School closings and more screen time can ultimately put children at an increased risk of being kidnapped by strangers they met online

The post Child abductors may use social media to lure victims, FBI warns appeared first on WeLiveSecurity

You don’t need a degree in cybersecurity or a bottomless budget to do the security basics well – here are five things that will get you on the right track

The post 5 things you can do to secure your home office without hiring an expert appeared first on WeLiveSecurity

The videoconferencing platform is making the feature available to users of both free and paid tiers

The post Zoom to begin rolling out end‑to‑end encryption appeared first on WeLiveSecurity

Some footage has already appeared on adult sites, with cybercriminals offering lifetime access to the entire loot for US$150

The post 50,000 home cameras reportedly hacked, footage posted online appeared first on WeLiveSecurity

Some footage has already appeared on adult sites, with cybercriminals offering lifetime access to the entire loot for US$150

The post 50,000 home cameras reportedly hacked, footage posted online appeared first on WeLiveSecurity

Bad actors have accessed US elections support systems, although there’s no evidence to suggest that election data has been compromised, say FBI and CISA

The post Attackers chain Windows, VPN flaws to target US government agencies appeared first on WeLiveSecurity

Throughout its monitoring, ESET analyzed thousands of malicious samples every month to help this effort

The post ESET takes part in global operation to disrupt Trickbot appeared first on WeLiveSecurity

Open source software is the foundation of many modern software products. Over the years, developers increasingly have relied on reusable open source components for their applications. It is paramount that these open source components are secure and reliable, as weaknesses impact those that build upon it.

Google cares deeply about the security of the open source ecosystem and recently launched the Open Source Security Foundation with other industry partners. Fuzzing is an automated testing technique to find bugs by feeding unexpected inputs to a target program. At Google, we leverage fuzzing at scale to find tens of thousands of security vulnerabilities and stability bugs. This summer, as part of Google’s OSS internship initiative, we hosted 50 interns to improve the state of fuzz testing in the open source ecosystem.

The fuzzing interns worked towards integrating new projects and improving existing ones in OSS-Fuzz, our continuous fuzzing service for the open source community (which has 350+ projects, 22,700 bugs, 89% fixed). Several widely used open source libraries including but not limited to nginx, postgresql, usrsctp, and openexr, now have continuous fuzzing coverage as a result of these efforts.

Another group of interns focused on improving the security of the Linux kernel. syzkaller, a kernel fuzzing tool from Google, has been instrumental in finding kernel vulnerabilities in various operating systems. The interns were tasked with improving the fuzzing coverage by adding new descriptions to syzkaller like ip tunnels, io_uring, and bpf_lsm for example, refining the interface description language, and advancing kernel fault injection capabilities.

Some interns chose to write fuzzers for Android and Chrome, which are open source projects that billions of internet users rely on. For Android, the interns contributed several new fuzzers for uncovered areas – network protocols such as pppd and dns, audio codecs like monoblend, g722, and android framework. On the Chrome side, interns improved existing blackbox fuzzers, particularly in the areas: DOM, IPC, media, extensions, and added new libprotobuf-based fuzzers for Mojo.

Our last set of interns researched quite a few under-explored areas of fuzzing, some of which were fuzzer benchmarking, ML based fuzzing, differential fuzzing, bazel rules for build simplification and made useful contributions.

Over the course of the internship, our interns have reported over 150 security vulnerabilities and 750 functional bugs. Given the overall success of these efforts, we plan to continue hosting fuzzing internships every year to help secure the open source ecosystem and teach incoming open source contributors about the importance of fuzzing. For more information on the Google internship program and other student opportunities, check out careers.google.com/students. We encourage you to apply.

Why deleting your personal data from social media may be impossible – How do you reset your face after a data breach? – The perils of working from a hotel

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Five ethical hackers have earned almost US$300,000 in bug bounty rewards – so far

The post 55 security flaws found in various Apple services appeared first on WeLiveSecurity