Security

Shipping giant Pitney Bowes hit by ransomware

Shipping tech giant Pitney Bowes has confirmed a ransomware incident on its systems. The company said in a statement that its systems were hit by a “malware attack that encrypted information” on its systems, more commonly known as a ransomware attack. “At this time, the company has seen no evidence that customer or employee data […]

Google updates its Titan security keys with USB-C

Google has revealed its latest Titan security key — and it’s now compatible with USB-C devices. The latest Titan key arrives just weeks after its closest market rival Yubico — which also manufactures the Titan security key for Google — released its own USB-C and Lightning compatible key, but almost two years after the release […]

Thoma Bravo makes $3.9 billion offer to acquire security firm Sophos

Sophos announced this morning that private equity firm Thoma Bravo, has agreed to buy the British company for £3.1 billion ($3.9 billion USD). The price is based on $7.40 USD per share and the company indicated that the board of directors will recommend that shareholders accept the offer. Sophos CEO Kris Hagerman, as you would […]

California’s Privacy Act: What you need to know now

This week California’s attorney general, Xavier Becerra, published draft guidance for enforcing the state’s landmark privacy legislation. The draft text of the regulations under the California Consumer Privacy Act (CCPA) will undergo a public consultation period, including a number of public hearings, with submissions open until December 6 this year. The CCPA itself will take […]

Flaw in Cyberoam firewalls exposed corporate networks to hackers

Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password. The vulnerability allows an attacker to remotely gain “root” permissions on a vulnerable device, giving them the highest level of access, by […]

Cisco hit by an internal network outage

Not a great start to the day for Cisco employees, many of which are struggling in the face of an internal IT outage. The technology and networking giant confirmed in a tweet it was “aware of some disruption” to its IT systems and is “working” on restoring the network. Worse, the company’s corporate blog also […]

Xage now supports hierarchical blockchains for complex implementations

Xage is working with utilities, energy companies and manufacturers to secure their massive systems, and today it announced some significant updates to deal with the scale and complexity of these customers’ requirements including a new hierarchical blockchain. Xage enables customers to set security policy, then enforce that policy on the blockchain. Company CEO Duncan Greatwood […]

Okta wants to make every user a security ally

End users tend to get a bad rap in the security business because they are often the weakest security link. They fall for phishing schemes, use weak passwords and often unknowingly are the conduit for malicious actors getting into your company’s systems. Okta wants to change that by giving end users information about suspicious activity […]

New Vector scores $8.5M to plug more users into its open, dece…

New Vector, a European startup founded in 2017 by the creators of an open, decentralized communications standard called Matrix to drive adoption and grow an ecosystem around an alternative messaging protocol for instant messaging and VoIP apps, has raised an $8.5 million Series A funding round. Investors in New Vector’s Series A round include enterprise […]

DHS cyber unit wants to subpoena ISPs to identify vulnerable systems

Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure Security Agency (CISA), founded just under a year ago, wants the new administrative subpoena […]

European risk report flags 5G security challenges

European Union Member States have published a joint risk assessment report into 5G technology which highlights increased security risks that will require a new approach to securing telecoms infrastructure. The EU has so far resisted pressure from the U.S. to boycott Chinese tech giant Huawei as a 5G supplier on national security grounds, with individual […]

Senate report says Russian election interference ‘invariably’ …

A bipartisan Senate investigation into Russian interference in the 2016 election released today definitively implicates the country in online operations designed specifically to get then-candidate Donald Trump elected. The tactics used were "overtly and almost invariably supportive" of his campaign even to the detriment of other Republicans. The report recommends major chances to how disinformation and election interference are handled in this country.

Twitter admits it used two-factor phone numbers and emails for…

Twitter has said it used phone numbers and email addresses, provided by users to set up two-factor authentication on their accounts, to serve targeted ads. In a disclosure Tuesday, the social media giant said it did not know how many users were impacted. The issue stemmed from the company’s tailored audiences program, which allows companies […]

Nadella warns government conference not to betray user trust

Microsoft CEO Satya Nadella, delivering the keynote at the Microsoft Government Leaders Summit in Washington, DC today, had a message for attendees to maintain user trust in their tools technologies above all else. He said it is essential to earn user trust, regardless of your business. “Now, of course, the power law here is all […]

No one could prevent another ‘WannaCry-style’ attack, says DHS…

The U.S. government may not be able to prevent another global cyberattack like WannaCry, a senior cybersecurity official has said. Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCrunch Disrupt SF that the 2017 WannaCry cyberattack, which saw hundreds of thousands of computers […]

How you shouldn’t handle your data breach

So you’ve had a data breach. Don’t worry, it’s not just you. These days it happens to everyone, no matter how large or small your company is. It’s almost inevitable, some might say, and not a case of if but when. A lot is already out of your control. Whether a hacker broke in and […]

Daily Crunch: Facebook faces government pressure over encryption

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here. 1. Facebook is being leaned on by US, UK, Australia to ditch its end-to-end encryption expansion plan U.S. Attorney General William Barr, […]

Microsoft says Iranian hackers targeted 2020 presidential candidate

Microsoft said it has found evidence that hackers associated with Iran have targeted a 2020 presidential candidate. The tech giant’s security and trust chief confirmed the attack in a blog post, but the company would not say which candidate was the target. The threat group, which Microsoft calls Phosphorous — also known as APT 35 […]

The lack of cybersecurity talent is “a national security threa…

One of the most senior officials tasked with protecting U.S. critical infrastructure says that the lack of security professionals in the U.S. is one of the leading threats to national cyber security. Speaking at TechCrunch Disrupt SF, Jeannette Manfra, the assistant director for cybersecurity for the Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said […]

Facebook is being leant on by US, UK, Australia to ditch its e…

Here we go again. Western governments are once again dialling up their attack on end-to-end encryption — calling for either no e2e encryption or backdoored e2e encryption so platforms can be commanded to serve state agents with messaging data in “a readable and usable format”. US attorney general William Barr, acting US homeland security secretary Kevin […]

Google rolls out new privacy tools for Maps, YouTube and Assistant

Google today announced a handful of new consumer privacy tools for some of its most-used products, including Google Maps, YouTube, and Google Assistant. The tools are meant to better allow users to control, manage and erase the data Google collects from those who use its services or prevent Google from collecting that data in the […]

Cybersecurity giant Comodo can’t even keep its own website secure

Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked. The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software and used by Comodo. The flaw, which requires little skill to exploit, allows an […]

A flaw in Webex and Zoom let researchers snoop on users’ video calls

A team of security researchers found they could tap into Webex and Zoom video meetings because many weren’t protected with a code. Researchers at Cequence, a startup focused on protecting applications from scraping and account takeovers, programmed a bot to cycle through lists of valid meeting IDs and get access to active conference calls. The […]

Microsoft OneDrive Personal Vault rolls out worldwide, launche…

Earlier this summer, Microsoft introduced an extra layer of security to its Dropbox competitor, OneDrive. The security features, called OneDrive Personal Vault, allow users to protect their files with two-step verification, like a fingerprint or facial recognition, PIN code, or a one-time code sent through email, SMS or Microsoft Authenticator. At the time of launch, […]

US sanctions two Russians for cyber-related election interference

The U.S. Treasury has imposed sanctions against two Russian nationals accused of working for a notorious disinformation unit. In a statement, the Treasury said Igor Nesterov, 34; and Denis Kuzmin, 28, worked for the so-called Internet Research Agency, a secretive organization tasked with spreading disinformation and false news. The IRA was critical to the Russian […]

DoorDash confirms data breach affected 4.9 million customers, …

DoorDash has confirmed a data breach. The food delivery company said in a blog post Thursday that 4.9 million customers, delivery workers and merchants had their information stolen by hackers. The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach. […]