The Pokémon Company said it detected hacking attempts against some of its users and reset those user account passwords. Last week, an alert was visible on Pokémon’s official support website that said, “Following an attempt to compromise our account system,…
Tag: Security News | TechCrunch
Pokemon resets some users passwords after hacking attempts
The Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords. Last week, an alert was visible on Pokemon’s official support website, which said that “following an attempt to compromise our account…
Mintlify says customer GitHub tokens exposed in data breach
Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week. Mintlify helps developers create documentation for their software and source code by requesting access…
Esports league postponed after players hacked midgame
On Sunday, two competitive esports players appeared to get hacked during a live streamed game, prompting the organizers to postpone the tournament. Players were competing in the Apex Legends Global Series, a competitive esports tournament for the popular shooter game…
Tech giant Fujitsu says it was hacked, warns of data breach
Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on multiple work computers at our company, and as a result…
How to verify a data breach
Over the years TechCrunch has extensively covered data breaches. In fact, some of our most-read stories have come from reporting on huge data breaches, such as revealing shoddy security practices at startups holding sensitive genetic information through to disproving privacy…
Google is changing how Chrome detects and warns you about unsafe sites
Google announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list — all without sharing your browsing habits with Google. Previously, Chrome downloaded…
Google’s Safe Browsing protection in Chrome goes real-time
Google announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list — all without sharing your browsing habits with Google. Previously, Chrome downloaded…
Ted Schlein’s 2-year-old Ballistic Ventures has already raised a second $360 million fund
After a shakeup at Kleiner Perkins a few years back, one of its star B2B investors, Ted Schlein, started his own firm. Ballistic has already closed a second fund, even bigger than the first. © 2024 TechCrunch. All rights reserved.…
Nigeria’s Youverify raises $2.5M to enhance anti-money laundering compliance
Youverify, a Nigerian provider of identity verification and anti-money laundering (AML) solutions for banks and startups, secured a $2.5 million investment from Elm, which specializes in offering ready-made and customized digital solutions to public and private institutions in Saudi Arabia.…
A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose
The Irish government fixed a vulnerability two years ago in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents. But details of the vulnerability weren’t revealed until this week after attempts to coordinate public…
Four things we learned when US intelligence chiefs testified to Congress
Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk…
Four things we learned when US spy chiefs testified to Congress
Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes, and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk…
Women in AI: Heidy Khlaaf, safety engineering director at Trail of Bits
To give AI-focused women academics and others their well-deserved — and overdue — time in the spotlight, TechCrunch is launching a series of interviews focusing on remarkable women who’ve contributed to the AI revolution. We’ll publish several pieces throughout the…
As the Change Healthcare outage drags on, fears grow that patient data could spill online
A cyberattack at U.S. health tech giant Change Healthcare has ground much of the U.S. healthcare system to a halt for the second week in a row. Hospitals have been unable to check insurance benefits of in-patient stays, handle the…
Spyware makers express concern after US sanctions spyware veteran
Earlier this week, the U.S. government announced sanctions against the founder of a controversial government spyware maker, Tal Dilian, and his business associate, Sara Aleksandra Fayssal Hamou. In announcing the sanctions, U.S. Treasury officials accused Dilian and Hamou of developing…
Russian spies keep hacking into Microsoft in ‘ongoing attack,’ company says
On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year. This time, the Russian hackers dubbed Midnight Blizzard have targeted Microsoft’s source code and other internal systems, the company…
India’s Election Commission fixes privacy flaws that exposed citizens’ information-seeking data
India’s federal election commission has fixed flaws on its website that exposed data related to citizens’ requests for information related to their voting eligibility status, local political candidates and parties, and technical details about electronic voting machines. India is heading…
Reach Security taps a company’s existing tools to fight cyber threats
Thanks to an uncertain economy, cybersecurity budgets are in a tight spot. According to a 2023 survey from IANS and recruiting firm Artico Search, more than a third of chief information security officers (CISOs) kept their security spending the same…
Anonymous social apps face another reckoning as UNC System to ban Yik Yik, Fizz, Sidechat & Whisper
Anonymous social apps are in for a reckoning. Yes, again. This week, University of North Carolina (UNC) System President Peter Hans announced a plan to block the use of popular anonymous social apps on campus, including Yik Yak, Fizz, Whisper,…
Zama’s homomorphic encryption tech lands it $73M on a valuation of nearly $400M
Homomorphic encryption, a complex technique that uses cryptographic algorithms to keep data secure as it travels around networks and to third parties, continues to elude mass-market scalability and thus adoption — not least because currently, the complexity that makes it…
US sanctions founder of spyware maker Intellexa for targeting Americans
The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is the first time the U.S. government has targeted specific people, in addition to companies, with sanctions related…
Axonius, a specialist in cyber asset managment, secures $200M at a flat $2.6B valuation
Axonius, one of the bigger players in the world of enterprise asset management — understanding and monitoring the digital assets and infrastructure that make up an organization’s network — has raised $200 million more in funding to expand its business…
Elon Musk switched on X calling by default: Here’s how to switch it off
In his quest to turn a simple and functioning Twitter app into X, the everything app that doesn’t do anything very well, Elon Musk launched audio and video calling on X last week — and this new feature is switched…
Why Signal ‘turned our architecture inside out’ for its latest privacy feature
Adding usernames to a messaging app may seem like a standard feature, but for Signal, such identifiers were anathema to its mission of total privacy and security — until now. The upcoming 7.0 version adds usernames, but the company’s president,…
Should we ban ransom payments?
As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. U.S. officials have long urged against paying ransom demands. But while several U.S. states — including North Carolina…
Thoma Bravo takes critical event management software company Everbridge private in $1.8B deal
Everbridge, a critical event management (CEM) software company, is going private in a $1.8 billion all-cash deal that will see it taken over by private equity giant Thoma Bravo — 20% more than what was originally announced last month.* Founded…
NSA says it’s tracking Ivanti cyberattacks as hackers hit US defense sector
The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesperson Edward Bennett confirmed in an emailed statement to TechCrunch on Friday that…
A leaky database spilled 2FA codes for the world’s tech giants
A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts. The Asian technology…
A government watchdog hacked a US federal agency to stress-test its cloud security
A U.S. government watchdog stole more than one gigabyte of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The good news: The data was fake and part of a series of tests to…
UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages
U.S. health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue…
Popular video doorbells can be easily hijacked, researchers find
Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer Reports. On Thursday, the non-profit Consumer Reports published research that…
Silence Laboratories, a cryptographic security startup, secures funding
Silence Laboratories, a startup that builds infrastructure using multiparty computation (MPC) to help enterprises keep data private and safe, said it has raised a $4.1 million funding round. Pi Ventures and Kira Studio co-led the recent funding, which brings its total raised…
OpenCTI maker Filigran raises $16 million for its cybersecurity threat management suite
Paris-based cybersecurity startup Filigran is capitalizing on the success of OpenCTI to build a suite of open-source threat management products. The company has already found some early traction with OpenCTI, its open-source threat intelligence platform. That’s why the company recently…
Anycubic users say their 3D printers were hacked to warn of a security flaw
Anycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems. Numerous threads on news sharing site Reddit show similar reports (hat tip to @dan)…
Feds hack LockBit, LockBit springs back. Now what?
Days after it was knocked offline by a sweeping, years-in-the-making law enforcement operation, the notorious Russia-based LockBit ransomware group has returned to the dark web with a new leak site complete with a number of new victims. In a verbose,…
Ransomware attack blamed for Change Healthcare outage stalling US prescriptions
An ongoing cyberattack at U.S. health tech giant Change Healthcare that sparked outages and disruption to hospitals and pharmacies across the U.S. for the past week was caused by ransomware, TechCrunch has learned. A healthcare executive with knowledge of the…
Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack
Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.…
Researchers say easy-to-exploit security bugs in ConnectWise remote access software now under mass-attack
Security researchers say a pair of easy-to-exploit flaws in a popular remote access tool used by more than a million companies around the world are now being mass-exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.…
LoanDepot says about 17 million customers had personal data and Social Security numbers stolen during cyberattack
Almost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed. The loan and mortgage giant company said in a data breach notice filed with Maine’s attorney general’s…
Spyware leak offers ‘first-of-its-kind’ look inside Chinese government hacking efforts
Over the weekend, someone posted a cache of files and documents apparently stolen from the Chinese government hacking contractor, I-Soon. This leak gives cybersecurity researchers and rival governments an unprecedented chance to look behind the curtain of Chinese government hacking…
Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. Researchers…
UnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag on
U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected…
FTC bans antivirus giant Avast from selling its users’ browsing data to advertisers
The Federal Trade Commission on Thursday said it will ban the antivirus giant Avast from selling consumers’ web browsing data to advertisers after Avast claimed its products would prevent its users from online tracking. Avast also settled the federal regulator’s…
US health tech giant Change Healthcare hit by cyberattack
U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was “experiencing a network interruption related to a cyber security issue.” “Once we became aware of the outside threat,…
Discord took no action against server that coordinated costly Mastodon spam attacks
Over the weekend, hackers targeted federated social networks like Mastodon to carry out ongoing spam attacks that were organized on Discord, and conducted using Discord applications. But Discord has yet to remove the server where the attacks are facilitated, and…
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit
Security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw. The maximum severity-rated vulnerability affects ConnectWise…
Apple readies iMessage for when quantum computers could break encryption
Apple announced today it is upgrading iMessage’s security layer to post-quantum cryptography, starting in iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4. The technology giant said that in the coming years, quantum computers will be able to break today’s…
Six things we learned from the LockBit takedown
A sweeping law enforcement operation led by the U.K.’s National Crime Agency this week took down LockBit, the notorious Russia-linked ransomware gang that has for years wreaked havoc on businesses, hospitals, and governments around the world. The action saw LockBit’s…
US sanctions LockBit members after ransomware takedown
The U.S. government has sanctioned two key members of LockBit, the Russian-speaking hacking and extortion gang accused of launching ransomware attacks against victims across the U.S. and internationally. In a post on Tuesday, the U.S. Treasury confirmed it is sanctioning…
1Password expands its endpoint security offerings with Kolide acquisition
1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount. According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees…
Authorities disrupt operations of notorious LockBit ransomware gang
A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark web leak site — where the group publicly lists its victims and…
Authorities seize dark web leak site from LockBit ransomware gang
A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark web leak site — where the group publicly lists its victims and…
US, UK authorities claim seizure of LockBit ransomware gang’s dark web leak site
A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark-web leak site — where the group publicly lists its victims and threatens…
Why are ransomware gangs making so much money?
For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports…
Tech giants sign voluntary pledge to fight election-related deepfakes
Tech companies are pledging to fight election-related deepfakes as policymakers amp up pressure. Today at the Munich Security Conference, vendors including Microsoft, Meta, Google, Amazon, Adobe and IBM signed an accord signaling their intention to adopt a common framework for…
Spyware startup Variston is losing staff — some say it’s closing
In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits…
Spyware startup Variston is losing staff, some say it’s closing
In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Windows Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits…
LockBit claims cyberattack on Indian broker Motilal Oswal
The prolific ransomware gang LockBit has claimed responsibility for hacking one of India’s top brokerage firms, Motilal Oswal. Indian authorities say they are aware and investigating the incident. On Tuesday, LockBit added the Indian brokerage giant Motilal Oswal to its…
Why Sequoia is funding open source developers via a new equity-free fellowship
Sequoia Capital plans to fund up to three open source software developers annually, as a continuation of a program it debuted last year. The Silicon Valley venture capital firm announced the Sequoia Open Source Fellowship last May, but it was…
BMW security lapse exposed sensitive company information, researcher finds
A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed…
UK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customers
U.K.-based water utility Southern Water has confirmed that hackers stole the personal data of as many as 470,000 customers in a recent data breach. Southern Water, which provides water and wastewater services to millions of people across the South East…
US military notifies 20,000 of data breach after cloud email leak
The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the…
KTrust launches an automated red team for Kubernetes security
KTrust, a Tel Aviv-based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive…
Fertility tracker Glow fixes bug that exposed users’ personal data
A bug in the online forum for the fertility tracking app Glow exposed the personal data of around 25 million users, according to a security researcher. The bug exposed users’ first and last names, self-reported age group (such as children…
Seal Security wants to make open-source vulnerability remediation easy
Seal Security, a Tel Aviv-based startup founded by a group of former members of Israel’s Unit 8200 intelligence unit, is coming out of stealth today and announcing a $7.4 million seed funding round like by Vertex Ventures Israel, with participation…
Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?
A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never…
Bugcrowd snaps up $102M for a ‘bug bounty’ security platform that taps 500K+ hackers
Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities…
‘World’s biggest casino’ app exposed customers’ personal data
The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web. Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The…
Apple defends parts pairing as Oregon mulls right-to-repair bill
Oregon may soon become the latest state to pass right-to-repair legislation. Last month, Google lent its support in an open letter, calling Senate Bill 1596 “a compelling model for other states to follow.” The bill, sponsored by a sextet of…
Researchers say attackers are mass-exploiting new Ivanti VPN flaw
Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure,…
Google saves your conversations with Gemini for years by default
Don’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in…
Security flaw in a popular smart helmet allowed silent location tracking
The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to…
Closinglock, now with $12M, wants to prevent the 1 in 10 real estate transactions targeted for fraud
Users log into Closinglock’s portal where real estate transaction wiring instructions are accessed instead of provided via email. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…
Google starts blocking users from sideloading certain apps in Singapore
To reduce financial scams, Google has started a new program to prevent users from sideloading certain apps in Singapore. The company is looking to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications.…
China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’
China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.S. intelligence agencies warned on Wednesday. Volt Typhoon, a state-sponsored group of hackers based in…
Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation
Just two years ago, VC funding to cybersecurity startups was on fire. $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that — the result of the exceptional surge in 2021, bloated…
Confirmed: Entrust is buying AI-based ID verification startup Onfido, sources say for more than $400M
Onfido, an early mover in the world of identity verification using computer vision and other AI tools, is getting acquired, TechCrunch has learned and confirmed. Entrust — the privately-held company that provides a range of certification and verification services around…
Mozilla Monitor’s new service removes your personal info from data broker sites automatically
Mozilla today is introducing a new subscription service that will help people locate and remove their personal and sensitive information from data broker websites around the web. This includes the ability to remove your phone number, email, home address, and…
Government hackers targeted iPhones owners with zero-days, Google says
Government hackers last year exploited three unknown vulnerabilities in Apple’s iPhone operating system to target victims with spyware developed by a European startup, according to Google. On Tuesday, Google’s Threat Analysis Group, the company’s team that investigates nation-backed hacking, published…
Attack surface management platform Ionix adds another $15M to its $27M Series A round
Ionix (formerly Cyberpion) helps enterprises reduce their attack surface by giving them a better view of their overall security posture and software supply chain across on-premises, cloud and third-party platforms and services. The company today announced that it has added…
HopSkipDrive says personal data of 155,000 drivers stolen in data breach
Student rideshare startup HopSkipDrive has confirmed a data breach involving the personal data of more than 155,000 drivers. Los Angeles-based HopSkipDrive offers an Uber-style rideshare service for children and teenagers. The startup, which has raised at least $90 million since…
Remote access giant AnyDesk resets passwords and revokes certificates after hack
Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a week. AnyDesk’s software is used by millions of IT professionals to…
Thoma Bravo takes critical event management software company Everbridge private in $1.5B deal
Everbridge, a critical event management (CEM) software company, is going private in a $1.5 billion all-cash deal that will see it taken over by private equity giant Thoma Bravo. Founded in 2002 initially as 3N Global, Everbridge helps governments and…
Yandex to sell its remaining Russian businesses for $5.2B — half its market value
Yandex N.V., the Dutch parent company of the eponymous Russian internet giant, is selling the last of its remaining Russian businesses at a steep discount, following sanctions imposed in the wake of the Russia’s invasion of Ukraine two years ago.…
Stalkerware apps PhoneSpector and Highster appear shut down after NY settlement
The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…
Stalkerware apps PhoneSpector and Highster appear shut down
The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…
Stalkerware apps PhoneSpector and Highster appear to shut down
The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance…
FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach
Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a U.S.-based company that provides financial and administrative software to…
Here is Apple’s official ‘jailbroken’ iPhone for security researchers
In 2019, Apple announced it would start sending some security researchers a “special” version of the iPhone designed to be used to find vulnerabilities, which could then be reported to Apple so the company could fix them. In 2020, the…
US gives federal agencies 48 hours to disconnect flawed Ivanti VPN tech
U.S. cybersecurity agency CISA has ordered federal agencies to urgently disconnect Ivanti VPN appliances given the risk of malicious exploitation due to multiple software flaws. In an update to an emergency directive first published last week, CISA is now mandating…
Okta lays off 400 employees — almost exactly a year after last staff cuts
U.S. access and identity management giant Okta has said it is laying off approximately 400 employees, or 7% of its global workforce. The layoffs come almost exactly a year to the day after Okta announced plans to reduce its workforce…
Europcar says someone likely used ChatGPT to promote a fake data breach
On Sunday, a user in a well-known hacking forum advertised what they claimed was a cache of stolen data from the rental car giant Europcar. The user claimed to have stolen the personal information of more than 48 million Europcar…
Apple fixes zero-day bug in Apple Vision Pro that ‘may have been exploited’
A day after reporters published their first hands-on review of Apple’s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability that “may have been exploited” by hackers in the wild.…
US disrupts China-backed hacking operation amid warning of threat to American infrastructure
The U.S. government announced Wednesday it had disrupted a China-backed hacking operation targeting U.S. critical infrastructure, amid warnings that Beijing is preparing to cause “real-world harm” to Americans in the event of a future conflict. Speaking during a U.S. House…
Hackers steal $112 million of XRP Ripple cryptocurrency
On Tuesday, hackers stole around $112 million of the Ripple-focused cryptocurrency XRP from a crypto wallet, Ripple’s co-founder and executive chairman has disclosed. Ripple’s Chris Larsen said on Wednesday that the stolen crypto was his. Larsen wrote on X (previously…
Security giant Proofpoint is laying off 280 employees, about 6% of its workforce
Proofpoint is laying off about 6% of its global workforce, or 280 employees, the company confirmed to TechCrunch. “This decision was not taken lightly, and it is deeply rooted in our forward-looking company strategy of aligning our investments and hiring…
Ivanti patches two zero-days under attack, but finds another
Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, Chinese state-backed hackers have been exploiting Ivanti Connect Secure’s flaws — tracked as CVE-2023-46805 and CVE-2024-21887 —…
Oasis Security leaves stealth with $40M to lock down the wild west of non-human identity management
When people hear the term “identity management” in an enterprise context, they typically think of apps that help users authenticate who they are on a network in order to access certain services. In a security context, however, human users are…
Indian state government fixes website bugs that exposed residents’ sensitive documents
An Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents. The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide…