Security News

The Asia Pacific Network Information Centre, the internet registry for the region, has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, facing the public internet for three months. During that maintenance effort, a dump from APNIC's Whois SQL database was copied to a Google Cloud storage bucket that Sanjaya said "Was believed to be private".

Google Chrome for iOS now allows you to lock your incognito tabs behind Face ID so other people can't snoop on what sites you are visiting. Google Chrome's incognito mode is commonly used to visit sensitive sites that people do not want to appear in the browser history or for cookies to be saved.

Google is force-installing a Massachusetts COVID-19 tracking app on residents' Android devices without an easy way to uninstall it. For the past few days, users have reported that Google silently installed the Massachusetts 'MassNotify' app on their devices without the ability to open it or find it in the Google Play Store.

Google is force-installing a Massachusetts COVID-19 tracking app on residents' Android devices without an easy way to uninstall it. For the past few days, users have reported that Google silently installed the Massachusetts 'MassNotify' app on their devices without the ability to open it or find it in the Google Play Store.

Google is force-installing a Massachusetts COVID-19 tracking app on residents' Android devices without an easy way to uninstall it. For the past few days, users have reported that Google silently installed the Massachusetts 'MassNotify' app on their devices without the ability to open it or find it in the Google Play Store.

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts", the end-to-end framework aims to secure the software development and deployment pipeline - i.e., the source build publish workflow - and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain.

Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform. SLSA - short for Supply chain Levels for Software Artifacts and pronounced "Salsa" for those inclined to add convenience vowels - aspires to provide security guidance and programmatic assurance to help defend the software build and deployment process.

Google's ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn't going away anytime soon. For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.

Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild. Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome'.

The U.S. tech giant this week unveiled SLSA, a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain. "The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats. With SLSA, consumers can make informed choices about the security posture of the software they consume."