Category: Security | TechCrunch

The mass-exploitation of MOVEit Transfer software has rapidly cemented itself as the largest hack of the year so far. While the full impact of the attack will likely remain untold for months to come, there are now more than 1,000…

Read more →

Byju’s, the edtech giant and India’s most valuable startup, has fixed a server-side misconfiguration that was exposing the sensitive data of its students. The Indian startup exposed some students’ names, phone numbers, addresses and email IDs. The exposed data also…

Read more →

There’s a growing number of cybersecurity regulations designed to keep business and customer data protected. In 2022 alone, over 40 U.S. states introduced 250 bills focused on cybersecurity, according to the National Conference of State Legislatures. And more are on…

Read more →

When Window Snyder started security infrastructure startup Thistle Technologies in 2020, she already had a decades-long career in cybersecurity under her belt. Snyder first made waves as a senior security strategist at Microsoft, where she is credited with pushing the…

Read more →

Cloud host CloudNordic says most of its customers have “lost all data with us” following a ransomware attack on its datacenter systems, including its backups. The Denmark-based cloud company said the ransomware attack began Friday, during which cybercriminals “shut down…

Read more →

As companies move to the cloud, keeping data secure is always front of mind. While Google is quick to point out that it has never had an exploit in Google Workspace, it doesn’t mean it isn’t working to continually stay…

Read more →

We’ve all seen headlines about major hacks and data breaches of major companies — it can feel like nobody’s safe. Security is a constant learning curve, and what we learn when things go wrong can help defend against similar threats…

Read more →

The U.S. government said it believes North Korean hackers are preparing to cash out millions of dollars stolen during a spate of high-profile crypto hacks. On Tuesday, the FBI warned cryptocurrency companies about recent blockchain activity connected to the theft…

Read more →

Apu Pavithran Contributor Apu Pavithran is the founder and CEO of Hexnode. The Internet of Things (IoT) is in hacker crosshairs. Last year, more than 110 million IoT malware attacks took place — an 87% increase from the previous 12…

Read more →

Cybercriminals are exploiting a zero-day vulnerability in WinRAR, the venerable shareware archiving tool for Windows, to target traders and steal funds. Cybersecurity company Group-IB discovered the vulnerability, which affects the processing of the ZIP file format by WinRAR, in June.…

Read more →

Meta said today that the company plans to enable end-to-end encryption by default for Messenger by the end of this year. The tech giant is also expanding its test of end-to-end encryption features to “millions more people’s chats.” The company…

Read more →

U.S. software giant Ivanti has scrambled to patch another zero-day vulnerability under active attack. The vulnerability, tracked as CVE-2023-38035 with a vulnerability severity rating of 9.8 out of 10, affects the software company’s Sentry product. Ivanti Sentry (formerly MobileIron Sentry)…

Read more →

Bel Lepe, a former Google software engineer, tells me that it always seemed risky to him that there were apps business users needed and used, but that IT and security teams were unwilling to approve them because of their lack…

Read more →

Tesla has said that insider wrongdoing was to blame for a data breach affecting more than 75,000 company employees. Tesla, the electric car maker owned by Elon Musk, said in a data breach notice filed with Maine’s attorney general that…

Read more →

For years, cops and other government authorities all over the world have been using phone hacking technology provided by Cellebrite to unlock phones and obtain the data within. And the company has been keen on keeping the use of its…

Read more →

ProjectDiscovery, a platform that detects new, exploitable vulnerabilities in codebases, today announced that it raised $25 million in a Series A funding round led by CRV with participation from Point72, SignalFire, Rain Capital, Mango Capital, Accel and Lightspeed. ProjectDiscovery began…

Read more →

Hackers are exploiting a newly discovered vulnerability in yet another enterprise file transfer software, the U.S. government’s cybersecurity agency has warned. CISA on Wednesday added a vulnerability in Citrix ShareFile, tracked as CVE-2023-24489, to its Known Exploited Vulnerabilities (KEV) catalog.…

Read more →

Attendees at Def Con, one of the world’s largest hacking conferences, are used to weird shenanigans, such as a seemingly innocuous wall of computer screens that display people’s passwords sniffed over the conference Wi-Fi network. But at this year’s event,…

Read more →

U.S. House lawmaker Rep. Don Bacon said the FBI warned him that China-backed hackers who used a stolen Microsoft key to raid the email accounts of senior U.S. government officials also accessed his email accounts. In a tweet, the Republican…

Read more →

The relationship between American tech giants and the Chinese government has never been an easy one. We reported previously how Apple finds itself in a predicament as it strives to conquer the colossal smartphone market in China, the world’s largest.…

Read more →

SecureWorks said Monday it will let go of 15% of its workforce, the cybersecurity company’s second round of layoffs this year. In a regulatory filing, SecureWorks said that it would incur about $14.2 million in expenses due to the layoffs,…

Read more →

Several attendees at the hacking conference Def Con reported seeing mysterious and persistent pop ups prompting them to use their Apple ID to connect to an Apple TV, or to share a password with an Apple TV nearby, according to…

Read more →

Millions of Americans had their sensitive medical and health information stolen after hackers exploiting a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM. Colorado’s Department of Health Care Policy and Financing…

Read more →

Sara Behar Contributor Sara Behar is a content manager at YL Ventures, where she promotes the firm’s cybersecurity expertise and provides value-add support to the firm’s portfolio companies with content creation and strategic initiatives. Even in the usually exciting world…

Read more →

Hackers could have hijacked the user accounts of a popular transportation app and used them to get free rides and access people’s personal information, according to a security researcher. Omer Attias, a security researcher at SafeBreach, said he found three…

Read more →

In 2016, hackers using a network of compromised internet-connected devices — vulnerable security cameras and routers — knocked some of the then biggest websites on the internet offline for several hours. Twitter, Reddit, GitHub and Spotify all went down intermittently…

Read more →

A U.S. review board tasked with investigating major cybersecurity incidents said it will begin looking at the recent intrusion of U.S. government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and…

Read more →

While zero-day exploits are hard to defend against, the software industry must come together and do more to improve security across the board. This article has been indexed from Security | TechCrunch Read the original article: The MOVEit mass hacks…

Read more →

Veza, a platform that helps to secure identity access across apps, data systems and cloud infrastructure, today announced that it raised $15 million in a funding round led by Capital One Ventures and ServiceNow — valuing the company at $415…

Read more →

U.K. cybersecurity giant NCC Group has confirmed it’s making more layoffs, just months after it slashed its workforce by 7%. The Manchester, U.K.-based company is undergoing its second round of layoffs in just six months, a person with knowledge of…

Read more →

There is yet more M&A coming out of the security industry. In the latest development, Check Point, the enterprise cybersecurity company, has picked up Perimeter 81 to beef up its tools for remote and hybrid workers. Check Point will pay…

Read more →

Osano, an Austin, Texas-based startup developing a platform to help companies manage their data privacy, today announced that it raised $25 million in a Series B funding round led by Baird Capital with Jump Capital, LiveOak, NextCoast and TDF. In…

Read more →

Hackers with apparent links to the Belarusian government have been targeting foreign diplomats in the country for nearly 10 years, according to security researchers. On Thursday, antivirus firm ESET published a report that details the activities of a newly discovered…

Read more →

Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it. That’s pretty much what two security researchers did thanks to a large network of computers set up as a…

Read more →

As a part of an ongoing White House initiative to make software more secure, the Defense Advanced Research Projects Agency (DARPA) plans to launch a two-year contest, the AI Cyber Challenge, that’ll task competitors with identifying and fixing software vulnerabilities…

Read more →

As organizations embrace cloud services — and are forced to confront changing regulations and data use standards — their ability to maintain control of data security frequently becomes strained. If they lose that control, the consequences can be quite severe.…

Read more →

U.S. cybersecurity giant Rapid7 has announced plans to lay off 18% of its workforce, affecting more than 400 global employees. In a regulatory filing, the Boston-based cybersecurity company said its restructuring effort is “designed to improve operational efficiencies, reduce operating…

Read more →

A catastrophic breach of the United Kingdom electoral register affects tens of millions of residents following a cyberattack at the U.K. Electoral Commission. With data on more than 40 million voters accessed by unnamed hackers, the cyberattack is already one…

Read more →

Google announced today it’s making its Messages by Google app more secure with improvements to RCS, or Rich Communication Services — a protocol aimed at replacing SMS and is more on par with the advanced features found in Apple’s iMessage.…

Read more →

Cybersecurity startups, in particular those hatched in Israel, have been getting scooped up a rapid pace by larger tech companies looking to bolt on new capabilities to address business customers’ growing security needs as they adopt new technologies themselves. In…

Read more →

Cybersecurity startups, in particular those hatched in Israel, have been getting scooped up a rapid pace by larger tech companies looking to bolt on new capabilities to address business customers’ growing security needs as they adopt new technologies themselves. In…

Read more →

The personal information of approximately 40 million U.K. voters was exposed to hackers for more than a year after the Electoral Commission fell victim to a “complex cyberattack”. The Electoral Commission, the watchdog responsible for overseeing elections in the U.K.,…

Read more →

Cybersecurity funding is falling after enjoying impressive heights in the last few years. According to Crunchbase, VC financing for security declined to just over $1.6 billion in Q2 2023, marking a 63% drop compared to the same quarter last year…

Read more →

Colorado’s state government has warned students and teachers that hackers may have accessed their personal information — dating as far back as 2004. In a notice on its website, the Colorado Department of Higher Education (CDHE) confirmed it experienced a…

Read more →

Colorado’s state government has warned students and teachers in the state that hackers may have accessed their personal information — dating back as far as 2004. In a notice on its website, the Colorado Department of Higher Education (CDHE) confirmed…

Read more →

Poland-based spyware LetMeSpy is no longer operational and said it will shut down after a June data breach wiped out its servers, including its huge trove of data stolen from thousands of victims’ phones. In a notice on its website…

Read more →

Israel’s National Cybersecurity Directorate said there was “no breach” of its network after passwords belonging to a senior agency official were stolen from their home computer earlier this year and published online. A security researcher, who asked not to be…

Read more →

After the band played Miles Davis’ Seven Steps to Heaven, and an effusive introduction from the head of the school, Window Snyder stands in front of a hall filled with around 800 students at her old high school to receive…

Read more →

Hackers behind the mass-exploitation of a vulnerability in the popular corporate file transfer tool MOVEit Transfer have accessed the protected health information of 1.7 million Oregon citizens. Performance Health Technology (PH Tech), a company that provides data management services to…

Read more →

A group of researchers said they have found a way to hack the hardware underpinning Tesla’s infotainment system, allowing them to get what normally would be paid upgrades — such as heated rear seats — for free. By doing this,…

Read more →

Endor Labs, which offers a platform developers can use to manage and secure their open source dependencies, today closed a $70 million Series A round led by Lightspeed Venture Partners with participation from Coatue, Dell Technologies Capital, Section 32 and…

Read more →

Russian state-sponsored hackers posed as technical support staff on Microsoft Teams to compromise dozens of global organizations, including government agencies. Microsoft security researchers said on Wednesday that the “highly targeted” social engineering campaign was carried out by a Russian state-sponsored…

Read more →

HackerOne, a widely known bug bounty and penetration testing platform, is cutting up to 12% of its workforce as the global economic slowdown continues to impact the tech community. The San Francisco-based startup announced its layoffs on Wednesday, TechCrunch learned…

Read more →

Travel giant Mondee has secured an exposed database that was spilling sensitive customer information, including detailed flight and hotel itineraries and unencrypted credit card numbers. Anurag Sen, a good-faith security researcher known for discovering inadvertently exposed data on the internet,…

Read more →

Hackers exploited a zero-day flaw in Ivanti’s mobile endpoint management software undetected for at least three months, U.S. and Norwegian cybersecurity agencies have warned. It was confirmed last week that hackers had compromised multiple Norwegian government agencies by exploiting a…

Read more →

The troves of data collected by today’s modern connected cars has long been viewed as a cash cow — a yet untapped opportunity that could boost profits for automakers. Now one California agency wants to know exactly how that data…

Read more →

A little-known cloud company provided web hosting and internet services to more than two dozen different state-sponsored hacking groups and commercial spyware operators, according to researchers at cybersecurity company Halcyon. In a report released on Tuesday, Halcyon said it had…

Read more →

As tools for building AI systems, particularly large language models  (LLMs), get easier and cheaper, some are using them for unsavory purposes, like generating malicious code or phishing campaigns. But the threat of AI-accelerated hackers isn’t quite as dire as…

Read more →

Socket, a startup that provides a scanning tool to detect security vulnerabilities in open source code, today announced that it raised $20 million in a Series A round led by Andreessen Horowitz (a16z). The tranche had participation from Abstract Ventures,…

Read more →

For around a month, hackers have been infecting players of Call of Duty: Modern Warfare 2 with a self-spreading malware, also known as a worm. To do that, the hackers are exploiting a bug that was reported to the game’s…

Read more →

Cyble, a cybersecurity startup that styles itself as a “threat intelligence provider,” today announced that it raised $24 million in a Series B funding round co-led by Blackbird Ventures and King River Capital with participation from Spider Capital, January Capital,…

Read more →

When security systems are sourced from different vendors, it becomes even more challenging to detect and prevent attacks in a timely manner. This article has been indexed from Security | TechCrunch Read the original article: Strengthening security in a multi-SaaS…

Read more →

Success with security-by-design is at risk, both from the political challenges of implementation and the threat of unrealistic expectations. This article has been indexed from Security | TechCrunch Read the original article: CISA’s security-by-design initiative is at risk: Here’s a…

Read more →

The value of the global cyber insurance market reached $13.33 billion in 2022 and is projected to soar to $84.62 billion by 2030. This article has been indexed from Security | TechCrunch Read the original article: Cyber insurance audit: Painful…

Read more →

U.S. and Australian government cybersecurity agencies are warning that common and easily exploitable security vulnerabilities in websites and web apps can be abused to carry out large-scale data breaches. In a joint advisory published Thursday, U.S. cybersecurity agency CISA, the…

Read more →

Google today will begin to roll out a new safety feature, unknown tracker alerts, first announced at its developer event Google I/O this spring. The feature will allow Android users to be alerted automatically if an unknown Bluetooth device is…

Read more →

Many projects and companies would simply give up if they’d been hacked and had hundreds of millions stolen from their ecosystem partners, but it appears Wormhole isn’t one of them. This article has been indexed from Security | TechCrunch Read…

Read more →

Hackers are infecting players of an old Call of Duty game with a worm that spreads automatically in online lobbies, according to two analyses of the malware. On June 26, a user on a Steam forum alerted other players of…

Read more →

U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals. Virginia-based Maximus contracts with federal, state, and local governments to manage and…

Read more →

It sounds like another M&A deal is about to go down in the world of cybersecurity. Sources tell TechCrunch that CrowdStrike is in advanced negotiations to acquire Bionic.AI — a security posture management platform for cloud services — for between…

Read more →

It sounds like another M&A deal is about to go down in the world of cybersecurity. Sources tell TechCrunch that Crowdstrike is in advanced negotiations to acquire Bionic.AI — a security posture management platform for cloud services — for between…

Read more →

CardioComm Solutions, a Canadian provider of consumer and professional-grade heart monitoring technologies, has been downed by an ongoing cybersecurity incident. The Toronto-based organization said on Tuesday that its business operations will be “impacted for several days and potentially longer” following…

Read more →

Protect AI, a startup building tools to harden the security around AI systems, today announced that it raised $35 million in a Series A round led by Evolution Equity Partners with participation from Salesforce Ventures, Acrew Capital, boldstart ventures, Knollwood…

Read more →

Shai Gabay and Eli Ben-Nun, two entrepreneurs based in Israel, met in 2018 while working at Cynet, a cybersecurity startup developing extended detection and response tools. While there, they came to realize that there was a growing need to secure…

Read more →

Hackers exploited a zero-day flaw in Ivanti’s mobile endpoint management software to compromise a dozen Norwegian government agencies — and thousands of other organizations could also be at risk. The Norwegian Security and Service Organization (DSS) said in a statement…

Read more →

French aerospace and defence group Thales is procuring cybersecurity company Imperva from Thoma Bravo in a deal worth $3.6 billion. The news comes four years after private equity giant Thoma Bravo acquired Imperva for $2.1 billion, taking the San Mateo-based…

Read more →

A phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows. Spyhide is a widely-used stalkerware (or spouseware) app that is planted on a victim’s phone,…

Read more →

Security researchers say they have high confidence that North Korean hackers were behind a recent intrusion at enterprise software company JumpCloud because of a mistake the hackers made. Mandiant, which is assisting one of JumpCloud’s affected customers, attributed the breach…

Read more →

Thousands of companies could be at risk from an actively exploited Citrix zero-day that hackers have already abused to target at least one critical infrastructure organization in the United States. Citrix last week sounded the alarm about the critical-rated flaw,…

Read more →

Google fixed a zero-day in Chrome that was found by an Apple employee, according to comments in the official bug report. While the bug itself is not newsworthy, the circumstances of how this bug was found and reported to Google…

Read more →

A network of fake sellers, created with forged documents, allowed a global phone surveillance ring to operate under the radar for years. This article has been indexed from Security | TechCrunch Read the original article: Fake passports, real bank accounts:…

Read more →

North Korean state-backed hackers breached U.S. enterprise software company JumpCloud to target its cryptocurrency clients, security researchers said on Thursday. JumpCloud, a directory platform that allows enterprises to authenticate, authorize and manage users and devices, said this week that a…

Read more →

More victims of the mass-hacks targeting users of MOVEit Transfer, a popular file-transfer application, are coming forward as the number of known impacted organizations reaches almost 400. U.S. cosmetics giant Estée Lauder said in a statement that an unauthorized third-party…

Read more →

A few times per day, I get a message that asks something along the lines of: “How much do you charge for a guest article on TechCrunch?” People are trying to get inbound links from TechCrunch for SEO reasons. The…

Read more →

The U.S. government put Intellexa and Cytrox, two European spyware makers, on an economic denylist on Tuesday. The addition of the two companies, based in Greece and Hungary, as well as two related entities in Ireland and North Macedonia, is…

Read more →

The U.S. government put Intellexa and Cytrox, two European spyware makers, on an economic denylist on Tuesday. The addition of the two companies, based in Greece and Hungary, as well as two related entities in Ireland and North Macedonia, is…

Read more →

After years of growth, funding for cybersecurity startups is beginning to slow down, a symptom of the broader economic malaise and — perhaps — market oversaturation. According to a recent note from Pinpoint Search Group, cybersecurity funding dipped 55% in…

Read more →

The U.S. government put Intellexa and Cytrox, two European spyware makers, on an economic denylist on Tuesday. The addition of the two companies, based in Greece and Hungary, as well as two related entities in Ireland and North Macedonia, is…

Read more →

The Biden administration has launched its long-awaited Internet of Things (IoT) cybersecurity labeling program that aims to protect Americans against the myriad of security risks associated with internet-connected devices. The program, officially named the “U.S. Cyber Trust Mark,” aims to…

Read more →

Identity verification platform for businesses, Bureau, has added $4.5 million in its Series A, bringing its total to $16.5 million. The funding was raised from GMO Venture Partners and GMO Payment Gateway. Other investors in the round include Quona Capital…

Read more →

Microsoft still doesn’t know — or want to share — how China-backed hackers stole a key that allowed them to stealthily break into dozens of email inboxes, including those belonging to several federal government agencies. In a blog post Friday,…

Read more →

Identity and access management firm JumpCloud says it reset customers’ API keys after nation-state hackers breached its systems. JumpCloud, a directory platform that allows enterprises to authenticate, authorize, and manage users and devices, last week told customers that it had…

Read more →

In 2015, Pieter Danhieux and Matias Madou, both cybersecurity analysts, came to the realization that they wanted to provide a way to make software more secure by empowering developers with the skills and tools to enhance their speed of delivery.…

Read more →

Security researchers have discovered numerous vulnerabilities in Honeywell devices used in critical industries that could, if exploited, allow hackers to cause physical disruption and potentially impact the safety of human lives. Researchers at Armis, a cybersecurity company specializing in asset…

Read more →

Despite declining funding levels and higher rate of attacks, cybersecurity investors remain optimistic. Here’s why. 8 VCs explain why there’s good reason to be optimistic about cybersecurity by Carly Page originally published on TechCrunch This article has been indexed from…

Read more →

Chinese hackers exploited a flaw in Microsoft’s cloud email service to gain access to the email accounts of U.S. government employees, the technology giant has confirmed. The hacking group, tracked as Storm-0558, compromised approximately 25 email accounts, including government agencies,…

Read more →

San Francisco-based cybersecurity startup Coalition is acquiring Jumbo, a mobile app that lets you control your privacy on the web. I have covered Jumbo several times over the past few years, so it’s time to close the loop on this…

Read more →

The U.S. government accused a cybersecurity professional of hacking a cryptocurrency exchange and stealing around $9 million in cryptocurrency, in what looks like a case of an ethical hacker turning rogue, then trying to appear ethical again. In a press…

Read more →

The Bangladeshi government on Sunday took down citizens’ sensitive data that it had left exposed online. On Friday, TechCrunch reported that a website belonging to the government of Bangladesh was leaking the personal information of the country’s citizens, including full…

Read more →

Software-as-a-service (SaaS) apps are an essential part of how many companies do business. But when the number of apps grows beyond a certain threshold, it can be difficult to secure them. According to Statista, in 2022, organizations worldwide were using…

Read more →