.Google’s support will allow OSTIF to launch the Managed Audit Program (MAP), which will expand in-depth securitRead more

Introducing Android’s Private Compute Services

On September 9, 2021

Posted by Suzanne Frey, VP, Product, Android & Play Security and PrivacyWe introduced Android’s Private Compute Core in Android 12 Beta. Today, we're excited to announce a new suite of services that provide a privacy-preserving bridge between Private Compute Core and the cloud. Recap: What is Private Compute Core? Android’s Private Compute Core is an open source, secure environment that is isolated from the rest of the operating system and apps. With each new Android release we’ll add more pRead more

Updates on our continued collaboration with NIST to secure the Software Supply Chain

On August 26, 2021

Posted by Eric Brewer and Dan LorencYesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security.At Google, we’ve long advocated for securing the software supply chain both through our internal bestRead more

AllStar: Continuous Security Policy Enforcement for GitHub Projects

On August 11, 2021

Posted by Mike Maraya, Google Open Source Security Team As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain attacks against OSS we use and develop. Building on our efforts to improve OSS security with an end-to-end framework (SLSA), metrics (Scorecards), and coordinated vulnerability disclosure (guide), we are excited to announce Allstar. Allstar is a GitHub app that continuously enforces security policy settings thrRead more

Simplifying Titan Security Key options for our users

On August 9, 2021

Posted by Christiaan Brand, Product Manager, Google CloudToday we are excited to announce some changes to our lineup of Titan Security Keys on the Google Store which provide a simpler experience and make choosing the right security key for you even easier. We will now offer only two types of Titan Security Keys: a USB-A and a USB-C version. Both of these keys have Near Field Communication (NFC) functionality, which allows you to use it with most mobile devices by simply tapping it on the back ofRead more