Tag: Security News | TechCrunch

Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes, and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk…

Read more →

To give AI-focused women academics and others their well-deserved — and overdue — time in the spotlight, TechCrunch is launching a series of interviews focusing on remarkable women who’ve contributed to the AI revolution. We’ll publish several pieces throughout the…

Read more →

A cyberattack at U.S. health tech giant Change Healthcare has ground much of the U.S. healthcare system to a halt for the second week in a row. Hospitals have been unable to check insurance benefits of in-patient stays, handle the…

Read more →

Earlier this week, the U.S. government announced sanctions against the founder of a controversial government spyware maker, Tal Dilian, and his business associate, Sara Aleksandra Fayssal Hamou. In announcing the sanctions, U.S. Treasury officials accused Dilian and Hamou of developing…

Read more →

On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year. This time, the Russian hackers dubbed Midnight Blizzard have targeted Microsoft’s source code and other internal systems, the company…

Read more →

India’s federal election commission has fixed flaws on its website that exposed data related to citizens’ requests for information related to their voting eligibility status, local political candidates and parties, and technical details about electronic voting machines. India is heading…

Read more →

Thanks to an uncertain economy, cybersecurity budgets are in a tight spot. According to a 2023 survey from IANS and recruiting firm Artico Search, more than a third of chief information security officers (CISOs) kept their security spending the same…

Read more →

Anonymous social apps are in for a reckoning. Yes, again. This week, University of North Carolina (UNC) System President Peter Hans announced a plan to block the use of popular anonymous social apps on campus, including Yik Yak, Fizz, Whisper,…

Read more →

Homomorphic encryption, a complex technique that uses cryptographic algorithms to keep data secure as it travels around networks and to third parties, continues to elude mass-market scalability and thus adoption — not least because currently, the complexity that makes it…

Read more →

The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is the first time the U.S. government has targeted specific people, in addition to companies, with sanctions related…

Read more →

Axonius, one of the bigger players in the world of enterprise asset management — understanding and monitoring the digital assets and infrastructure that make up an organization’s network — has raised $200 million more in funding to expand its business…

Read more →

In his quest to turn a simple and functioning Twitter app into X, the everything app that doesn’t do anything very well, Elon Musk launched audio and video calling on X last week — and this new feature is switched…

Read more →

Adding usernames to a messaging app may seem like a standard feature, but for Signal, such identifiers were anathema to its mission of total privacy and security — until now. The upcoming 7.0 version adds usernames, but the company’s president,…

Read more →

As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. U.S. officials have long urged against paying ransom demands. But while several U.S. states — including North Carolina…

Read more →

Everbridge, a critical event management (CEM) software company, is going private in a $1.8 billion all-cash deal that will see it taken over by private equity giant Thoma Bravo — 20% more than what was originally announced last month.* Founded…

Read more →

The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesperson Edward Bennett confirmed in an emailed statement to TechCrunch on Friday that…

Read more →

A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts. The Asian technology…

Read more →

A U.S. government watchdog stole more than one gigabyte of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The good news: The data was fake and part of a series of tests to…

Read more →

U.S. health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue…

Read more →

Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer Reports. On Thursday, the non-profit Consumer Reports published research that…

Read more →

Silence Laboratories, a startup that builds infrastructure using multiparty computation (MPC) to help enterprises keep data private and safe, said it has raised a $4.1 million funding round. Pi Ventures and Kira Studio co-led the recent funding, which brings its total raised…

Read more →

Paris-based cybersecurity startup Filigran is capitalizing on the success of OpenCTI to build a suite of open-source threat management products. The company has already found some early traction with OpenCTI, its open-source threat intelligence platform. That’s why the company recently…

Read more →

Anycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems. Numerous threads on news sharing site Reddit show similar reports (hat tip to @dan)…

Read more →

Days after it was knocked offline by a sweeping, years-in-the-making law enforcement operation, the notorious Russia-based LockBit ransomware group has returned to the dark web with a new leak site complete with a number of new victims. In a verbose,…

Read more →

An ongoing cyberattack at U.S. health tech giant Change Healthcare that sparked outages and disruption to hospitals and pharmacies across the U.S. for the past week was caused by ransomware, TechCrunch has learned. A healthcare executive with knowledge of the…

Read more →

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.…

Read more →

Security researchers say a pair of easy-to-exploit flaws in a popular remote access tool used by more than a million companies around the world are now being mass-exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.…

Read more →

Almost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed. The loan and mortgage giant company said in a data breach notice filed with Maine’s attorney general’s…

Read more →

Over the weekend, someone posted a cache of files and documents apparently stolen from the Chinese government hacking contractor, I-Soon. This leak gives cybersecurity researchers and rival governments an unprecedented chance to look behind the curtain of Chinese government hacking…

Read more →

Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. Researchers…

Read more →

U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected…

Read more →

The Federal Trade Commission on Thursday said it will ban the antivirus giant Avast from selling consumers’ web browsing data to advertisers after Avast claimed its products would prevent its users from online tracking. Avast also settled the federal regulator’s…

Read more →

U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was “experiencing a network interruption related to a cyber security issue.” “Once we became aware of the outside threat,…

Read more →

Over the weekend, hackers targeted federated social networks like Mastodon to carry out ongoing spam attacks that were organized on Discord, and conducted using Discord applications. But Discord has yet to remove the server where the attacks are facilitated, and…

Read more →

Security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw. The maximum severity-rated vulnerability affects ConnectWise…

Read more →

Apple announced today it is upgrading iMessage’s security layer to post-quantum cryptography, starting in iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4. The technology giant said that in the coming years, quantum computers will be able to break today’s…

Read more →

A sweeping law enforcement operation led by the U.K.’s National Crime Agency this week took down LockBit, the notorious Russia-linked ransomware gang that has for years wreaked havoc on businesses, hospitals, and governments around the world. The action saw LockBit’s…

Read more →

The U.S. government has sanctioned two key members of LockBit, the Russian-speaking hacking and extortion gang accused of launching ransomware attacks against victims across the U.S. and internationally. In a post on Tuesday, the U.S. Treasury confirmed it is sanctioning…

Read more →

1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount. According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees…

Read more →

A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark web leak site — where the group publicly lists its victims and…

Read more →

A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark web leak site — where the group publicly lists its victims and…

Read more →

A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark-web leak site — where the group publicly lists its victims and threatens…

Read more →

For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports…

Read more →

Tech companies are pledging to fight election-related deepfakes as policymakers amp up pressure. Today at the Munich Security Conference, vendors including Microsoft, Meta, Google, Amazon, Adobe and IBM signed an accord signaling their intention to adopt a common framework for…

Read more →

In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits…

Read more →

In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Windows Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits…

Read more →

The prolific ransomware gang LockBit has claimed responsibility for hacking one of India’s top brokerage firms, Motilal Oswal. Indian authorities say they are aware and investigating the incident. On Tuesday, LockBit added the Indian brokerage giant Motilal Oswal to its…

Read more →

Sequoia Capital plans to fund up to three open source software developers annually, as a continuation of a program it debuted last year. The Silicon Valley venture capital firm announced the Sequoia Open Source Fellowship last May, but it was…

Read more →

A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed…

Read more →

U.K.-based water utility Southern Water has confirmed that hackers stole the personal data of as many as 470,000 customers in a recent data breach. Southern Water, which provides water and wastewater services to millions of people across the South East…

Read more →

The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the…

Read more →

KTrust, a Tel Aviv-based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive…

Read more →

A bug in the online forum for the fertility tracking app Glow exposed the personal data of around 25 million users, according to a security researcher. The bug exposed users’ first and last names, self-reported age group (such as children…

Read more →

Seal Security, a Tel Aviv-based startup founded by a group of former members of Israel’s Unit 8200 intelligence unit, is coming out of stealth today and announcing a $7.4 million seed funding round like by Vertex Ventures Israel, with participation…

Read more →

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never…

Read more →

Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities…

Read more →

The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web. Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The…

Read more →

Oregon may soon become the latest state to pass right-to-repair legislation. Last month, Google lent its support in an open letter, calling Senate Bill 1596 “a compelling model for other states to follow.” The bill, sponsored by a sextet of…

Read more →

Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure,…

Read more →

Don’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in…

Read more →

The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to…

Read more →

Users log into Closinglock’s portal where real estate transaction wiring instructions are accessed instead of provided via email. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →

To reduce financial scams, Google has started a new program to prevent users from sideloading certain apps in Singapore. The company is looking to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications.…

Read more →

China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.S. intelligence agencies warned on Wednesday. Volt Typhoon, a state-sponsored group of hackers based in…

Read more →

Just two years ago, VC funding to cybersecurity startups was on fire. $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that — the result of the exceptional surge in 2021, bloated…

Read more →

Onfido, an early mover in the world of identity verification using computer vision and other AI tools, is getting acquired, TechCrunch has learned and confirmed. Entrust — the privately-held company that provides a range of certification and verification services around…

Read more →

Mozilla today is introducing a new subscription service that will help people locate and remove their personal and sensitive information from data broker websites around the web. This includes the ability to remove your phone number, email, home address, and…

Read more →

Government hackers last year exploited three unknown vulnerabilities in Apple’s iPhone operating system to target victims with spyware developed by a European startup, according to Google. On Tuesday, Google’s Threat Analysis Group, the company’s team that investigates nation-backed hacking, published…

Read more →

Ionix (formerly Cyberpion) helps enterprises reduce their attack surface by giving them a better view of their overall security posture and software supply chain across on-premises, cloud and third-party platforms and services. The company today announced that it has added…

Read more →

Student rideshare startup HopSkipDrive has confirmed a data breach involving the personal data of more than 155,000 drivers. Los Angeles-based HopSkipDrive offers an Uber-style rideshare service for children and teenagers. The startup, which has raised at least $90 million since…

Read more →

Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a week. AnyDesk’s software is used by millions of IT professionals to…

Read more →

Everbridge, a critical event management (CEM) software company, is going private in a $1.5 billion all-cash deal that will see it taken over by private equity giant Thoma Bravo. Founded in 2002 initially as 3N Global, Everbridge helps governments and…

Read more →

Yandex N.V., the Dutch parent company of the eponymous Russian internet giant, is selling the last of its remaining Russian businesses at a steep discount, following sanctions imposed in the wake of the Russia’s invasion of Ukraine two years ago.…

Read more →

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…

Read more →

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…

Read more →

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…

Read more →

Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a U.S.-based company that provides financial and administrative software to…

Read more →

In 2019, Apple announced it would start sending some security researchers a “special” version of the iPhone designed to be used to find vulnerabilities, which could then be reported to Apple so the company could fix them. In 2020, the…

Read more →

U.S. cybersecurity agency CISA has ordered federal agencies to urgently disconnect Ivanti VPN appliances given the risk of malicious exploitation due to multiple software flaws. In an update to an emergency directive first published last week, CISA is now mandating…

Read more →

U.S. access and identity management giant Okta has said it is laying off approximately 400 employees, or 7% of its global workforce. The layoffs come almost exactly a year to the day after Okta announced plans to reduce its workforce…

Read more →

On Sunday, a user in a well-known hacking forum advertised what they claimed was a cache of stolen data from the rental car giant Europcar. The user claimed to have stolen the personal information of more than 48 million Europcar…

Read more →

A day after reporters published their first hands-on review of Apple’s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability that “may have been exploited” by hackers in the wild.…

Read more →

The U.S. government announced Wednesday it had disrupted a China-backed hacking operation targeting U.S. critical infrastructure, amid warnings that Beijing is preparing to cause “real-world harm” to Americans in the event of a future conflict. Speaking during a U.S. House…

Read more →

On Tuesday, hackers stole around $112 million of the Ripple-focused cryptocurrency XRP from a crypto wallet, Ripple’s co-founder and executive chairman has disclosed. Ripple’s Chris Larsen said on Wednesday that the stolen crypto was his. Larsen wrote on X (previously…

Read more →

Proofpoint is laying off about 6% of its global workforce, or 280 employees, the company confirmed to TechCrunch. “This decision was not taken lightly, and it is deeply rooted in our forward-looking company strategy of aligning our investments and hiring…

Read more →

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, ​​Chinese state-backed hackers have been exploiting Ivanti Connect Secure’s flaws — tracked as CVE-2023-46805 and CVE-2024-21887 —…

Read more →

When people hear the term “identity management” in an enterprise context, they typically think of apps that help users authenticate who they are on a network in order to access certain services. In a security context, however, human users are…

Read more →

An Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents. The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide…

Read more →

Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline. The councils for Canterbury, Dover, and Thanet — all of which are based in…

Read more →

The U.S. National Security Agency is buying vast amounts of commercially available web browsing data on Americans without a warrant, according to the agency’s outgoing director. NSA director Gen. Paul Nakasone disclosed the practice in a letter to Sen. Ron…

Read more →

On Friday, Microsoft revealed that it had been the victim of a hack carried out by Russian government spies. Now, a week later, the technology giant said that it was not the only target of the espionage operation. In a…

Read more →

Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that discovered it. Shubham Mittal, co-founder and chief technology officer of…

Read more →

In a data breach notification letter filed with regulators this weekend, 23andMe revealed that hackers started breaking into customers’ accounts in April 2023 and continued through most of September. In other words, for around five months, 23andMe did not detect…

Read more →

The software supply chain, which comprises the components, libraries and processes companies use to develop and publish software, is under threat. According to one recent survey, 88% of companies believe that software supply chain security presents an “enterprise-wide risk” to…

Read more →

Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network. In a filing with the U.S. Securities and Exchange Commission, the enterprise tech…

Read more →

Businesses are moving faster than ever to use generative AI and bring it to both their employees and users. Moving fast and security don’t always go hand-in-hand, though, so it’s only now that many businesses are waking up to the…

Read more →

The U.S. government sanctioned a Russian national for allegedly playing a “pivotal role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of almost 10 million patients. 33-year-old Alexander Ermakov, who has also been…

Read more →

Clerk, a startup creating a suite of embeddable UIs, APIs and admin dashboards that app developers can use to authenticate and manage users, has raised $30 million in a Series B round led by CRV with participation from Stripe, Andreessen…

Read more →

Apple released a new version of iOS yesterday with a handful of new features, such as collaborative playlists in Apple Music and a new Unity wallpaper for Black History Month. Another interesting new feature in iOS 17.3 is something called…

Read more →

Silverfort, the Israeli/U.S. startup, takes an all-in view when it comes to identity security in an organization. When it comes to potential breaches, people, machines, clouds, legacy and new apps can all be targets, and they can be exploited at…

Read more →