Category: Security News | TechCrunch

The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens. A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers,…

Read more →

Seven open source foundations are coming together to create common specifications and standards for Europe’s Cyber Resilience Act (CRA), regulation adopted by the European Parliament last month. The Apache Software Foundation, Blender Foundation, Eclipse Foundation, OpenSSL Software Foundation, PHP Foundation, Python…

Read more →

Rubrik initially presents as a moderately growing software business with net losses that stretched to $354 million in its most recent fiscal year. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security…

Read more →

Seven open source foundations are coming together to create common specifications and standards for Europe’s Cyber Resilience Act (CRA), regulation adopted by the European Parliament last month. The Apache Software Foundation, Blender Foundation, Eclipse Foundation, OpenSSL Software Foundation, PHP Foundation, Python…

Read more →

Death, taxes, and regular, terrifying cybersecurity leaks. Those are the facts of life, as the latest AT&T data breach is teaching us yet again. A TechCrunch investigation into leaked customer data from the American telco giant has led to AT&T…

Read more →

Reverse searches cast a digital dragnet over a tech company’s store of user data to catch the information that police are looking for. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security…

Read more →

Security researcher told TechCrunch that leaked AT&T customer data contained encrypted account passcodes that can be easily unscrambled. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →

Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned. At this point, the hackers’ specific goals — apart from stealing passwords for various types of accounts —…

Read more →

The government’s reward for information now extends to ALPHV’s affiliates, which claimed responsibility for a massive weeks-long healthcare cyberattack. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read…

Read more →

Enterprises and other large organizations have long been a lucrative and obvious target for cybercriminals, but in recent years — thanks to more sophisticated breach techniques and the rise of AI — small and medium businesses are now also very…

Read more →

StealthMole, an AI-powered dark web intelligence startup that specializes in monitoring cyber threats and detecting cybercrime, announced Thursday that it has raised a $7 million Series A funding round. The Singapore-headquartered startup with an R&D office in South Korea will…

Read more →

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed…

Read more →

A cybersecurity startup called Cyera is betting that the next big challenge in enterprise data protection will be AI, and it’s raising a big round of funding as demand picks up for it. The company — which builds AI-enhanced tools…

Read more →

A cybersecurity startup called Cyera is betting that the next big challenge in enterprise data protection will be AI, and it’s raising a big round of funding as demand picks up for it. The company — which builds AI-enhanced tools…

Read more →

A cybersecurity startup called Cyera is betting that the next big challenge in enterprise data protection will be AI, and it’s raising a big round of funding as demand picks up for it. The company — which builds AI-enhanced tools…

Read more →

A cybersecurity startup called Cyera is betting that the next big challenge in enterprise data protection will be AI, and it’s raising a big round of funding as demand picks up for it. The company — which builds AI-enhanced tools…

Read more →

It’s the first time the United Kingdom has attributed the massive breach of millions of citizens’ voter data since the cyberattack was first disclosed in 2023. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been…

Read more →

Customers say leaked AT&T customer data — names, addresses, phone numbers and Social Security numbers — is accurate. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →

On Monday, the Biden administration announced that six new countries had joined an international coalition to fight the proliferation of commercial spyware, sold by companies such as NSO Group or Intellexa. Now, some investors have announced that they too are…

Read more →

The U.S. Department of Justice sued Apple Thursday over monopolistic practices. The complaint accuses Apple of moulding its privacy and security practices in ways that benefits the company financially. One quote particularly jumps out where the DOJ calls Apple’s privacy…

Read more →

The U.S. Department of Transportation announced its first industry-wide review of data security and privacy policies across the largest U.S. airlines. The DOT said in a press release Thursday that the review will examine whether U.S. airline giants are properly…

Read more →

One user said Glassdoor pulled her full name from an email and added it to her profile. Another user said it wasn’t clear how Glassdoor got his data. © 2024 TechCrunch. All rights reserved. For personal use only. This article…

Read more →

It’s a bad day for bugs. Earlier today, Sentry announced its AI Autofix feature for debugging production code and now, a few hours later, GitHub is launching the first beta of its code scanning autofix feature for finding and fixing…

Read more →

On Sunday, the world of video games was shaken by a hacking and cheating scandal. During a competitive esports tournament of Apex Legends, a free-to-play shooter video game played by hundreds of thousands of players daily, hackers appeared to insert…

Read more →

It’s a bad day for bugs. Earlier today, Sentry announced its AI Autofix feature for debugging production code and now, a few hours later, GitHub is launching the first beta of its code scanning autofix feature for finding and fixing…

Read more →

The Pokémon Company said it detected hacking attempts against some of its users and reset those user account passwords. Last week, an alert was visible on Pokémon’s official support website that said, “Following an attempt to compromise our account system,…

Read more →

The Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords. Last week, an alert was visible on Pokemon’s official support website, which said that “following an attempt to compromise our account…

Read more →

Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week. Mintlify helps developers create documentation for their software and source code by requesting access…

Read more →

On Sunday, two competitive esports players appeared to get hacked during a live streamed game, prompting the organizers to postpone the tournament. Players were competing in the Apex Legends Global Series, a competitive esports tournament for the popular shooter game…

Read more →

Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on multiple work computers at our company, and as a result…

Read more →

Over the years TechCrunch has extensively covered data breaches. In fact, some of our most-read stories have come from reporting on huge data breaches, such as revealing shoddy security practices at startups holding sensitive genetic information through to disproving privacy…

Read more →

Google announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list — all without sharing your browsing habits with Google. Previously, Chrome downloaded…

Read more →

Google announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list — all without sharing your browsing habits with Google. Previously, Chrome downloaded…

Read more →

After a shakeup at Kleiner Perkins a few years back, one of its star B2B investors, Ted Schlein, started his own firm. Ballistic has already closed a second fund, even bigger than the first. © 2024 TechCrunch. All rights reserved.…

Read more →

Youverify, a Nigerian provider of identity verification and anti-money laundering (AML) solutions for banks and startups, secured a $2.5 million investment from Elm, which specializes in offering ready-made and customized digital solutions to public and private institutions in Saudi Arabia.…

Read more →

The Irish government fixed a vulnerability two years ago in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents. But details of the vulnerability weren’t revealed until this week after attempts to coordinate public…

Read more →

Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk…

Read more →

Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes, and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk…

Read more →

To give AI-focused women academics and others their well-deserved — and overdue — time in the spotlight, TechCrunch is launching a series of interviews focusing on remarkable women who’ve contributed to the AI revolution. We’ll publish several pieces throughout the…

Read more →

A cyberattack at U.S. health tech giant Change Healthcare has ground much of the U.S. healthcare system to a halt for the second week in a row. Hospitals have been unable to check insurance benefits of in-patient stays, handle the…

Read more →

Earlier this week, the U.S. government announced sanctions against the founder of a controversial government spyware maker, Tal Dilian, and his business associate, Sara Aleksandra Fayssal Hamou. In announcing the sanctions, U.S. Treasury officials accused Dilian and Hamou of developing…

Read more →

On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year. This time, the Russian hackers dubbed Midnight Blizzard have targeted Microsoft’s source code and other internal systems, the company…

Read more →

India’s federal election commission has fixed flaws on its website that exposed data related to citizens’ requests for information related to their voting eligibility status, local political candidates and parties, and technical details about electronic voting machines. India is heading…

Read more →

Thanks to an uncertain economy, cybersecurity budgets are in a tight spot. According to a 2023 survey from IANS and recruiting firm Artico Search, more than a third of chief information security officers (CISOs) kept their security spending the same…

Read more →

Anonymous social apps are in for a reckoning. Yes, again. This week, University of North Carolina (UNC) System President Peter Hans announced a plan to block the use of popular anonymous social apps on campus, including Yik Yak, Fizz, Whisper,…

Read more →

Homomorphic encryption, a complex technique that uses cryptographic algorithms to keep data secure as it travels around networks and to third parties, continues to elude mass-market scalability and thus adoption — not least because currently, the complexity that makes it…

Read more →

The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is the first time the U.S. government has targeted specific people, in addition to companies, with sanctions related…

Read more →

Axonius, one of the bigger players in the world of enterprise asset management — understanding and monitoring the digital assets and infrastructure that make up an organization’s network — has raised $200 million more in funding to expand its business…

Read more →

In his quest to turn a simple and functioning Twitter app into X, the everything app that doesn’t do anything very well, Elon Musk launched audio and video calling on X last week — and this new feature is switched…

Read more →

Adding usernames to a messaging app may seem like a standard feature, but for Signal, such identifiers were anathema to its mission of total privacy and security — until now. The upcoming 7.0 version adds usernames, but the company’s president,…

Read more →

As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. U.S. officials have long urged against paying ransom demands. But while several U.S. states — including North Carolina…

Read more →

Everbridge, a critical event management (CEM) software company, is going private in a $1.8 billion all-cash deal that will see it taken over by private equity giant Thoma Bravo — 20% more than what was originally announced last month.* Founded…

Read more →

The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesperson Edward Bennett confirmed in an emailed statement to TechCrunch on Friday that…

Read more →

A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts. The Asian technology…

Read more →

A U.S. government watchdog stole more than one gigabyte of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The good news: The data was fake and part of a series of tests to…

Read more →

U.S. health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue…

Read more →

Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer Reports. On Thursday, the non-profit Consumer Reports published research that…

Read more →

Silence Laboratories, a startup that builds infrastructure using multiparty computation (MPC) to help enterprises keep data private and safe, said it has raised a $4.1 million funding round. Pi Ventures and Kira Studio co-led the recent funding, which brings its total raised…

Read more →

Paris-based cybersecurity startup Filigran is capitalizing on the success of OpenCTI to build a suite of open-source threat management products. The company has already found some early traction with OpenCTI, its open-source threat intelligence platform. That’s why the company recently…

Read more →

Anycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems. Numerous threads on news sharing site Reddit show similar reports (hat tip to @dan)…

Read more →

Days after it was knocked offline by a sweeping, years-in-the-making law enforcement operation, the notorious Russia-based LockBit ransomware group has returned to the dark web with a new leak site complete with a number of new victims. In a verbose,…

Read more →

An ongoing cyberattack at U.S. health tech giant Change Healthcare that sparked outages and disruption to hospitals and pharmacies across the U.S. for the past week was caused by ransomware, TechCrunch has learned. A healthcare executive with knowledge of the…

Read more →

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.…

Read more →

Security researchers say a pair of easy-to-exploit flaws in a popular remote access tool used by more than a million companies around the world are now being mass-exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.…

Read more →

Almost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed. The loan and mortgage giant company said in a data breach notice filed with Maine’s attorney general’s…

Read more →

Over the weekend, someone posted a cache of files and documents apparently stolen from the Chinese government hacking contractor, I-Soon. This leak gives cybersecurity researchers and rival governments an unprecedented chance to look behind the curtain of Chinese government hacking…

Read more →

Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. Researchers…

Read more →

U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected…

Read more →

The Federal Trade Commission on Thursday said it will ban the antivirus giant Avast from selling consumers’ web browsing data to advertisers after Avast claimed its products would prevent its users from online tracking. Avast also settled the federal regulator’s…

Read more →

U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was “experiencing a network interruption related to a cyber security issue.” “Once we became aware of the outside threat,…

Read more →

Over the weekend, hackers targeted federated social networks like Mastodon to carry out ongoing spam attacks that were organized on Discord, and conducted using Discord applications. But Discord has yet to remove the server where the attacks are facilitated, and…

Read more →

Security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw. The maximum severity-rated vulnerability affects ConnectWise…

Read more →

Apple announced today it is upgrading iMessage’s security layer to post-quantum cryptography, starting in iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4. The technology giant said that in the coming years, quantum computers will be able to break today’s…

Read more →

A sweeping law enforcement operation led by the U.K.’s National Crime Agency this week took down LockBit, the notorious Russia-linked ransomware gang that has for years wreaked havoc on businesses, hospitals, and governments around the world. The action saw LockBit’s…

Read more →

The U.S. government has sanctioned two key members of LockBit, the Russian-speaking hacking and extortion gang accused of launching ransomware attacks against victims across the U.S. and internationally. In a post on Tuesday, the U.S. Treasury confirmed it is sanctioning…

Read more →

1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount. According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees…

Read more →

A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark web leak site — where the group publicly lists its victims and…

Read more →

A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark web leak site — where the group publicly lists its victims and…

Read more →

A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark-web leak site — where the group publicly lists its victims and threatens…

Read more →

For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports…

Read more →

Tech companies are pledging to fight election-related deepfakes as policymakers amp up pressure. Today at the Munich Security Conference, vendors including Microsoft, Meta, Google, Amazon, Adobe and IBM signed an accord signaling their intention to adopt a common framework for…

Read more →

In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits…

Read more →

In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Windows Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits…

Read more →

The prolific ransomware gang LockBit has claimed responsibility for hacking one of India’s top brokerage firms, Motilal Oswal. Indian authorities say they are aware and investigating the incident. On Tuesday, LockBit added the Indian brokerage giant Motilal Oswal to its…

Read more →

Sequoia Capital plans to fund up to three open source software developers annually, as a continuation of a program it debuted last year. The Silicon Valley venture capital firm announced the Sequoia Open Source Fellowship last May, but it was…

Read more →

A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed…

Read more →

U.K.-based water utility Southern Water has confirmed that hackers stole the personal data of as many as 470,000 customers in a recent data breach. Southern Water, which provides water and wastewater services to millions of people across the South East…

Read more →

The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the…

Read more →

KTrust, a Tel Aviv-based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive…

Read more →

A bug in the online forum for the fertility tracking app Glow exposed the personal data of around 25 million users, according to a security researcher. The bug exposed users’ first and last names, self-reported age group (such as children…

Read more →

Seal Security, a Tel Aviv-based startup founded by a group of former members of Israel’s Unit 8200 intelligence unit, is coming out of stealth today and announcing a $7.4 million seed funding round like by Vertex Ventures Israel, with participation…

Read more →

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never…

Read more →

Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities…

Read more →

The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web. Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The…

Read more →

Oregon may soon become the latest state to pass right-to-repair legislation. Last month, Google lent its support in an open letter, calling Senate Bill 1596 “a compelling model for other states to follow.” The bill, sponsored by a sextet of…

Read more →

Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure,…

Read more →

Don’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in…

Read more →

The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to…

Read more →

Users log into Closinglock’s portal where real estate transaction wiring instructions are accessed instead of provided via email. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →