Category: Cybersecurity

Spyware leak offers ‘first-of-its-kind’ look inside Chinese government hacking efforts

Over the weekend, someone posted a cache of files and documents apparently stolen from the Chinese government hacking contractor, I-Soon. This leak gives cybersecurity researchers and rival governments an unprecedented chance to look behind the curtain of Chinese government hacking operations facilitated by private contractors. Like the hack-and-leak operation that targeted the Italian spyware maker […] © 2024 TechCrunch. All rights reserved. For personal use…

UnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag on

U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected nation state hackers but said it had no timeframe for when its systems would be […] © 2024 TechCrunch. All rights reserved. For personal use…

FTC bans antivirus giant Avast from selling its users’ browsing data to advertisers

The Federal Trade Commission (FTC) on Thursday said it will ban the antivirus giant Avast from selling consumers’ web browsing data to advertisers after Avast claimed its products would prevent its users from online tracking. Avast also settled the federal regulator’s charges for $16.5 million, which the FTC said will provide redress for Avast’s users […] © 2024 TechCrunch. All rights reserved. For personal use…

US health tech giant Change Healthcare hit by cyberattack

U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was “experiencing a network interruption related to a cyber security issue.” “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect […] © 2024 TechCrunch. All rights reserved. For personal use…

Six things we learned from the LockBit takedown

A sweeping law enforcement operation led by the U.K.’s National Crime Agency this week took down LockBit, the notorious Russia-linked ransomware gang that has for years wreaked havoc on businesses, hospitals, and governments around the world. The action saw LockBit’s leak site downed, its servers seized, multiple arrests made, and U.S. government sanctions applied in […] © 2024 TechCrunch. All rights reserved. For personal use…

Why are ransomware gangs making so much money?

For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It’s hardly surprising when you look at the state of […] © 2024 TechCrunch. All rights reserved. For personal use…

US military notifies 20,000 of data breach after cloud email leak

The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were […] © 2024 TechCrunch. All rights reserved. For personal use…

Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed. Now, two hacking groups have independently found the flaw that allows the mass access […] © 2024 TechCrunch. All rights reserved. For personal use…

Researchers say attackers are mass-exploiting new Ivanti VPN flaw

Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure, its remote access VPN solution used by thousands of corporations and large organizations worldwide. According […] © 2024 TechCrunch. All rights reserved. For personal use…

Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation

Just two years ago, VC funding to cybersecurity startups was on fire. $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that — the result of the exceptional surge in 2021, bloated valuations and investors wary of market instability. But there’s always some winners during down times. Yesterday, […] © 2024 TechCrunch. All rights reserved. For personal use…

Stalkerware apps PhoneSpector and Highster appear to shut down

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance of a person’s smartphone. Commonly dubbed stalkerware (or spouseware), these apps are typically planted on […] © 2024 TechCrunch. All rights reserved. For personal use…

FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach

Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a U.S.-based company that provides financial and administrative software to colleges, nonprofits, healthcare organizations, and far-right organizations, had “lax” security protocols that allowed attackers to […] © 2024 TechCrunch. All rights reserved. For personal use…

Apple fixes zero-day bug in Apple Vision Pro that ‘may have been exploited’

A day after reporters published their first hands-on review of Apple’s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability that “may have been exploited” by hackers in the wild. On Wednesday, Apple released visionOS 1.0.2, the software that runs on the Vision Pro, with […] © 2024 TechCrunch. All rights reserved. For personal use…

A notorious Israeli spyware firm wants to use the Gaza war to make a comeback

In 2021, the Biden administration blacklisted the NSO Group, an Israeli company infamous for selling controversial commercial surveillance technology across the globe. But now pressure is mounting on the White House to reverse course. NSO Group lobbyists and several European governments claim the firm’s spyware — software for covertly collecting mobile phone data — has become indispensable in Israel’s fight against Hamas. But removing NSO Group’s blacklisted status would be a mistake. Doing so would endorse unconstrained…

HPE says it was hacked by Russian group behind Microsoft email breach

Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network. In a filing with the U.S. Securities and Exchange Commission, the enterprise tech giant said it was notified on December 12 that Midnight Blizzard, also known as APT29 […] © 2023 TechCrunch. All rights reserved. For personal use…

Newsbreakforum