Tag: Security News | TechCrunch

Wouldn’t you want to know what tech giants know about you? That’s exactly what Russian government hackers want, too. On Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 or Cozy Bear — and…

Read more →

LoanDepot customers say they have been unable to make mortgage payments or access their online accounts following a suspected ransomware attack on the company last week. The mortgage and loan giant said on January 8 that it was working to…

Read more →

The U.S. Federal Trade Commission has continued its crackdown on data brokers with a settlement banning data aggregation company InMarket from selling consumers’ precise location data. Texas-based InMarket, which debuted as CheckPoints at TechCrunch Disrupt 2010, provides a marketing platform that…

Read more →

VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, said Thursday that hackers stole the personal data of 35.5 million customers in a December cyberattack. The Denver, Colorado-based company reported the data breach…

Read more →

Internet monitoring firms say a near-total internet blackout in Gaza is reaching its seventh day, the longest outage of the ongoing Israel-Hamas conflict so far. Doug Madory, the director of internet analysis at Kentik, told TechCrunch in a Signal message…

Read more →

Google researchers say they have evidence that a notorious Russian-linked hacking group — tracked as “Cold River” — is evolving its tactics beyond phishing to target victims with data-stealing malware. Cold River, also known as “Callisto Group” and “Star Blizzard,”…

Read more →

Anyone who knows your WhatsApp number can figure out if you are only using the mobile app, or its companion web or desktop apps, a security researcher found. Tal Be’ery, the co-founder and CTO of crypto wallet maker ZenGo, found…

Read more →

Over the past year we’ve seen Uber’s former chief security officer convicted in federal court for mishandling a data breach, a federal regulator charge SolarWinds’ security chief with allegedly misleading investors prior to its own cyberattack, and new regulations that…

Read more →

Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely-used corporate VPN appliance. That’s according to cybersecurity company Volexity, which first reported last week that China state-backed hackers are exploiting the two unpatched flaws in Ivanti Connect Secure…

Read more →

Snyk, the well-funded developer-focused security company, today announced that it has acquired Helios, a Tel Aviv-based startup that helps developers troubleshoot and understand their microservices in production. Snyk will use Helios to bolster its recently launched AppRisk service, its application…

Read more →

Spot’s flagship product, VisionX, taps into deep learning and computer vision technologies to analyze consumer and theft behaviors. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →

U.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider. In an email sent to affected customers, Framework said that an employee at Keating Consulting, its primary external…

Read more →

Hyundai’s India subsidiary has fixed a bug that exposed its customers’ personal information in the South Asian market. TechCrunch reviewed a portion of the exposed data that included the registered owner name, mailing address, email address, and phone number of…

Read more →

Civil liberties advocates have long argued that “geofence” search warrants are unconstitutional for their ability to ensnare entirely innocent people who were nearby at the time a crime was committed. But errors in the geofence warrant applications that go before…

Read more →

U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month. Ivanti said the two vulnerabilities — tracked as…

Read more →

More trouble for European Union lawmakers in a controversial area of tech policymaking — namely the bloc’s proposed legislation to apply surveillance technologies, such as client-side scanning, to digital messaging to try to detect child sexual abuse material (CSAM). This…

Read more →

Texas-based care provider HMG Healthcare has confirmed that hackers accessed the personal data of residents and employees, but says it has been unable to determine what types of data were stolen. HMG Healthcare is headquartered in The Woodlands, Texas, and…

Read more →

Cybersecurity is a complex and multifaceted field, and even with thorough threat modeling, there’s always a risk of compromise. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read…

Read more →

Japanese tech giant Fujitsu is facing growing pressure from U.K. political quarters over its role in a scandal that saw hundreds of post office owners prosecuted for accounting discrepancies. But as Fujitsu has emerged as a leading protagonist in a…

Read more →

Real estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week. FNF said in a filing Tuesday with federal regulators: “We…

Read more →

Nation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see criminal and nation…

Read more →

The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users’ sensitive location data, the federal regulator said Tuesday. The first of its kind settlement prohibits X-Mode, now known as Outlogic, from sharing and…

Read more →

Nation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see criminal and nation…

Read more →

KYC, or “know your customer,” is a process intended to help financial institutions, fintech startups and banks verify the identity of their customers. Not uncommonly, KYC authentication involves “ID images,” or cross-checked selfies used to confirm a person is who…

Read more →

KYC, or “Know Your Customer,” is a process intended to help financial institutions, fintech startups and banks verify the identity of their customers. Not uncommonly, KYC authentication involves “ID images,” or cross-checked selfies used to confirm a person is who…

Read more →

Mortgage and loan giant LoanDepot said Monday it is experiencing a cyberattack and that it’s “working diligently to restore normal business operations as quickly as possible.” The Irvine, Calif.-based company said in a brief statement on its cybersecurity incident page…

Read more →

SentinelOne’s deal to acquire PingSafe valued the Peak XV-backed young startup at over $100 million, two sources familiar with the matter told TechCrunch, in one of the strongest and fastest deals emerging from India. The New York Stock Exchange-listed AI…

Read more →

An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims. San Francisco-based Orrick, Herrington & Sutcliffe said last week…

Read more →

Log4j, maybe more than any other security issue in recent years, thrust software supply chain security into the limelight, with even the White House weighing in. But even though virtually every technology executive is at least aware of the importance…

Read more →

The total amount “lost” during 2023 from security incidents was almost $2 billion. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article: Crypto losses declined…

Read more →

Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of…

Read more →

Aqua Security, an Israeli cybersecurity startup that helps companies protect their cloud services, has raised $60 million in funding, extending its previously announced $135 million Series E round of funding to $195 million. Founded in 2015, Tel Aviv- and Boston-based…

Read more →

A funny — but true — joke at TechCrunch is that the security desk might as well be called the Department of Bad News, since, well, have you seen what we’ve covered of late? There is a never-ending supply of…

Read more →

Despite a rise in cyberattacks and breaches, the cybersecurity industry is by no means exempt from the uncertainty inspired by the current economy. 2023 will likely be remembered as the “year of the layoff.” While many expected the tide to…

Read more →

Last year, we compiled a list of 2022’s most poorly handled data breaches looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal…

Read more →

Once again we look back at the past year in cybercrime and those who we lost… to the law. This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some…

Read more →

Once again we look back at the past year in cybercrime and those who we lost… to the law. This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some…

Read more →

Apple’s warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi’s government. Officials publicly doubted Apple’s findings and announced a probe into device security.…

Read more →

Apple’s warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi’s government. Officials publicly doubted Apple’s findings and announced a probe into device security.…

Read more →

This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular…

Read more →

National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. The private media conglomerate said…

Read more →

For yet another year, hackers stole billions of dollars in crypto. But for the first time since 2020, the trend is downwards, according to crypto security firms. This year, hackers stole around $2 billion dollars in crypto across dozens of…

Read more →

The next wave of successful startups will help companies harness GenAI to improve organizational productivity while preventing attacks. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the…

Read more →

Back in 2018, my former colleague at VICE Motherboard Joseph Cox and I started publishing a list of the best cybersecurity stories that were published elsewhere. It wasn’t just a way to tip our hats at our friendly competitors; by…

Read more →

Cisco announced this morning that it intends to acquire Isovalent, a cloud-native security and networking startup that should fit well with the company’s core networking and security strategy. The companies did not share the purchase price. Isovalent has helped develop…

Read more →

It’s the season to go a little overboard on gift giving. But this year, give the gift of good security (and privacy) and eschew tech that can have untoward risks or repercussions. We’re not talking about things that go boom…

Read more →

SimSpace, a startup that creates digital replicas of organizations’ tech and networking stacks for cybersecurity training, has raised $45 million in a funding round led by L2 Point Management. Bringing the company’s total raised to $70 million, the investment comes…

Read more →

2023 proved to be a be a challenging year on the ransomware front after a brief lull in 2022. According to data from cryptocurrency tracing firm Chainalysis, victims had paid ransomware groups well over $400 million combined as of July…

Read more →

An international group of law enforcement agencies have seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action…

Read more →

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers. This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under…

Read more →

VF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme, and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas, one of the biggest retail events of the year. The…

Read more →

Cybercriminals are becoming more aggressive in their effort to maximize disruption and compel the payment of ransom demands, and now there’s a new extortion tactic in play. In early November, the notorious ALPHV ransomware gang, also known as BlackCat, attempted…

Read more →

Hackers stole the sensitive personal information of more than 14.6 million Mr. Cooper customers, the mortgage and loan giant has confirmed. In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of…

Read more →

Database management giant MongoDB says it’s investigating a security incident that has resulted in the exposure of some information about customers. The New York-based MongoDB helps more than 46,000 companies, including Adobe, eBay, Verizon, and the U.K.’s Department for Work…

Read more →

Starting from today, December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours. The regulation represents a significant shake-up for organizations, many of which…

Read more →

Google will soon allow users to store their location data on their devices rather than on Google’s servers, effectively ending a long-running surveillance practice that allowed police and law enforcement to tap Google’s vast banks of location data to identify…

Read more →

Ubiquity, the networking and video surveillance camera maker, has fixed a bug that users say mistakenly allowed them access to the accounts and private live video streams of other customers. Reports first emerged on Reddit that some customers received push…

Read more →

Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday. Ledger, a company that makes a widely used and popular crypto hardware and software wallet, among other products,…

Read more →

Companies are increasingly curious about AI and the ways in which it can be used to (potentially) boost productivity. But they’re also wary of the risks. In a recent Workday survey, enterprises cite the timeliness and reliability of the underlying…

Read more →

Microsoft says it has successfully dismantled the infrastructure of a cybercrime operation that sold access to fraudulent Outlook accounts to other hackers, including the notorious Scattered Spider gang. The group, tracked by Microsoft as “Storm-1152”, is described as a major…

Read more →

Apple said it will no longer give over records of users’ push notifications to law enforcement unless the company receives a valid judge’s order. In its law enforcement guidelines updated this week, Apple said law enforcement and government agencies can…

Read more →

Apple introduced new security settings with the iOS 17.3 developer beta on Tuesday to prevent thieves from entering your passcode to get your info including account passwords. Apple will likely roll out the final version of iOS 17.3 in a…

Read more →

Thanks to advances in AI, small and medium businesses have become a significant target in the world of cybercrime, accounting for roughly half of all breaches worldwide by some estimates. Now, one of the companies building security tools for SMBs…

Read more →

In November, the cybersecurity collective vx-underground wrote on X, formerly Twitter, that unknown hackers were claiming to have breached Coin Cloud, a bankrupt Bitcoin ATM company. According to vx-underground, the hackers claimed to have stolen 70,000 pictures of customers taken…

Read more →

In November, the cybersecurity collective vx-underground wrote on X, formerly Twitter, that unknown hackers were claiming to have breached Coin Cloud, a bankrupt Bitcoin ATM company. According to vx-underground, the hackers claimed to have stolen 70,000 pictures of customers taken…

Read more →

Ukraine’s largest telecommunications operator Kyivstar says it has been hit by a “powerful” cyberattack that has disrupted phone and internet services for millions of people across the country. In a Facebook post confirming the incident on Tuesday, Kyivstar wrote that…

Read more →

Two days before 23andMe disclosed that hackers had accessed the personal and genetic data of almost 7 million customers, the genetic testing giant updated its terms of service. The changes are an effort to make it more difficult for the…

Read more →

Kentucky-based non-profit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is…

Read more →

DNA companies should receive the death penalty for getting hacked Personal data is the new gold. The recent 23andMe data breach is a stark reminder of a chilling reality – our most intimate, personal information might not be as secure…

Read more →

Before joining Uber as chief security officer in 2015, Joe Sullivan served for two years as a federal prosecutor with the United States Department of Justice, where he specialized in computer hacking and IP issues. He worked on a number…

Read more →

Before joining Uber as chief security officer in 2015, Joe Sullivan served for two years as a federal prosecutor with the United States Department of Justice, where he specialized in computer hacking and IP issues. He worked on a number…

Read more →

U.S. authorities have indicted two hackers linked to Russia’s Federal Security Service (FSB) for allegedly carrying out a years-long cyber espionage campaign targeting government officials.  The Department of Justice alleged on Thursday that Ruslan Aleksandrovich Peretyatko, an officer with the…

Read more →

While today’s bigger news from the world of Meta’s messaging apps was the rollout of end-to-end encryption in Messenger, the company is also bringing another useful feature to its WhatsApp users: disappearing voice messages. The new feature will allow users…

Read more →

Last year, Apple launched a special new protection for at-risk users — such as journalists and activists — called Lockdown Mode, designed to limit some regular iPhone, iPad, Mac and Watch features with the goal of minimizing the possibility of…

Read more →

VC investment trends in the cybersecurity market suggest a sector in decline — at least within the context of recent months. According to Crunchbase, cybersecurity deal count fell during Q3 to 153 deals from 181 in Q2. In a more…

Read more →

After years of promises and limited tests, Meta has started rolling out default end-to-end encryption protection for Messenger. In an announcement, Mark Zuckerberg said that personal chats and calls will get default end-to-end encryption. However, encryption for group chats still…

Read more →

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure…

Read more →

U.S. senator Ron Wyden (D-OR) has warned in a letter to the Justice Department that unidentified governments are spying on Apple and Google phone users through their push notifications. The letter says his office received a tip last year that…

Read more →

U.S. cybersecurity agency CISA has warned that unknown hackers broke into the servers of a federal government agency by taking advantage of a previously known vulnerability in software that no longer receives updates — meaning the agency couldn’t have patched…

Read more →

Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned. This standard, known as…

Read more →

In 2015, as part of the wave of encrypting all the things on the internet, encouraged by the Edward Snowden revelations, Facebook announced that it would allow users to receive encrypted emails from the company. Even at the time, this…

Read more →

On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals. The company also said that by accessing those accounts, hackers were also able to access “a significant number of…

Read more →

ArmorCode, a cybersecurity platform that gathers vulnerability data from connected apps and software infrastructure, consolidating the data into a single location and standardizing it for analysis, has raised $40 million in a Series B round led by HighlandX with participation…

Read more →

Genetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its…

Read more →

Apple has released security updates for iPhones, iPads and Macs to patch against two vulnerabilities, which the company says are being actively exploited to hack people. The technology giant rolled out new software updates, iOS and iPadOS 17.1.2, and macOS…

Read more →

Witness lists and testimony, mental health evaluations, detailed allegations of abuse, and corporate trade secrets. These are some of the sensitive legal court filings that security researcher Jason Parker said they found exposed to the open internet for anyone to…

Read more →

Fidelity National Financial, or FNF, one of the largest real estate services companies in the United States, said it “contained” a recent cyberattack that engulfed its many subsidiaries and customers in a state of chaos for more than a week.…

Read more →

New data from Salesforce, Zuora, Okta, Nutanix and Snowflake makes it plain that several tech sectors are doing better than a lot of people expected. © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed…

Read more →

The founder of the infamous and now-defunct spyware maker Hacking Team was arrested on Saturday after allegedly stabbing and attempting to murder a relative, according to multiple news reports. David Vincenzetti, who launched Hacking Team in 2003, was arrested when…

Read more →

As part of an international law enforcement investigation, the FBI and the Dutch Financial Intelligence and Investigation Service have seized the websites of a crypto mixer that was allegedly used by North Korean hackers and several cybercriminals to launder stolen…

Read more →

Has late-stage investing declined so much that no technology subsector can really post impressive investment numbers? © 2023 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article:…

Read more →

A hacker claims to be selling millions of user records relating to Indian startup Shadowfax, which offers logistics services to e-commerce and hyperlocal platforms across the country. The pseudonymous hacker said in a listing on a known cybercrime forum that…

Read more →

The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that knocked the library’s systems and website offline for the past month. In a notice sent to customers this week, which…

Read more →

U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected. Okta confirmed in October that…

Read more →

The notorious ransomware gang LockBit has claimed responsibility for a cyberattack targeting India’s state-owned aerospace research lab. On Wednesday, LockBit added the National Aerospace Laboratories (NAL) to its dark web leak site, which ransomware gangs use to extort victims for…

Read more →

Europol and its international law enforcement partners have arrested five individuals who authorities accuse of involvement in a string of ransomware attacks affecting more than 1,800 victims worldwide. The arrested individuals, which include the criminal gang’s ringleader, 32, and four…

Read more →

Amazon’s cloud computing subsidiary AWS (Amazon Web Services) has lifted the lid on a new palm-scanning identity service that allows companies to authenticate people when entering physical premises. Amazon One Enterprise, as the service is called, builds on the company’s…

Read more →

Last week, the Ukrainian government fired two of its top cybersecurity officials, who are accused of embezzlement. Now, one of them has been detained. Ukraine’s senior cabinet official Taras Melnychuk announced the firings in a public post on Telegram last…

Read more →

Last Tuesday, Fidelity National Financial, or FNF, a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company,” announced that it had experienced a cyberattack. Since…

Read more →

CTS, a U.K.-based provider of managed IT services for law firms and the professional services industry, is experiencing a cybersecurity incident that is causing ongoing widespread disruption across the legal sector.  In a statement on its website, the Cheshire-headquartered CTS…

Read more →