Category: Security News | TechCrunch

It’s the season to go a little overboard on gift giving. But this year, give the gift of good security (and privacy) and eschew tech that can have untoward risks or repercussions. We’re not talking about things that go boom…

Read more →

SimSpace, a startup that creates digital replicas of organizations’ tech and networking stacks for cybersecurity training, has raised $45 million in a funding round led by L2 Point Management. Bringing the company’s total raised to $70 million, the investment comes…

Read more →

2023 proved to be a be a challenging year on the ransomware front after a brief lull in 2022. According to data from cryptocurrency tracing firm Chainalysis, victims had paid ransomware groups well over $400 million combined as of July…

Read more →

An international group of law enforcement agencies have seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action…

Read more →

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers. This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under…

Read more →

VF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme, and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas, one of the biggest retail events of the year. The…

Read more →

Cybercriminals are becoming more aggressive in their effort to maximize disruption and compel the payment of ransom demands, and now there’s a new extortion tactic in play. In early November, the notorious ALPHV ransomware gang, also known as BlackCat, attempted…

Read more →

Hackers stole the sensitive personal information of more than 14.6 million Mr. Cooper customers, the mortgage and loan giant has confirmed. In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of…

Read more →

Database management giant MongoDB says it’s investigating a security incident that has resulted in the exposure of some information about customers. The New York-based MongoDB helps more than 46,000 companies, including Adobe, eBay, Verizon, and the U.K.’s Department for Work…

Read more →

Starting from today, December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours. The regulation represents a significant shake-up for organizations, many of which…

Read more →

Google will soon allow users to store their location data on their devices rather than on Google’s servers, effectively ending a long-running surveillance practice that allowed police and law enforcement to tap Google’s vast banks of location data to identify…

Read more →

Ubiquity, the networking and video surveillance camera maker, has fixed a bug that users say mistakenly allowed them access to the accounts and private live video streams of other customers. Reports first emerged on Reddit that some customers received push…

Read more →

Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday. Ledger, a company that makes a widely used and popular crypto hardware and software wallet, among other products,…

Read more →

Companies are increasingly curious about AI and the ways in which it can be used to (potentially) boost productivity. But they’re also wary of the risks. In a recent Workday survey, enterprises cite the timeliness and reliability of the underlying…

Read more →

Microsoft says it has successfully dismantled the infrastructure of a cybercrime operation that sold access to fraudulent Outlook accounts to other hackers, including the notorious Scattered Spider gang. The group, tracked by Microsoft as “Storm-1152”, is described as a major…

Read more →

Apple said it will no longer give over records of users’ push notifications to law enforcement unless the company receives a valid judge’s order. In its law enforcement guidelines updated this week, Apple said law enforcement and government agencies can…

Read more →

Apple introduced new security settings with the iOS 17.3 developer beta on Tuesday to prevent thieves from entering your passcode to get your info including account passwords. Apple will likely roll out the final version of iOS 17.3 in a…

Read more →

Thanks to advances in AI, small and medium businesses have become a significant target in the world of cybercrime, accounting for roughly half of all breaches worldwide by some estimates. Now, one of the companies building security tools for SMBs…

Read more →

In November, the cybersecurity collective vx-underground wrote on X, formerly Twitter, that unknown hackers were claiming to have breached Coin Cloud, a bankrupt Bitcoin ATM company. According to vx-underground, the hackers claimed to have stolen 70,000 pictures of customers taken…

Read more →

In November, the cybersecurity collective vx-underground wrote on X, formerly Twitter, that unknown hackers were claiming to have breached Coin Cloud, a bankrupt Bitcoin ATM company. According to vx-underground, the hackers claimed to have stolen 70,000 pictures of customers taken…

Read more →

Ukraine’s largest telecommunications operator Kyivstar says it has been hit by a “powerful” cyberattack that has disrupted phone and internet services for millions of people across the country. In a Facebook post confirming the incident on Tuesday, Kyivstar wrote that…

Read more →

Two days before 23andMe disclosed that hackers had accessed the personal and genetic data of almost 7 million customers, the genetic testing giant updated its terms of service. The changes are an effort to make it more difficult for the…

Read more →

Kentucky-based non-profit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is…

Read more →

DNA companies should receive the death penalty for getting hacked Personal data is the new gold. The recent 23andMe data breach is a stark reminder of a chilling reality – our most intimate, personal information might not be as secure…

Read more →

Before joining Uber as chief security officer in 2015, Joe Sullivan served for two years as a federal prosecutor with the United States Department of Justice, where he specialized in computer hacking and IP issues. He worked on a number…

Read more →

Before joining Uber as chief security officer in 2015, Joe Sullivan served for two years as a federal prosecutor with the United States Department of Justice, where he specialized in computer hacking and IP issues. He worked on a number…

Read more →

U.S. authorities have indicted two hackers linked to Russia’s Federal Security Service (FSB) for allegedly carrying out a years-long cyber espionage campaign targeting government officials.  The Department of Justice alleged on Thursday that Ruslan Aleksandrovich Peretyatko, an officer with the…

Read more →

While today’s bigger news from the world of Meta’s messaging apps was the rollout of end-to-end encryption in Messenger, the company is also bringing another useful feature to its WhatsApp users: disappearing voice messages. The new feature will allow users…

Read more →

Last year, Apple launched a special new protection for at-risk users — such as journalists and activists — called Lockdown Mode, designed to limit some regular iPhone, iPad, Mac and Watch features with the goal of minimizing the possibility of…

Read more →

VC investment trends in the cybersecurity market suggest a sector in decline — at least within the context of recent months. According to Crunchbase, cybersecurity deal count fell during Q3 to 153 deals from 181 in Q2. In a more…

Read more →

After years of promises and limited tests, Meta has started rolling out default end-to-end encryption protection for Messenger. In an announcement, Mark Zuckerberg said that personal chats and calls will get default end-to-end encryption. However, encryption for group chats still…

Read more →

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure…

Read more →

U.S. senator Ron Wyden (D-OR) has warned in a letter to the Justice Department that unidentified governments are spying on Apple and Google phone users through their push notifications. The letter says his office received a tip last year that…

Read more →

U.S. cybersecurity agency CISA has warned that unknown hackers broke into the servers of a federal government agency by taking advantage of a previously known vulnerability in software that no longer receives updates — meaning the agency couldn’t have patched…

Read more →

Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned. This standard, known as…

Read more →

In 2015, as part of the wave of encrypting all the things on the internet, encouraged by the Edward Snowden revelations, Facebook announced that it would allow users to receive encrypted emails from the company. Even at the time, this…

Read more →

On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals. The company also said that by accessing those accounts, hackers were also able to access “a significant number of…

Read more →

ArmorCode, a cybersecurity platform that gathers vulnerability data from connected apps and software infrastructure, consolidating the data into a single location and standardizing it for analysis, has raised $40 million in a Series B round led by HighlandX with participation…

Read more →

Genetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its…

Read more →

Apple has released security updates for iPhones, iPads and Macs to patch against two vulnerabilities, which the company says are being actively exploited to hack people. The technology giant rolled out new software updates, iOS and iPadOS 17.1.2, and macOS…

Read more →

Witness lists and testimony, mental health evaluations, detailed allegations of abuse, and corporate trade secrets. These are some of the sensitive legal court filings that security researcher Jason Parker said they found exposed to the open internet for anyone to…

Read more →

Fidelity National Financial, or FNF, one of the largest real estate services companies in the United States, said it “contained” a recent cyberattack that engulfed its many subsidiaries and customers in a state of chaos for more than a week.…

Read more →

New data from Salesforce, Zuora, Okta, Nutanix and Snowflake makes it plain that several tech sectors are doing better than a lot of people expected. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed…

Read more →

The founder of the infamous and now-defunct spyware maker Hacking Team was arrested on Saturday after allegedly stabbing and attempting to murder a relative, according to multiple news reports. David Vincenzetti, who launched Hacking Team in 2003, was arrested when…

Read more →

As part of an international law enforcement investigation, the FBI and the Dutch Financial Intelligence and Investigation Service have seized the websites of a crypto mixer that was allegedly used by North Korean hackers and several cybercriminals to launder stolen…

Read more →

Has late-stage investing declined so much that no technology subsector can really post impressive investment numbers? © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article:…

Read more →

A hacker claims to be selling millions of user records relating to Indian startup Shadowfax, which offers logistics services to e-commerce and hyperlocal platforms across the country. The pseudonymous hacker said in a listing on a known cybercrime forum that…

Read more →

The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that knocked the library’s systems and website offline for the past month. In a notice sent to customers this week, which…

Read more →

U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected. Okta confirmed in October that…

Read more →

The notorious ransomware gang LockBit has claimed responsibility for a cyberattack targeting India’s state-owned aerospace research lab. On Wednesday, LockBit added the National Aerospace Laboratories (NAL) to its dark web leak site, which ransomware gangs use to extort victims for…

Read more →

Europol and its international law enforcement partners have arrested five individuals who authorities accuse of involvement in a string of ransomware attacks affecting more than 1,800 victims worldwide. The arrested individuals, which include the criminal gang’s ringleader, 32, and four…

Read more →

Amazon’s cloud computing subsidiary AWS (Amazon Web Services) has lifted the lid on a new palm-scanning identity service that allows companies to authenticate people when entering physical premises. Amazon One Enterprise, as the service is called, builds on the company’s…

Read more →

Last week, the Ukrainian government fired two of its top cybersecurity officials, who are accused of embezzlement. Now, one of them has been detained. Ukraine’s senior cabinet official Taras Melnychuk announced the firings in a public post on Telegram last…

Read more →

Last Tuesday, Fidelity National Financial, or FNF, a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company,” announced that it had experienced a cyberattack. Since…

Read more →

CTS, a U.K.-based provider of managed IT services for law firms and the professional services industry, is experiencing a cybersecurity incident that is causing ongoing widespread disruption across the legal sector.  In a statement on its website, the Cheshire-headquartered CTS…

Read more →

North Korean state-backed hackers are distributing a malicious version of a legitimate application developed by CyberLink, a Taiwanese software maker, to target downstream customers. Microsoft’s Threat Intelligence team said on Wednesday North Korean hackers had compromised CyberLink to distribute a…

Read more →

Fidelity National Financial, or FNF, a Fortune 500 company that provides title insurance and settlement services for the mortgage and real estate industries, announced on Tuesday that it was the victim of a “cybersecurity incident that impacted certain FNF systems..”…

Read more →

While many employers emphasize problem-solving skills in job descriptions, the ability to think outside the box is imperative in cybersecurity. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch…

Read more →

On October 7, Hamas launched an unprecedented terrorist attack on Israel, killing more than 1,200 people with hundreds taken hostage. The attack prompted a deadly response from the Israel Defense Forces, which has reportedly left more than 10,000 people dead…

Read more →

The Ukrainian government has fired two of its most senior cybersecurity officials following accusations of alleged embezzlement. Yurii Shchyhol, head of Ukraine’s Ukraine’s State Special Communications Service of Ukraine, or SSSCIP, and his deputy Victor Zhora (pictured), who served as…

Read more →

The British Library, the national library of the United Kingdom and one of the world’s largest libraries, has confirmed that a ransomware attack led to the theft of internal data. In late October, the British Library first disclosed it was…

Read more →

Hackers accessed the personal data of more than a million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin Pulse. Welltok, a Denver-based patient engagement company that works with…

Read more →

More than two million people across the United States will receive notice that their personal and sensitive health information was stolen earlier this year during a cyberattack at Postmeds, the parent company of online pharmacy startup Truepill. For some of…

Read more →

Ballistic Ventures, a venture capital firm dedicated to funding and incubating cybersecurity startups, is looking to raise as much as $300 million for a new fund, according to a regulatory filing. The San Francisco-based VC firm Wednesday filed with the…

Read more →

In May this year, Alexis Hancock’s daughter got a children’s tablet for her birthday. Being a security researcher, Hancock was immediately worried. “I looked at it kind of sideways because I’ve never heard of Dragon Touch,” Hancock told TechCrunch, referring…

Read more →

Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems. In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was “recently alerted…

Read more →

Close to nine million patients had highly sensitive personal and health information stolen during a cyberattack on a U.S. medical transcription service earlier this year, representing one of the worst medical related data breaches in recent times. The medical transcription…

Read more →

The U.S. government says Royal, one of the most active ransomware gangs in recent years, is preparing to rebrand or spinoff with a new name, Blacksuit. In an update this week to a previously published joint advisory about the Royal…

Read more →

In an acknowledgement that cracking the home robotics market is hard, Amazon is bringing its Astro robot to a decidedly more corporate audience. The company today announced Astro for Business, which repurposes Astro as a security robot for small- and…

Read more →

Truepill, a digital health startup that provides pharmacy fulfillment services for healthcare organizations, has confirmed that hackers accessed the personal data of more than 2.3 million patients. In a data breach notice published on its website, the company says Postmeds,…

Read more →

Security researchers say hackers are mass-exploiting a critical-rated vulnerability in Citrix NetScaler systems to launch crippling cyberattacks against big-name organizations worldwide. These cyberattacks have so far included aerospace giant Boeing; the world’s biggest bank, ICBC; one of the world’s largest…

Read more →

Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang later took credit for the cyberattack. In a new data breach notice…

Read more →

The government of Maine has confirmed over a million individuals had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in…

Read more →

The government of Maine has confirmed over a million state residents had personal information stolen in a data breach earlier this year by a Russia-backed ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability…

Read more →

Mr. Cooper, the mortgage and loan giant with more than four million customers, has confirmed customer data was compromised during a recent cyberattack. In an updated notice on its website published Thursday, Mr. Cooper said that it was “still investigating…

Read more →

Software maker SysAid is warning customers that hackers linked to a notorious ransomware gang are exploiting a newly discovered vulnerability in its widely used IT service automation software. SysAid chief technology officer Sasha Shapirov confirmed in a blog post Wednesday…

Read more →

End-to-end encrypted messaging app, Signal, is getting closer to launching a much anticipated feature that will allow users to share only a username in order to connect with other users, rather than having to reveal the phone number linked to…

Read more →

OpenAI has confirmed that a DDoS (distributed denial-of-service) attack is behind “periodic outages” affecting ChatGPT and its developer tools. ChatGPT, OpenAI’s AI-powered chatbot, has been experiencing sporadic outages for the past 24 hours. Users who attempted to access the service…

Read more →

The UK’s newly empowered Internet content regulator has published the first set of draft Codes of Practice under the Online Safety Act (OSA) which became law late last month. More codes will follow but this first set — which is focused…

Read more →

Sumo Logic, a U.S.-based cloud data analytics and log analysis company, is urging users to reset API keys after discovering a security breach. In a security notice published this week, Sumo Logic confirmed it had discovered evidence of a potential…

Read more →

The App Defense Alliance (ADA), an initiative set up by Google back in 2019 to combat malicious Android apps infiltrating the Play app store, has joined the Joint Development Foundation (JDF), a Linux Foundation project focused on helping organizations working…

Read more →

DNA testing and genealogy companies are stepping up user account security by mandating the use of two-factor authentication, following the theft of millions of user records from DNA genetic testing giant 23andMe. Ancestry, MyHeritage, and 23andMe have begun notifying customers…

Read more →

U.S.-based cybersecurity giant Malwarebytes today launched ThreatDown, a new brand that encompasses its business software portfolio and B2B-focused unit, the company confirmed to TechCrunch. Earlier this year, Malwarebytes let go of approximately 100 employees as part of a wider plan to…

Read more →

A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet. Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to…

Read more →

The U.S. government has sanctioned a Russian national for allegedly laundering millions of dollars worth of victim ransom payments on behalf of individuals linked to the notorious Ryuk ransomware group. According to an announcement from the U.S. Treasury’s Office of…

Read more →

Palo Alto Networks has just confirmed one more major piece of security startup M&A out of Israel: it has acquired Talon Cyber Security, a specialist in building enterprise browsers for securing distributed workforces sources. Source say the deal is valued…

Read more →

Android’s in-built security engine Google Play Protect has a new feature that conducts a real-time analysis of an Android app’s code and blocks it from installing the app if it’s considered potentially harmful. Google announced in October the new real-time…

Read more →

Your favorite messaging and calling app could reveal your IP address to the person on the other end of a call. And that, essentially, is because most chat apps default to using peer-to-peer connections — meaning you and the person…

Read more →

Mortgage and loan giant Mr. Cooper says a “cybersecurity incident” earlier this week was the cause of an ongoing outage, adding that the company is “working to resolve the issue.” The Texas-based company said in a statement on its website that…

Read more →

Earlier this year, the U.S. government imposed sanctions against Russian national Mikhail Matveev, an FBI most-wanted cybercriminal, who authorities accuse of being a “prolific ransomware affiliate” involved in cyberattacks in the United States and overseas. Authorities say Matveev played a…

Read more →

Aerospace giant Boeing has confirmed that it is dealing with a “cyber incident,” days after the company was listed on the leak site of the LockBit ransomware gang. In a statement given to TechCrunch, Boeing spokesperson Jim Prolux confirmed that…

Read more →

Generative AI is pervading just about every industry already, whether we like it or not, and cybersecurity is no exception. The possibility of AI-accelerated malware development and autonomous attacks should alarm any sysadmin even at this early stage. Wraithwatch is…

Read more →

While the number of cybersecurity funding deals reached a high point in 2022, that doesn’t mean that the sector’s tapped out — far from it. According to Statista, there were 148 deals in Q2 2023 worth a combined $1.6 billion.…

Read more →

Two U.S. lawmakers have asked retail giant Costco why it continues to sell surveillance equipment made by Lorex, despite warnings of cybersecurity risks and links to human rights abuses. The bipartisan letter dated October 31, sent by Rep. Christopher Smith…

Read more →

Australian software giant Atlassian has warned of a critical security flaw that could lead to “significant data loss” for customers, just weeks after state-backed hackers targeted its products. In an advisory this week, the company urged customers to patch against…

Read more →

In just a few weeks, Group-IB will be celebrating its twentieth birthday. It’s a momentous occasion for the controversy-marred threat intelligence company, which helps organizations and governments investigate cyberattacks and online fraud. And Group-IB is planning to celebrate in style.…

Read more →

Security researchers say they have observed what they believe is a takedown of the notorious Mozi botnet that infiltrated more than a million Internet of Things devices worldwide. In research shared with TechCrunch ahead of publication on Tuesday, researchers at…

Read more →

The decline in VC funding for cybersecurity startups might finally be reversing course after months of discouraging trend lines. Recently, Crunchbase reported that cybersecurity startups raised nearly $1.9 billion through 153 deals in Q3 — a 12% increase from the…

Read more →

In September, MGM Resorts was hit by a devastating ransomware attack, downing operations at some of its most iconic casino hotels in Las Vegas, including the Bellagio, Mandalay Bay and the Cosmopolitan. Guests were forced to wait hours to check…

Read more →

The U.S. government and dozens of foreign allies have pledged never to pay ransom demands in a bid to discourage financially motivated hackers and ransomware gangs profiteering from cyberattacks. The joint pledge was announced during the third annual meeting of…

Read more →