February may be the shortest month of the year, but it brings a bumper crop of patches
The post Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws appeared first on WeLiveSecurity
February may be the shortest month of the year, but it brings a bumper crop of patches
The post Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws appeared first on WeLiveSecurity
Posted by Andrew Ahn, Product Manager, Google Play + Android App Safety
[Cross-posted from the Android Developers Blog]
Google Play connects users with great digital experiences to help them be more productive and entertained, as well as providing app developers with tools to reach billions of users around the globe. Such a thriving ecosystem can only be achieved and sustained when trust and safety is one of its key foundations. Over the last few years we’ve made the trust and safety of Google Play a top priority, and have continued our investments and improvements in our abuse detection systems, policies, and teams to fight against bad apps and malicious actors.
In 2019, we continued to strengthen our policies (especially to better protect kids and families), continued to improve our developer approval process, initiated a deeper collaboration with security industry partners through the App Defense Alliance, enhanced our machine learning detection systems analyzing an app’s code, metadata, and user engagement signals for any suspicious content or behaviors, as well as scaling the number and the depth of manual reviews. The combination of these efforts have resulted in a much cleaner Play Store:
In addition we’ve launched a refreshed Google Play Protect experience, our built-in malware protection for Android devices. Google Play Protect scans over 100B apps everyday, providing users with information about potential security issues and actions they can take to keep their devices safe and secure. Last year, Google Play Protect also prevented more than 1.9B malware installs from non-Google Play sources.
While we are proud of what we were able to achieve in partnership with our developer community, we know there is more work to be done. Adversarial bad actors will continue to devise new ways to evade our detection systems and put users in harm’s way for their own gains. Our commitment in building the world’s safest and most helpful app platform will continue in 2020, and we will continue to invest in the key app safety areas mentioned in last year’s blog post:
Our teams of passionate product managers, engineers, policy experts, and operations leaders will continue to work with the developer community to accelerate the pace of innovation, and deliver a safer app store to billions of Android users worldwide.
If you’re looking to become a pro gamer, there are risks you shouldn’t play down
The post Competing in esports: 3 things to watch out for appeared first on WeLiveSecurity
How digital forensics helps bring criminals to justice – Beef up your Facebook privacy – Take a quiz to test your phish-spotting prowess
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction
The post Critical Bluetooth bug leaves Android users open to attack appeared first on WeLiveSecurity
The feature is part of expanded parental controls on the Messenger Kids app aimed at children under 13
The post Facebook now lets parents monitor their children’s chats appeared first on WeLiveSecurity
Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, we’ll start blocking “mixed content downloads” (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start blocking all insecure subresources on secure pages.
Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome.
As a first step, we are focusing on insecure downloads started on secure pages. These cases are especially concerning because Chrome currently gives no indication to the user that their privacy and security are at risk.
Starting in Chrome 82 (to be released April 2020), Chrome will gradually start warning on, and later blocking, these mixed content downloads. File types that pose the most risk to users (e.g., executables) will be impacted first, with subsequent releases covering more file types. This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see.
We plan to roll out restrictions on mixed content downloads on desktop platforms (Windows, macOS, Chrome OS and Linux) first. Our plan for desktop platforms is as follows:
chrome://flags/#treat-unsafe-downloads-as-active-content
. InsecureContentAllowedForUrls
policy by adding a pattern matching the page requesting the download. What is it like to defeat cybercrime? A peek into how computer forensics professionals help bring cybercriminals to justice.
The post How to catch a cybercriminal: Tales from the digital forensics lab appeared first on WeLiveSecurity
A helmet may not be enough to keep you safe(r) while riding an e-scooter
The post Electric scooters vulnerable to remote hacks appeared first on WeLiveSecurity
As Facebook turns 16, we look at how to keep your personal information safe from prying eyes
The post Facebook privacy settings: Protect your data with these tips appeared first on WeLiveSecurity