Posts

1,000 Vulnerabilities Surpass Apple and Google

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


According to research from Beyond Trust, the total number of vulnerabilities relating to Microsoft products had risen by 48% comparted to 2019. To break the numbers down, I looked to my go-to for vulnerability statistics, Stack Watch.

This is where things get interesting for Microsoft watchers, with the company taking top place, by vendor, with 1,188 published security vulnerabilities in 2020 compared to Google, in second place, on 950. Apple, for the record, came in at number eight with 381 vulnerabilities.

At the time of writing, the 2021 statistics are similar in terms of positioning: Microsoft at number one with 510 vulnerabilities, Google just behind on 507 and Apple down in ninth with 147.

How does Windows 10 compare to Android or iOS in security vulnerability terms?

What if we were to look at product rather than vendor? Would Microsoft fare any better? Erm, no is the answer.

In 2020, Microsoft products took seven of the top ten places by product vulnerability. Windows 10 was top of the tree with 802 vulnerabilities, followed by Windows Server 2016 on 790 and Windows Server 2019 with 743.

The remaining Microsoft top ten products were Windows Server 2012 in at six, Windows 8.1 at seven, Windows RT 8.1 at eight and Windows 7 at ten.

Google, meanwhile, slotted in at number four thanks to 696 Android vulnerabilities. Apple, however, didn’t appear until number 14 with 233 iOS vulnerabilities.

MORE FROM FORBESAmazon Hackers Made $832,135 In Just 10 Days-Here’s How

So far, the 2021 published security vulnerabilities table looks better for Microsoft with Windows 10 dropping to number three on 256, behind Fedora and Debian Linux.

Microsoft still manages to claim six of the top ten spots, though. Google has also dropped down the table to number six with 219 Android vulnerabilities, but Chrome is new in at seven on 172. How is Apple doing so far this year? iOS has dropped to 15 with 111 vulnerabilities, but macOS is in at 14 with 112.

The good news for Microsoft is that it looks like Windows 10 is on track to have fewer published security vulnerabilities than last year. The bad news is that the average Common Vulnerabilities and Exposures…

Source…

Google funds Linux project to fix vulnerabilities and enhance security


Linux

Source: Computerworld

Google, the search engine company and the Android-maker, has recently announced to be backing a project by Linux to make the Operating System harder to hack by fixing its vulnerabilities and enhancing its security. Google mentioned in a report on Thursday that it is funding a project to increase the security of Linux by re-writing the core parts “Kernel” of the Linux Operating System in Rust programming language which is basically a modernization effort to make it harder for the hackers to attack Linux-based devices.

Linux has been around for quite a while, and the Operating System is written on C Programming language which was developed back in 1972, and now with the modern advancements of the 21st century where the hackers have got all the skills and tools required for major hacking, anything written in C programming language can easily be entered into. We can say that time has outgrown Linux’s security, and now, Google will fund the project to modernise Linux and increase its overall security.

Making changes in the Kernel of Linux by replacing the written software with Rust programming language will mark a significant cultural shift in the open-source software project which is a substantial foundation to Google’s Android Operating System and Chrome OS along with other resources on the internet, as mentioned in a report by CNET.

Rust is a programming language developed by Mozilla, the developer of Firefox. The programming language is now run independently by Rust Foundation and it is known to be the most popular programming language for over five years. Rust makes it safer for software developers to write in memory as it continuously checks for hiding malicious problems or viruses in and around the memory area. According to a survey, Rust is considered to be the best alternative to decades-old C and C++ programming languages.

Linux and Google have pitched in Miguel Ojeda, whose written parts of the software used in the Large Hadron Collider particle accelerator, for writing the software for Linux in Rust programming language. As sources suggest, Google is funding the contract and the project which is being extended through the Internet Security…

Source…

Google backs Linux project to make Android, Chrome OS harder to hack

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Google said Thursday it’s funding a project to increase Linux security by writing parts of the operating system’s core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones .



icon: Miguel Ojeda


© Provided by CNET
Miguel Ojeda

If the project succeeds, it’ll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that’s become foundational to Google’s Android and Chrome operating systems as well as vast swaths of the internet. 

Miguel Ojeda, who’s written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that’s also made it easier to secure website communications through the Let’s Encrypt effort.



icon


© Miguel Ojeda


Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.

Loading...

Load Error

Better security for Linux is good news for everyone but hackers. In addition to the Android and Chrome OSes, Google services like YouTube and Gmail all rely on servers running Linux. It also powers Amazon and Facebook, and is a fixture in cloud computing services.

It isn’t clear if Linux kernel leaders will accommodate Rust. Linus Torvalds, the founder of Linux, has said he’s open to change if Rust for Linux champions prove its worth. Ojeda has proposed 13 changes needed to allow Rust modules in Linux to get things started.

Google already has taken some early steps to make it possible to use Rust for Linux Android. Getting buy-in at the highest levels of the Linux kernel project means many other software projects could benefit, too.

Google credits the…

Source…

Google Says Beware ‘Destructive, Financially-Motivated’ Ransomware Threats

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Google has spelled out the emerging threat of ransomware and “best practices” to combat it.

The post — authored by Phil Venables Vice President, Chief Information Security Officer, Google Cloud and Sunil Potti VP/GM, Google Cloud Security — underscores the intractability of ransomware and how the threat is evolving.

Much of the discussion centers on Google products and the authors are quick to point out the benefits of Google Cloud and other Google software and services but, more broadly, it applies to any organization looking to fend off ransomware attacks.

Ransomware, in its basic form, encrypts an organization’s files, effectively locking out an organization from its most valuable data. Ransom is then demanded to unlock the files.

Putting ransomware in perspective: it isn’t novel

“Ransomware…isn’t a novel threat in the world of computer security,” the authors say. “Destructive, financially-motivated” attackers who demand payment to decrypt data and restore access have been around for years, according to Google.

“Today’s reality shows us that these attacks have become more pervasive, impacting essential services like healthcare or pumping gasoline,” Google says.

Email is not your friend

Google reiterates and reemphasizes what every self-respecting cybersecurity expert will tell you.

“Email is at the heart of many ransomware attacks. It can be exploited to phish credentials for illegitimate network access and/or to distribute ransomware binaries directly,” the authors say.

Chromebook as defense

The authors make good points about the security of Chromebooks. And I can attest to this. I own and use Chromebooks and agree that Chrome OS is more secure than Windows or the Mac (which I also use).

“Chromebooks are designed to protect against phishing and ransomware attacks with a low on-device footprint, read-only, constantly invisibly…

Source…