Category: Security News | TechCrunch

Government hackers last year exploited three unknown vulnerabilities in Apple’s iPhone operating system to target victims with spyware developed by a European startup, according to Google. On Tuesday, Google’s Threat Analysis Group, the company’s team that investigates nation-backed hacking, published…

Read more →

Ionix (formerly Cyberpion) helps enterprises reduce their attack surface by giving them a better view of their overall security posture and software supply chain across on-premises, cloud and third-party platforms and services. The company today announced that it has added…

Read more →

Student rideshare startup HopSkipDrive has confirmed a data breach involving the personal data of more than 155,000 drivers. Los Angeles-based HopSkipDrive offers an Uber-style rideshare service for children and teenagers. The startup, which has raised at least $90 million since…

Read more →

Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a week. AnyDesk’s software is used by millions of IT professionals to…

Read more →

Everbridge, a critical event management (CEM) software company, is going private in a $1.5 billion all-cash deal that will see it taken over by private equity giant Thoma Bravo. Founded in 2002 initially as 3N Global, Everbridge helps governments and…

Read more →

Yandex N.V., the Dutch parent company of the eponymous Russian internet giant, is selling the last of its remaining Russian businesses at a steep discount, following sanctions imposed in the wake of the Russia’s invasion of Ukraine two years ago.…

Read more →

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…

Read more →

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…

Read more →

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…

Read more →

Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a U.S.-based company that provides financial and administrative software to…

Read more →

In 2019, Apple announced it would start sending some security researchers a “special” version of the iPhone designed to be used to find vulnerabilities, which could then be reported to Apple so the company could fix them. In 2020, the…

Read more →

U.S. cybersecurity agency CISA has ordered federal agencies to urgently disconnect Ivanti VPN appliances given the risk of malicious exploitation due to multiple software flaws. In an update to an emergency directive first published last week, CISA is now mandating…

Read more →

U.S. access and identity management giant Okta has said it is laying off approximately 400 employees, or 7% of its global workforce. The layoffs come almost exactly a year to the day after Okta announced plans to reduce its workforce…

Read more →

On Sunday, a user in a well-known hacking forum advertised what they claimed was a cache of stolen data from the rental car giant Europcar. The user claimed to have stolen the personal information of more than 48 million Europcar…

Read more →

A day after reporters published their first hands-on review of Apple’s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability that “may have been exploited” by hackers in the wild.…

Read more →

The U.S. government announced Wednesday it had disrupted a China-backed hacking operation targeting U.S. critical infrastructure, amid warnings that Beijing is preparing to cause “real-world harm” to Americans in the event of a future conflict. Speaking during a U.S. House…

Read more →

On Tuesday, hackers stole around $112 million of the Ripple-focused cryptocurrency XRP from a crypto wallet, Ripple’s co-founder and executive chairman has disclosed. Ripple’s Chris Larsen said on Wednesday that the stolen crypto was his. Larsen wrote on X (previously…

Read more →

Proofpoint is laying off about 6% of its global workforce, or 280 employees, the company confirmed to TechCrunch. “This decision was not taken lightly, and it is deeply rooted in our forward-looking company strategy of aligning our investments and hiring…

Read more →

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, ​​Chinese state-backed hackers have been exploiting Ivanti Connect Secure’s flaws — tracked as CVE-2023-46805 and CVE-2024-21887 —…

Read more →

When people hear the term “identity management” in an enterprise context, they typically think of apps that help users authenticate who they are on a network in order to access certain services. In a security context, however, human users are…

Read more →

An Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents. The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide…

Read more →

Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline. The councils for Canterbury, Dover, and Thanet — all of which are based in…

Read more →

The U.S. National Security Agency is buying vast amounts of commercially available web browsing data on Americans without a warrant, according to the agency’s outgoing director. NSA director Gen. Paul Nakasone disclosed the practice in a letter to Sen. Ron…

Read more →

On Friday, Microsoft revealed that it had been the victim of a hack carried out by Russian government spies. Now, a week later, the technology giant said that it was not the only target of the espionage operation. In a…

Read more →

Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that discovered it. Shubham Mittal, co-founder and chief technology officer of…

Read more →

In a data breach notification letter filed with regulators this weekend, 23andMe revealed that hackers started breaking into customers’ accounts in April 2023 and continued through most of September. In other words, for around five months, 23andMe did not detect…

Read more →

The software supply chain, which comprises the components, libraries and processes companies use to develop and publish software, is under threat. According to one recent survey, 88% of companies believe that software supply chain security presents an “enterprise-wide risk” to…

Read more →

Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network. In a filing with the U.S. Securities and Exchange Commission, the enterprise tech…

Read more →

Businesses are moving faster than ever to use generative AI and bring it to both their employees and users. Moving fast and security don’t always go hand-in-hand, though, so it’s only now that many businesses are waking up to the…

Read more →

The U.S. government sanctioned a Russian national for allegedly playing a “pivotal role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of almost 10 million patients. 33-year-old Alexander Ermakov, who has also been…

Read more →

Clerk, a startup creating a suite of embeddable UIs, APIs and admin dashboards that app developers can use to authenticate and manage users, has raised $30 million in a Series B round led by CRV with participation from Stripe, Andreessen…

Read more →

Apple released a new version of iOS yesterday with a handful of new features, such as collaborative playlists in Apple Music and a new Unity wallpaper for Black History Month. Another interesting new feature in iOS 17.3 is something called…

Read more →

Silverfort, the Israeli/U.S. startup, takes an all-in view when it comes to identity security in an organization. When it comes to potential breaches, people, machines, clouds, legacy and new apps can all be targets, and they can be exploited at…

Read more →

Silverfort, the Israeli/U.S. startup, takes an all-in view when it comes to identity security in an organization. When it comes to potential breaches, people, machines, clouds, legacy and new apps can all be targets, and they can be exploited at…

Read more →

Murena, a French startup that sells “de-Googled” smartphones replete with its own flavor of Android, is launching an own-brand mobile network as it throws its hat into the fast-growing mobile virtual network operator (MVNO) ring. Murena Mobile, as the new…

Read more →

Silicon Valley venture capital (VC) juggernaut Sequoia is backing a fledgling Danish startup to build a next-gen software composition analysis (SCA) tool, one that promises to help companies filter through the noise and identify vulnerabilities that are a genuine threat.…

Read more →

About 16.6 million LoanDepot customers had their “sensitive personal” information” stolen in a cyberattack earlier this month, which the loan and mortgage giant has described as a ransomware attack. The loan company said in a filing with federal regulators on…

Read more →

About 16.6 million LoanDepot customers had their “sensitive personal” information” stolen in a cyberattack earlier this month, which the loan and mortgage giant has described as ransomware. The loan company said in a filing with federal regulators on Monday that…

Read more →

Wouldn’t you want to know what tech giants know about you? That’s exactly what Russian government hackers want, too. On Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 or Cozy Bear — and…

Read more →

LoanDepot customers say they have been unable to make mortgage payments or access their online accounts following a suspected ransomware attack on the company last week. The mortgage and loan giant said on January 8 that it was working to…

Read more →

The U.S. Federal Trade Commission has continued its crackdown on data brokers with a settlement banning data aggregation company InMarket from selling consumers’ precise location data. Texas-based InMarket, which debuted as CheckPoints at TechCrunch Disrupt 2010, provides a marketing platform that…

Read more →

VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, said Thursday that hackers stole the personal data of 35.5 million customers in a December cyberattack. The Denver, Colorado-based company reported the data breach…

Read more →

Internet monitoring firms say a near-total internet blackout in Gaza is reaching its seventh day, the longest outage of the ongoing Israel-Hamas conflict so far. Doug Madory, the director of internet analysis at Kentik, told TechCrunch in a Signal message…

Read more →

Google researchers say they have evidence that a notorious Russian-linked hacking group — tracked as “Cold River” — is evolving its tactics beyond phishing to target victims with data-stealing malware. Cold River, also known as “Callisto Group” and “Star Blizzard,”…

Read more →

Anyone who knows your WhatsApp number can figure out if you are only using the mobile app, or its companion web or desktop apps, a security researcher found. Tal Be’ery, the co-founder and CTO of crypto wallet maker ZenGo, found…

Read more →

Over the past year we’ve seen Uber’s former chief security officer convicted in federal court for mishandling a data breach, a federal regulator charge SolarWinds’ security chief with allegedly misleading investors prior to its own cyberattack, and new regulations that…

Read more →

Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely-used corporate VPN appliance. That’s according to cybersecurity company Volexity, which first reported last week that China state-backed hackers are exploiting the two unpatched flaws in Ivanti Connect Secure…

Read more →

Snyk, the well-funded developer-focused security company, today announced that it has acquired Helios, a Tel Aviv-based startup that helps developers troubleshoot and understand their microservices in production. Snyk will use Helios to bolster its recently launched AppRisk service, its application…

Read more →

Spot’s flagship product, VisionX, taps into deep learning and computer vision technologies to analyze consumer and theft behaviors. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →

U.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider. In an email sent to affected customers, Framework said that an employee at Keating Consulting, its primary external…

Read more →

Hyundai’s India subsidiary has fixed a bug that exposed its customers’ personal information in the South Asian market. TechCrunch reviewed a portion of the exposed data that included the registered owner name, mailing address, email address, and phone number of…

Read more →

Civil liberties advocates have long argued that “geofence” search warrants are unconstitutional for their ability to ensnare entirely innocent people who were nearby at the time a crime was committed. But errors in the geofence warrant applications that go before…

Read more →

U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month. Ivanti said the two vulnerabilities — tracked as…

Read more →

More trouble for European Union lawmakers in a controversial area of tech policymaking — namely the bloc’s proposed legislation to apply surveillance technologies, such as client-side scanning, to digital messaging to try to detect child sexual abuse material (CSAM). This…

Read more →

Texas-based care provider HMG Healthcare has confirmed that hackers accessed the personal data of residents and employees, but says it has been unable to determine what types of data were stolen. HMG Healthcare is headquartered in The Woodlands, Texas, and…

Read more →

Cybersecurity is a complex and multifaceted field, and even with thorough threat modeling, there’s always a risk of compromise. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read…

Read more →

Japanese tech giant Fujitsu is facing growing pressure from U.K. political quarters over its role in a scandal that saw hundreds of post office owners prosecuted for accounting discrepancies. But as Fujitsu has emerged as a leading protagonist in a…

Read more →

Real estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week. FNF said in a filing Tuesday with federal regulators: “We…

Read more →

Nation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see criminal and nation…

Read more →

The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users’ sensitive location data, the federal regulator said Tuesday. The first of its kind settlement prohibits X-Mode, now known as Outlogic, from sharing and…

Read more →

Nation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see criminal and nation…

Read more →

KYC, or “know your customer,” is a process intended to help financial institutions, fintech startups and banks verify the identity of their customers. Not uncommonly, KYC authentication involves “ID images,” or cross-checked selfies used to confirm a person is who…

Read more →

KYC, or “Know Your Customer,” is a process intended to help financial institutions, fintech startups and banks verify the identity of their customers. Not uncommonly, KYC authentication involves “ID images,” or cross-checked selfies used to confirm a person is who…

Read more →

Mortgage and loan giant LoanDepot said Monday it is experiencing a cyberattack and that it’s “working diligently to restore normal business operations as quickly as possible.” The Irvine, Calif.-based company said in a brief statement on its cybersecurity incident page…

Read more →

SentinelOne’s deal to acquire PingSafe valued the Peak XV-backed young startup at over $100 million, two sources familiar with the matter told TechCrunch, in one of the strongest and fastest deals emerging from India. The New York Stock Exchange-listed AI…

Read more →

An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims. San Francisco-based Orrick, Herrington & Sutcliffe said last week…

Read more →

Log4j, maybe more than any other security issue in recent years, thrust software supply chain security into the limelight, with even the White House weighing in. But even though virtually every technology executive is at least aware of the importance…

Read more →

The total amount “lost” during 2023 from security incidents was almost $2 billion. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article: Crypto losses declined…

Read more →

Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of…

Read more →

Aqua Security, an Israeli cybersecurity startup that helps companies protect their cloud services, has raised $60 million in funding, extending its previously announced $135 million Series E round of funding to $195 million. Founded in 2015, Tel Aviv- and Boston-based…

Read more →

A funny — but true — joke at TechCrunch is that the security desk might as well be called the Department of Bad News, since, well, have you seen what we’ve covered of late? There is a never-ending supply of…

Read more →

Despite a rise in cyberattacks and breaches, the cybersecurity industry is by no means exempt from the uncertainty inspired by the current economy. 2023 will likely be remembered as the “year of the layoff.” While many expected the tide to…

Read more →

Last year, we compiled a list of 2022’s most poorly handled data breaches looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal…

Read more →

Once again we look back at the past year in cybercrime and those who we lost… to the law. This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some…

Read more →

Once again we look back at the past year in cybercrime and those who we lost… to the law. This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some…

Read more →

Apple’s warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi’s government. Officials publicly doubted Apple’s findings and announced a probe into device security.…

Read more →

Apple’s warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi’s government. Officials publicly doubted Apple’s findings and announced a probe into device security.…

Read more →

This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular…

Read more →

National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. The private media conglomerate said…

Read more →

For yet another year, hackers stole billions of dollars in crypto. But for the first time since 2020, the trend is downwards, according to crypto security firms. This year, hackers stole around $2 billion dollars in crypto across dozens of…

Read more →

The next wave of successful startups will help companies harness GenAI to improve organizational productivity while preventing attacks. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →

Back in 2018, my former colleague at VICE Motherboard Joseph Cox and I started publishing a list of the best cybersecurity stories that were published elsewhere. It wasn’t just a way to tip our hats at our friendly competitors; by…

Read more →

Cisco announced this morning that it intends to acquire Isovalent, a cloud-native security and networking startup that should fit well with the company’s core networking and security strategy. The companies did not share the purchase price. Isovalent has helped develop…

Read more →

It’s the season to go a little overboard on gift giving. But this year, give the gift of good security (and privacy) and eschew tech that can have untoward risks or repercussions. We’re not talking about things that go boom…

Read more →

SimSpace, a startup that creates digital replicas of organizations’ tech and networking stacks for cybersecurity training, has raised $45 million in a funding round led by L2 Point Management. Bringing the company’s total raised to $70 million, the investment comes…

Read more →

2023 proved to be a be a challenging year on the ransomware front after a brief lull in 2022. According to data from cryptocurrency tracing firm Chainalysis, victims had paid ransomware groups well over $400 million combined as of July…

Read more →

An international group of law enforcement agencies have seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action…

Read more →

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers. This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under…

Read more →

VF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme, and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas, one of the biggest retail events of the year. The…

Read more →

Cybercriminals are becoming more aggressive in their effort to maximize disruption and compel the payment of ransom demands, and now there’s a new extortion tactic in play. In early November, the notorious ALPHV ransomware gang, also known as BlackCat, attempted…

Read more →

Hackers stole the sensitive personal information of more than 14.6 million Mr. Cooper customers, the mortgage and loan giant has confirmed. In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of…

Read more →

Database management giant MongoDB says it’s investigating a security incident that has resulted in the exposure of some information about customers. The New York-based MongoDB helps more than 46,000 companies, including Adobe, eBay, Verizon, and the U.K.’s Department for Work…

Read more →

Starting from today, December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours. The regulation represents a significant shake-up for organizations, many of which…

Read more →

Google will soon allow users to store their location data on their devices rather than on Google’s servers, effectively ending a long-running surveillance practice that allowed police and law enforcement to tap Google’s vast banks of location data to identify…

Read more →

Ubiquity, the networking and video surveillance camera maker, has fixed a bug that users say mistakenly allowed them access to the accounts and private live video streams of other customers. Reports first emerged on Reddit that some customers received push…

Read more →

Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday. Ledger, a company that makes a widely used and popular crypto hardware and software wallet, among other products,…

Read more →

Companies are increasingly curious about AI and the ways in which it can be used to (potentially) boost productivity. But they’re also wary of the risks. In a recent Workday survey, enterprises cite the timeliness and reliability of the underlying…

Read more →

Microsoft says it has successfully dismantled the infrastructure of a cybercrime operation that sold access to fraudulent Outlook accounts to other hackers, including the notorious Scattered Spider gang. The group, tracked by Microsoft as “Storm-1152”, is described as a major…

Read more →

Apple said it will no longer give over records of users’ push notifications to law enforcement unless the company receives a valid judge’s order. In its law enforcement guidelines updated this week, Apple said law enforcement and government agencies can…

Read more →

Apple introduced new security settings with the iOS 17.3 developer beta on Tuesday to prevent thieves from entering your passcode to get your info including account passwords. Apple will likely roll out the final version of iOS 17.3 in a…

Read more →