by Paul Ducklin The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions. Indeed, Pwn2Own is a bug bounty program with . . . Read more
by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more
People who use devices running Android 9 or newer will be alerted if their login credentials have been stolen Google is extending its Password Checkup feature to Android in a bid to help people make their online accounts more secure. Originally introduced as an extension for the Google Chrome web browser two . . . Read more
by Paul Ducklin We delve into Google’s tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW . . . Read more
by Paul Ducklin Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser. In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are . . . Read more
by Paul Ducklin In July 2018, after many years of using Yubico security key products for two-factor authentication (2FA), Google announced that it was entering the market as a competitor with a product of its own, called Google Titan. Security keys of this sort are often known as FIDO keys . . . Read more
Google’s Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.
by Paul Ducklin HTTPS, as you probably know, stands for secure HTTP, and it’s a cryptographic process – a cybersecurity dance, if you like – that your browser performs with a web server when it connects, improving privacy and security by agreeing to encrypt the data that goes back and . . . Read more
Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate. An old attack method dating back to 2017 that uses voice-to-text to bypass CAPTCHA protections turns out to still work on Google’s latest reCAPTCHA v3. That’s according to researcher Nikolai Tschacher, . . . Read more
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.