Google today patched more than three-dozen critical vulnerabilities in Qualcomm components embedded in the Android operating system, all of them allowing attackers to gain a foothold on devices to launch further attacks. The Qualcomm-related patches are among dozens in the monthly Android Security Bulletin, which marks its first anniversary this week after its maiden voyage...

Developers with Android’s Security Team peeled back some of the layers on the mobile operating system this week; describing the lengths Google goes to protect the Linux kernel. In a post to Google’s Security Blog, Jeff Vander Stoep clarified several mitigations slated for inclusion in Nougat, the next stable Android build, and steps they’ve taken...

Niantic, Inc. – the company behind the ubiquitous, can’t-go-10-minutes-without-hearing-about-it Pokémon GO game – said Monday night it wasn’t the company’s intent to request full access permission of its users’ Google accounts. The company, a Google spinoff, was put in the crosshairs over its security, or lack thereof, earlier this week after it was discovered the app had...

The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point out, that remains a struggle...

More than half of the world’s top sites suffer from misconfigured email servers, something that heightens the risk of having spoofed emails sent from their domains, researchers warn. Researchers at Detectify, a Swedish web security firm, recently combed through hundreds of domains and found that many of them suffer from poor email authentication methods. An...

Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services. Making users drink from that pond, however, has been a different story. Simplifying the process of using the second form of authentication, most often a verification code sent to a mobile device,...

Google wrapped up the first year of its Android Security Rewards program this week, a span of time that saw the company pay out just north of half a million dollars to security researchers who helped identify vulnerabilities in the mobile operating system. In all, the company paid 82 researchers a combined $550,000 – an...

Google said that it will initiate on June 16 a gradual deprecation of SSLv3 and RC4 for Gmail IMAP/POP mail clients. Both the crypto protocols cipher are notoriously unsafe and are being phased out in big chunks of the Internet. Google, for its part, had already announced in May that it would no longer support...

Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while Mediaserver has been a mainstay since Google began releasing patches on a...

Google on Wednesday updated the Chrome browser for the third time since the start of May. Chrome 51.0.2704.79 for Windows, Mac, and Linux patched 15 vulnerabilities. It also paid out $14,000 in bounties to prolific bug hunters Mariusz Mlynski ($7,500) and Rob Wu ($6,500). The previous Chrome update on May 27 addressed 42 flaws with...