Category: Security

NSA says it’s tracking Ivanti cyberattacks as hackers hit US defense sector

The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesperson Edward Bennett confirmed in an emailed statement to TechCrunch on Friday that the U.S. intelligence agency, along with its interagency counterparts, is “tracking and aware of the […] © 2024 TechCrunch. All rights reserved. For personal use…

A government watchdog hacked a US federal agency to stress-test its cloud security

A U.S. government watchdog stole more than one gigabyte of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The good news: The data was fake and part of a series of tests to check whether the Department’s cloud infrastructure was secure. The experiment is detailed in a new […] © 2024 TechCrunch. All rights reserved. For personal use…

OpenCTI maker Filigran raises $16 million for its cybersecurity threat management suite

Paris-based cybersecurity startup Filigran is capitalizing on the success of OpenCTI to build a suite of open-source threat management products. The company has already found some early traction with OpenCTI, its open-source threat intelligence platform. That’s why the company recently raised €15 million (around $16 million at today’s exchange rate) in a funding round led […] © 2024 TechCrunch. All rights reserved. For personal use…

Anycubic users say their 3D printers were hacked to warn of a security flaw

Anycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems. Numerous threads on news sharing site Reddit show similar reports (hat tip to @dan) of users receiving an unsolicited text file on their Anycubic 3D printers with the file […] © 2024 TechCrunch. All rights reserved. For personal use…

Ransomware attack blamed for Change Healthcare outage stalling US prescriptions

An ongoing cyberattack at U.S. health tech giant Change Healthcare that sparked outages and disruption to hospitals and pharmacies across the U.S. for the past week was caused by ransomware, TechCrunch has learned. A healthcare executive with knowledge of the incident, who was on the call briefed by the company’s executives, said the healthcare tech […] © 2024 TechCrunch. All rights reserved. For personal use…

LoanDepot says about 17 million customers had personal data and Social Security numbers stolen during cyberattack

Almost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed. The loan and mortgage giant company said in a data breach notice filed with Maine’s attorney general’s office that the stolen LoanDepot customer data includes names, dates of birth, email and postal […] © 2024 TechCrunch. All rights reserved. For personal use…

Spyware leak offers ‘first-of-its-kind’ look inside Chinese government hacking efforts

Over the weekend, someone posted a cache of files and documents apparently stolen from the Chinese government hacking contractor, I-Soon. This leak gives cybersecurity researchers and rival governments an unprecedented chance to look behind the curtain of Chinese government hacking operations facilitated by private contractors. Like the hack-and-leak operation that targeted the Italian spyware maker […] © 2024 TechCrunch. All rights reserved. For personal use…

Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn

Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. Researchers at cybersecurity companies Huntress and Sophos told TechCrunch on Thursday that both had observed LockBit […] © 2024 TechCrunch. All rights reserved. For personal use…

UnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag on

U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected nation state hackers but said it had no timeframe for when its systems would be […] © 2024 TechCrunch. All rights reserved. For personal use…

FTC bans antivirus giant Avast from selling its users’ browsing data to advertisers

The Federal Trade Commission (FTC) on Thursday said it will ban the antivirus giant Avast from selling consumers’ web browsing data to advertisers after Avast claimed its products would prevent its users from online tracking. Avast also settled the federal regulator’s charges for $16.5 million, which the FTC said will provide redress for Avast’s users […] © 2024 TechCrunch. All rights reserved. For personal use…

US health tech giant Change Healthcare hit by cyberattack

U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was “experiencing a network interruption related to a cyber security issue.” “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect […] © 2024 TechCrunch. All rights reserved. For personal use…

Six things we learned from the LockBit takedown

A sweeping law enforcement operation led by the U.K.’s National Crime Agency this week took down LockBit, the notorious Russia-linked ransomware gang that has for years wreaked havoc on businesses, hospitals, and governments around the world. The action saw LockBit’s leak site downed, its servers seized, multiple arrests made, and U.S. government sanctions applied in […] © 2024 TechCrunch. All rights reserved. For personal use…

1Password expands its endpoint security offerings with Kolide acquisition

1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount. According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees will join 1Password “as an intact team.” Meller has taken on the role of VP […] © 2024 TechCrunch. All rights reserved. For personal use…

Why are ransomware gangs making so much money?

For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It’s hardly surprising when you look at the state of […] © 2024 TechCrunch. All rights reserved. For personal use…

AI girlfriends will only break your heart, privacy experts warn

Replika brought back its erotic roleplay feature on Friday. Getty Images A survey of the burgeoning AI romance app space revealed a scary truth. The chatbots foster “toxicity” and relentlessly pry user data, a Mozilla Foundation study found. One app can collect info on users’ sexual health, prescriptions, and gender-affirming care. There’s a potentially dangerous reality looming beneath the veneer of AI romance, according to…

US military notifies 20,000 of data breach after cloud email leak

The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were […] © 2024 TechCrunch. All rights reserved. For personal use…

Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed. Now, two hacking groups have independently found the flaw that allows the mass access […] © 2024 TechCrunch. All rights reserved. For personal use…

Bugcrowd snaps up $102M for a ‘bug bounty’ security platform that taps 500K+ hackers

Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities in their code — has picked up a big cash award of its own to […] © 2024 TechCrunch. All rights reserved. For personal use…

Researchers say attackers are mass-exploiting new Ivanti VPN flaw

Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure, its remote access VPN solution used by thousands of corporations and large organizations worldwide. According […] © 2024 TechCrunch. All rights reserved. For personal use…

Google starts blocking users from sideloading certain apps in Singapore

To reduce financial scams, Google has started a new program to prevent users from sideloading certain apps in Singapore. The company is looking to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications. Google said there are four sets of permissions that bad actors exploit to commit financial […] © 2024 TechCrunch. All rights reserved. For personal use…

Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation

Just two years ago, VC funding to cybersecurity startups was on fire. $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that — the result of the exceptional surge in 2021, bloated valuations and investors wary of market instability. But there’s always some winners during down times. Yesterday, […] © 2024 TechCrunch. All rights reserved. For personal use…

Confirmed: Entrust is buying AI-based ID verification startup Onfido, sources say for more than $400M

Onfido, an early mover in the world of identity verification using computer vision and other AI tools, is getting acquired, TechCrunch has learned and confirmed. Entrust — the privately-held company that provides a range of certification and verification services around payment cards, passwords, network and website access, device access and more — is buying the […] © 2024 TechCrunch. All rights reserved. For personal use…

Thoma Bravo takes critical event management software company Everbridge private in $1.5B deal

Everbridge, a critical event management (CEM) software company, is going private in a $1.5 billion all-cash deal that will see it taken over by private equity giant Thoma Bravo. Founded in 2002 initially as 3N Global, Everbridge helps governments and enterprises from across the industrial spectrum respond to emergency situations — this includes risk intelligence […] © 2024 TechCrunch. All rights reserved. For personal use…

Yandex to sell its remaining Russian businesses for $5.2B — half its market value

Yandex N.V., the Dutch parent company of the eponymous Russian internet giant, is selling the last of its remaining Russian businesses at a steep discount, following sanctions imposed in the wake of the Russia’s invasion of Ukraine two years ago. The value of the transaction, which will include the sale of all Yandex N.V. businesses […] © 2024 TechCrunch. All rights reserved. For personal use…

Stalkerware apps PhoneSpector and Highster appear to shut down

The makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert surveillance of a person’s smartphone. Commonly dubbed stalkerware (or spouseware), these apps are typically planted on […] © 2024 TechCrunch. All rights reserved. For personal use…

FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach

Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a U.S.-based company that provides financial and administrative software to colleges, nonprofits, healthcare organizations, and far-right organizations, had “lax” security protocols that allowed attackers to […] © 2024 TechCrunch. All rights reserved. For personal use…

Apple fixes zero-day bug in Apple Vision Pro that ‘may have been exploited’

A day after reporters published their first hands-on review of Apple’s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability that “may have been exploited” by hackers in the wild. On Wednesday, Apple released visionOS 1.0.2, the software that runs on the Vision Pro, with […] © 2024 TechCrunch. All rights reserved. For personal use…

Indian state government fixes website bugs that exposed residents’ sensitive documents

An Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents. The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide a single identifier to families and individuals in the state to access welfare schemes. The […] © 2024 TechCrunch. All rights reserved. For personal use…

HPE says it was hacked by Russian group behind Microsoft email breach

Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network. In a filing with the U.S. Securities and Exchange Commission, the enterprise tech giant said it was notified on December 12 that Midnight Blizzard, also known as APT29 […] © 2023 TechCrunch. All rights reserved. For personal use…

Newsbreakforum