Security

Daily Crunch: Saudis probably hacked Bezos’ phone

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here. 1. UN calls for investigation after Saudis linked to Bezos phone hack United Nations experts are calling for an investigation after a […]

Daily Crunch: Saudis probably hacked Bezos’ phone

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here. 1. UN calls for investigation after Saudis linked to Bezos phone hack United Nations experts are calling for an investigation after a […]

Should tech giants slam the encryption door on the government?

Reuters reported yesterday, citing six sources familiar with the matter, that the FBI pressured Apple into dropping a feature that would allow users to encrypt iPhone backups stored in Apple’s cloud. The decision to abandon plans to end-to-end encrypt iCloud-stored backups was reportedly made about two years ago. The feature, if rolled out, would have […]

UN report says malware built by NSO Group ‘most likely’ used i…

A new United Nations report says a mobile hacking tool built by mobile spyware maker, the NSO Group, was “most likely” used to hack into the Amazon founder Jeff Bezos’ phone. The report, published by U.N. human rights experts on Wednesday, said the Israeli-based spyware maker likely used its Pegasus mobile spyware to exfiltrate gigabytes […]

Octarine releases open source security scanning tools for Kubernetes

Octarine, a startup that helps automate security of Kubernetes workloads, released an open source scanning tool today. The tool, which is called KubeScan, is designed to help developers understand the level of security risk in their Kubernetes clusters. The company is also open sourcing a second tool called KCSS, which is the underlying configuration framework […]

Thundra announces $4M Series A to secure and troubleshoot serv…

Thundra, an early stage serverless tooling startup, announced a $4 million Series A today led by Battery Ventures. The company spun out from OpsGenie after it was sold to Atlassian for $295 million in 2018. York IE, Scale X Ventures and Opsgenie founder Berkay Mollamustafaoglu also participated in the round. Battery’s Neeraj Agarwal is joining […]

Intezer raises $15M for its DNA-style ‘genetic’ approach to id…

As the total cost of cybercrime reaches into trillions of dollars and continues to rise, a firm called Intezer — which  has built a way to analyse, identify and eradicate malware by way of an ordering system similar to what’s used when mapping out DNA — has raised $15 million to double down on growth. The funding, […]

Snyk snags $150M investment as its valuation surpasses $1B

Snyk, the company that wants to help developers secure their code in a modern context, announced a $150 million investment today. The company indicated the investment brings the company valuation to over $1 billion (although it did not share the exact figure). Today’s round was led by Stripes, a New York City investment firm with […]

Israel’s cybersecurity startup scene spawned new entrants in 2019

Yoav Leitersdorf Contributor Share on Twitter Yoav Leitersdorf is the Silicon Valley-based Managing Partner at YL Ventures, where he accelerates cybersecurity startups in the U.S. market. More posts by this contributor A look back at the Israeli cyber security industry in 2018 Trends in Israel’s cybersecurity investments Ofer Schreiber Contributor Share on Twitter Ofer Schreiber […]

TechCrunch’s Top 10 investigative reports from 2019

Facebook spying on teens, Twitter accounts hijacked by terrorists, and sexual abuse imagery found on Bing and Giphy were amongst the ugly truths revealed by TechCrunch’s investigating reporting in 2019. The tech industry needs more watchdogs than ever as its size enlargens the impact of safety failures and the abuse of power. Whether through malice, […]

Microsoft says it will fix an Internet Explorer security bug u…

Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers, but that it has no immediate plans to fix. In a late-evening tweet, US-CERT, the division of Homeland Security tasked with reporting on major security flaws, tweeted a link to a security advisory detailing the bug, describing it as “being […]

Cyral announces $11M Series A to help protect data in cloud

Cyral, an early stage startup that helps protect data stored in cloud repositories, announced an $11 million Series A today. The company also revealed a previous undisclosed $4.1 million angel investment, making the total $15.1 million. The Series A was led by Redpoint Ventures. A.Capital Ventures, Costanoa VC, Firebolt, SV Angel and Trifecta Capital also […]

The US government should stop demanding tech companies comprom…

In a tweet late Tuesday, President Trump criticized Apple for refusing “to unlock phones used by killers, drug dealers and other violent criminal elements.” Trump was specifically referring to a locked iPhone that belonged to a Saudi airman who killed three U.S sailors in an attack on a Florida base in December. It’s only the latest […]

Buttigieg’s CISO resigns, leaving no known cybersecurity chief…

Presidential candidate Pete Buttigieg has lost his campaign’s chief information security officer, who cited “differences” with the campaign over its security practices. Mick Baccio, who served under the former South Bend mayor’s campaign for the White House, left his position earlier this month. The Wall Street Journal first reported the news. TechCrunch also confirmed Baccio’s […]

Google finally brings its security key feature to iPhones

More than half a year after Google said Android phones could be used as a security key, the feature is coming to iPhones. Google said it’ll bring the feature to iPhones in an effort to give at-risk users, like journalist and politicians, access to additional account and security safeguards, effectively removing the need to use […]

Cloudflare is giving away its security tools to US political campaigns

Network security giant Cloudflare said it will provide its free security tools and services to U.S. political campaigns, as part of its efforts to secure upcoming elections against cyberattacks and election interference. The company said its new Cloudflare for Campaigns offering will include distributed denial-of-service attack mitigation, load balancing for campaign websites, a website firewall, […]

Microsoft and NSA say security bug affects millions of Windows…

Microsoft has released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10. The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. The component has a range of functions, one of which allows developers digitally sign their software, proving that the software has not been […]

Instagram tests Direct Messaging on web where encryption fails

Instagram will finally let you chat from your web browser, but the launch contradicts Facebook’s plan for end-to-end encryption in all its messaging apps. Today Instagram began testing Direct Messages on the web for a small percentage of users around the globe, a year after TechCrunch reported it was testing web DMs. When fully rolled […]

Seattle’s ExtraHop expects $100M ARR in 2021, IPO

Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between. Today we’re continuing our series on companies that have reached the $100 million annual recurring revenue (ARR) threshold, or are about to. ExtraHop is the company of the day, a Seattle-based firm that deals with […]

At CES, companies slowly start to realize that privacy matters

Every year, Consumer Electronics Show attendees receive a branded backpack, but this year’s edition was special; made out of transparent plastic, the bag’s contents were visible without the wearer needing to unzip. It isn’t just a fashion decision. Over the years, security has become more intense and cumbersome, but attendees with transparent backpacks didn’t have […]

Amazon has fired an employee for leaking user email addresses …

Amazon has fired an employee after it shared user email address and phone number with a third-party “in violation of our policies,” according to an email seen by TechCrunch. The email, which was sent to customers on Friday afternoon, said the employee was “terminated” and the company is supporting law enforcement in their prosecution. “No […]

A billion medical images are exposed online, as doctors ignore…

This story was reported in partnership with health news site The Mighty Every day, millions of new medical images containing the personal health information of patients are spilling out onto the internet. Hundreds of hospitals, medical offices and imaging centers are running insecure storage systems, allowing anyone with an internet connection and free-to-download software to […]

Mozilla says a new Firefox security bug is under active attack

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users. The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to […]

How Ring is rethinking privacy and security

Ring is now a major player when it comes to consumer video doorbells, security cameras — and privacy protection. Amazon acquired the company and promotes its devices heavily on its e-commerce websites. Ring has even become a cultural phenomenon with viral videos being shared on social networks and the RingTV section on the company’s website. […]

Over two dozen encryption experts call on India to rethink cha…

Security and encryption experts from around the world are joining a number of organizations to call on India to reconsider its proposed amendments to local intermediary liability rules. In an open letter to India’s IT Minister Ravi Shankar Prasad on Thursday, 27 security and cryptography experts warned the Indian government that if it goes ahead […]

As ransomware gets craftier, companies must start thinking creatively

Some say ransomware is in decline. Others say it’s getting craftier. File-encrypting malware, known as ransomware, infects vulnerable computers and scrambles its files, inviting victims to return access to their data once they pay a ransom. Ransomware remains one of the most popular types of malware and is said to be a multi-billion dollar — albeit […]

AvePoint lands $200M investment to expand market for Microsoft…

While Microsoft cloud services such as SharePoint, Microsoft Teams and Office 365 are used widely by large organizations, the products don’t come standard with an enterprise-grade control layer. That’s where AvePoint, a Microsoft independent software (ISV), comes in. Today, the company announced a $200 million Series C investment. The round was led by TPG Sixth […]

Cloudflare acquires stealthy startup S2 Systems, announces Clo…

Cloudflare announced that it has acquired S2 Systems, a browser isolation startup started by former Microsoft execs. The two companies did not reveal the acquisition price. Matthew Prince, co-founder and CEO at Cloudflare, says that this acquisition is part of a new suite of products called Cloudflare for Teams, which has been designed to protect […]

Homeland Security warns businesses to brace for Iranian cyberattacks

Homeland Security is warning U.S. companies to “consider and assess” the possible impacts and threat of a cyberattack on their businesses following heightened tensions with Iran. It’s its first official guidance published the government’s dedicated cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, just days after the killing of a leading Iranian military commander, […]

BigID bags another $50M round as data privacy laws proliferate

Almost exactly 4 months to the day after BigID announced a $50 million Series C, the company was back today with another $50 million round. The Series D came entirely from Tiger Global Management. The company has raised a total of $144 million. What warrants $100 million in interest from investors in just four months […]

2019 was a hot mess for cybersecurity, but 2020 shows promise

It’s no secret that I hate predictions — not least because the security field changes rapidly, making it difficult to know what’s next. But given what we know about the past year, we can make some best-guesses at what’s to come. Ransomware will get worse, and local governments will feel the heat File-encrypting malware that […]

Travelex suspends services after malware attack

Travelex, a major international foreign currency exchange, has confirmed its suspended some services after it was hit by malware on December 31. The London-based company, which operates more than 1,500 stores globally, said it took systems offline to “as a precautionary measure in order to protect data” and to stop the spread of the malware. […]

Here’s where California residents can stop companies selling t…

California’s new privacy law is now in effect, allowing state residents to take better control of the data that’s collected on them — from social networks, banks, credit agencies, and more. There’s just one catch: the companies, many of which lobbied against the law, don’t make it easy. California’s Consumer Privacy Act (CCPA) allows anyone […]

A ton of Ruckus Wireless routers are vulnerable to hackers

A security researcher has found several vulnerabilities in a number of Ruckus Wireless routers, which the networking giant has since patched. Gal Zror told TechCrunch that the vulnerabilities he found lie inside in the web user interface software that runs on the company’s Unleashed line of routers. The flaws can be exploited without needing a […]

Russia starts testing its own internal internet

Russia has begun testing a national internet system that would function as an alternative to the broader web, according to local news reports. Exactly what stage the country has reached is unclear, but certainly the goal of a resilient — and perhaps more easily controlled — internet is being pursued. The internet, of course, is […]

A Twitter app bug was used to match 17 million phone numbers t…

A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” […]

No, Spotify, you shouldn’t have sent mysterious USB drives to …

Last week, Spotify sent out a number of USB drives to reporters with a note: “Play me.” It’s not uncommon for reporters to to receive USB drives in the post. Companies distribute USB drives all the time, including at tech conferences, often containing promotional materials or large files, such as videos that would otherwise be […]

Plenty of Fish app was leaking users’ hidden names and postal codes

Dating app Plenty of Fish has pushed out a fix for its apps after a security researcher found they were leaking information that users had set to “private” on their profiles. The app was always silently returning users’ first names and Zip postal codes to the app, according to The App Analyst, a mobile expert […]

MasterCard acquires security assessment startup, RiskRecon

MasterCard announced today that it is acquiring RiskRecon, a Salt Lake City startup that uses publicly available data to build security assessments of organizations. The companies did not share the purchase price. It’s become increasingly important for financial services companies like MasterCard to help customers navigate cyber security and RiskRecon will give customers an objective […]