Security

Macy’s said hackers stole customer credit cards — again

For the second time in as many years, Macy’s customers have been hit by a data breach involving countless numbers of credit cards. In a filing with the California attorney general, the retail giant said hackers siphoned off customers’ names, addresses, and phone numbers, but also credit card numbers, card verification codes, and expiration dates […]

Sweden drops rape investigation into Wikileaks founder, Julian Assange

Sweden has dropped an investigation into Wikileaks founder, Julian Assange, on allegations of suspected rape. In a statement today the country’s prosecution authority said the evidence has “weakened considerably” in the almost a decade that’s elapsed since the events in question. “I would like to emphasise that the injured party has submitted a credible and […]

Cybersecurity startup CyCognito raises $23M in Series A funding

CyCognito, a cybersecurity platform that aims to give visibility into a company’s security weak spots, has raised $23 million in its Series A round of funding. Lightspeed Partners led the fundraise, putting in $18 million, which included a personal investment from Lightspeed venture partner and former Microsoft chairperson John Thompson, and additional participation from Sorenson […]

Cybersecurity firm Sonatype acquired by Vista Equity

Private equity firm Vista Equity Partners has acquired Sonatype, a cybersecurity-focused open source automation company. Terms of the deal were not disclosed, but Sonatype said the acquisition will help to build out its Nexus platform, an enterprise ready repository manager and library with access to analysis on 65 million open source components. The platform helps […]

TriNet sent remote workers an email that some thought was a ph…

It was the one of the best phishing emails we’ve seen… that wasn’t. Phishing remains one of the most popular attack choices for scammers. Phishing emails are designed to impersonate companies or executives to trick users into turning over sensitive information, typically usernames and passwords, so that scammers can log into online services and steal […]

‘Magic: The Gathering’ game maker exposed 452,000 players’ acc…

The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players. The game’s developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The database file contained user account information for the game’s online […]

Those crappy pre-installed Android apps can be full of security holes

If you’ve ever bought a low-to-mid range Android phone, there’s a good chance you booted it up to find it pre-loaded with junk you definitely didn’t ask for. These pre-installed apps can be clunky, annoying to remove, rarely updated… and, it turns out, full of security holes. Security firm Kryptowire built a tool to automatically […]

LA warns of ‘juice-jacking’ malware, but admits it has no cases

Los Angeles’ district attorney is warning travelers to avoid public USB charging points because “they may contain dangerous malware.” Reading the advisory, you might be forgiven for thinking that every USB outlet you see is just waiting for you to plug in your phone so it can steal your data. This so-called “juice-jacking” attack involves […]

Despite bans, Giphy still hosts self-harm, hate speech, and ch…

Image search engine Giphy bills itself as providing “fun and safe way” to search and create animated GIFs. But despite its ban on illicit content, the site is littered with self-harm and child sex abuse imagery, TechCrunch has learned. A new report from Israeli online child protection startup L1ght — previously AntiToxin Technologies — has […]

Fourteen years after launching 1Password takes a $200M Series A

1Password has been around for 14 years, and the founders grew the company the old-fashioned way without a dime of venture capital. But when it decided to take venture help, it went all in. Today, the company announced a $200 million Series A from Accel, the largest single investment in the firm’s 35-year history. Dave […]

Messaging app Wire confirms $8.2M raise, responds to privacy c…

Big changes are afoot for Wire, an enterprise-focused end-to-end encrypted messaging app and service that advertises itself as “the most secure collaboration platform”. In February, Wire quietly raised $8.2 million from Morpheus Ventures and others, we’ve confirmed — the first funding amount it has ever disclosed — and alongside that external financing, it moved its […]

Facebook says government demands for user data are at a record high

Facebook’s latest transparency report is out. The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first-half of this year compared to the second-half of last year. That’s the highest number of government demands its received in any reporting period since it published its […]

A new ‘Zombieload’ flaw hits Intel’s newest Cascade Lake chips

Time to reset your “days since last major chip vulnerability” counter back to zero. Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year, but targeting Intel’s latest family of chips, Cascade Lake. Intel calls the vulnerability Transactional Asynchronous Abort, […]

Facebook pilloried over iPhone ‘secret camera access’ bug

Facebook has faced a barrage of concern over an apparent bug that resulted in the social media giant’s iPhone app exposing the camera as users scroll through their feed. A tweet over the weekend blew up after Joshua Maddux tweeted a screen recording of the Facebook app on his iPhone. He noticed that the camera […]

New 5G flaws can track phone locations and spoof emergency alerts

5G is faster and more secure than 4G. But new research shows it also has vulnerabilities that could put phone users at risk. Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts […]

OpenText buys data backup firm Carbonite for $1.42B

Carbonite has agreed to a $1.42 billion purchase by OpenText, an enterprise information management giant, ending weeks of speculation about the anticipated buyout. The deal marks a 78% premium on Carbonite’s share price on September 5, when it was first rumored the company was preparing to buy the backup and data recovery company. Carbonite said […]

A browser bug was enough to hack an Amazon Echo

Two security researchers have been crowned the top hackers in this year’s Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo. Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo […]

Popular Android phones can be tricked into snooping on their owners

Security researchers have found several popular Android phones can be tricked into snooping on their owners by exploiting a weakness that gives accessories access to the phone’s underlying baseband software. Attackers can use that access to trick vulnerable phones into giving up their unique identifiers, such as their IMEI and IMSI numbers, downgrade a target’s […]

DNA testing startup Veritas Genetics confirms data breach

Veritas Genetics, a DNA testing startup, has said a data breach resulted in the theft of some customer information. The Danvers, MA-based company said its customer facing portal had “recently” been breached but did not say when. Although the portal did not contain test results or medical information, the company declined to say what information […]

Capital One replaces security chief after data breach

Capital One has replaced its cybersecurity chief, four months after the company disclosed a massive data breach involving the theft of sensitive data on more than 100 million customers. A spokesperson for Capital One confirmed the news in an email to TechCrunch. “Michael Johnson is moving from his role as chief information security officer to […]

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

Security researchers have discovered a vulnerability in Ring doorbells that exposed the password for the Wi-Fi network it was connected to. Bitdefender said the Amazon-owned doorbell was sending its owner’s Wi-Fi password in cleartext over the internet, allowing for nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger […]

Nightfall emerges from stealth with $20M for a cloud-native da…

Sensitive data leakage is one of the biggest negative side-effects of cloud-based apps and services. Today, a startup that has built an AI-based platform that can detect and take action on that data is coming out of stealth with funding to tackle the issue head-on. Nightfall — which integrates with and then automatically scans structured […]

California accuses Facebook of ignoring subpoena in state’s Ca…

California’s attorney general Xavier Becerra has accused Facebook of “continuing to drag its feet” by failing to provide documents to the state’s investigation into Facebook and Cambridge Analytica. The attorney general said in a court filing Wednesday that Facebook had provided a “patently deficient” response to two sets of subpoenas for the previously undisclosed investigation […]

Google enlists mobile security firms to help rid Google Play o…

Google has partnered with mobile security firms ESET, Lookout and Zimperium to combat the scourge of malicious Android apps that sneak into the Google Play app store. The announcement came Wednesday, with each company confirming their part in the newly created App Defense Alliance. Google said it’s working with the companies to “stop bad apps […]

Apple refreshes its privacy site with new technical whitepapers

For the fourth year in a row, Apple has updated its privacy pages. Every year the tech giant’s refreshes the privacy portion of its website — usually a month or so after its product launches — to keep customers up to date with its latest features and technologies. Since its fight with the FBI, which […]

Cyber-skills platform Immersive Labs raises $40M in North Amer…

Immersive Labs, a cybersecurity skills platform, has raised $40 million in its Series B, the company’s second round of funding this year following an $8 million Series A in January. Summit Partners led the fundraise with Goldman Sachs participating, the Bristol, U.K.-based company confirmed. Immersive, led by former GCHQ cybersecurity instructor James Hadley, helps corporate […]

Huawei calls hackers to Munich for secret bug bounty meeting

Chinese tech giant Huawei has asked some of the world’s best phone hackers to a secret meeting in Munich later this month as the company tries to curry favor with global governments, TechCrunch has learned. Sources with knowledge of the November 16 meeting said Huawei will privately present its new bug bounty program, which would […]

Google launches OpenTitan, an open-source secure chip design project

Google has partnered with several tech companies to develop and build OpenTitan, a new, collaborative open-source secure chip design project. The aim of the new coalition is to build trustworthy chip designs for use in datacenters, storage, and computer peripherals, which are both open and transparent, allowing anyone to inspect the hardware for security vulnerabilities […]

Disinformation ‘works better than censorship,’ warns internet …

A rise in social media surveillance, warrantless searches of travelers’ devices at the border, and the continued spread of disinformation are among the reasons why the U.S. has declined in internet freedom rankings, according to a leading non-profit watchdog. Although Freedom House said that the U.S. enjoys some of the greatest internet freedoms in the […]

Sumo Logic acquires JASK to fill security operations gap

Sumo Logic, a mature security event management startup with a valuation over $1 billion, announced today that it has acquired JASK, a security operations startup that raised almost $40 million. The companies did not share the terms of the deal. Sumo’s CEO Ramin Sayer, says that the combined companies give customers a complete security solution. […]

A network of ‘camgirl’ sites exposed millions of users and sex workers

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across […]

Hackers can steal the contents of Horde webmail inboxes with one click

A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. Horde is one of the most popular free and open-source web email systems available. It’s built and maintained by a core team of developers, with contributions from the […]

Twitter says government demands for user data continue to rise

Twitter says the number of government demands for user data are at a record high. In its latest transparency report covering the six-months between January and June, the social media giant said it received 7,300 demands for user data, up by 6% a year earlier, but that the number of accounts affected are down by […]

IoT security startup Particle raises $40M in Series C

Particle, a platform for Internet of Things devices, has raised $40 million in its latest round of funding. Qualcomm Ventures and Energy Impact Partners led the Series C raise, with backing from existing investors including Root Ventures, Bonfire Ventures, Industry Ventures, Spark Capital, Green D Ventures, Counterpart Ventures, and SOSV. With its latest round of […]

IoT security startup Particle raises $40M in Series C

Particle, a platform for Internet of Things devices, has raised $40 million in its latest round of funding. Qualcomm Ventures and Energy Impact Partners led the Series C raise, with backing from existing investors including Root Ventures, Bonfire Ventures, Industry Ventures, Spark Capital, Green D Ventures, Counterpart Ventures, and SOSV. With its latest round of […]

NHS pagers are leaking medical data

An amateur radio rig exposed to the internet and discovered by a security researcher was collecting real-time of medical data and health information broadcast by hospitals and ambulances across U.K. towns and cities. The rig, operated out of a house in North London, was picking up radio waves from over the air and translating them […]

WhatsApp blames — and sues — mobile spyware maker NSO Group ov…

WhatsApp has filed a suit in federal court accusing Israeli mobile surveillance maker NSO Group of creating an exploit that was used hundreds of times to hack into target’s phone. The lawsuit, filed in a California federal court, said the mobile surveillance outfit “developed their malware in order to access messages and other communications after […]

FCC proposes rules requiring telcos remove Huawei, ZTE equipment

The Federal Communications Commission said it will move ahead with proposals to ban telecommunications giants from using Huawei and ZTE networking equipment, which the agency says poses a “national security threat.” The two-part proposal revealed Monday would first bar telecoms giants from using funds it receives from the the FCC’s Universal Service Fund, used by […]

Providing emergency and security services to employees, Base O…

In 2017, when a destructive earthquake struck Puebla, Mexico, sending shockwaves to Mexico City and destroying buildings in the nation’s megalopolis and its surrounding suburbs, both public and private emergency services sprung into action. For multinational corporations operating in the city it was a test of their internal support services, which were established to meet […]