Security

OpenText buys data backup firm Carbonite for $1.42B

Carbonite has agreed to a $1.42 billion purchase by OpenText, an enterprise information management giant, ending weeks of speculation about the anticipated buyout. The deal marks a 78% premium on Carbonite’s share price on September 5, when it was first rumored the company was preparing to buy the backup and data recovery company. Carbonite said […]

A browser bug was enough to hack an Amazon Echo

Two security researchers have been crowned the top hackers in this year’s Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo. Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo […]

Popular Android phones can be tricked into snooping on their owners

Security researchers have found several popular Android phones can be tricked into snooping on their owners by exploiting a weakness that gives accessories access to the phone’s underlying baseband software. Attackers can use that access to trick vulnerable phones into giving up their unique identifiers, such as their IMEI and IMSI numbers, downgrade a target’s […]

DNA testing startup Veritas Genetics confirms data breach

Veritas Genetics, a DNA testing startup, has said a data breach resulted in the theft of some customer information. The Danvers, MA-based company said its customer facing portal had “recently” been breached but did not say when. Although the portal did not contain test results or medical information, the company declined to say what information […]

Capital One replaces security chief after data breach

Capital One has replaced its cybersecurity chief, four months after the company disclosed a massive data breach involving the theft of sensitive data on more than 100 million customers. A spokesperson for Capital One confirmed the news in an email to TechCrunch. “Michael Johnson is moving from his role as chief information security officer to […]

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

Security researchers have discovered a vulnerability in Ring doorbells that exposed the password for the Wi-Fi network it was connected to. Bitdefender said the Amazon-owned doorbell was sending its owner’s Wi-Fi password in cleartext over the internet, allowing for nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger […]

Nightfall emerges from stealth with $20M for a cloud-native da…

Sensitive data leakage is one of the biggest negative side-effects of cloud-based apps and services. Today, a startup that has built an AI-based platform that can detect and take action on that data is coming out of stealth with funding to tackle the issue head-on. Nightfall — which integrates with and then automatically scans structured […]

California accuses Facebook of ignoring subpoena in state’s Ca…

California’s attorney general Xavier Becerra has accused Facebook of “continuing to drag its feet” by failing to provide documents to the state’s investigation into Facebook and Cambridge Analytica. The attorney general said in a court filing Wednesday that Facebook had provided a “patently deficient” response to two sets of subpoenas for the previously undisclosed investigation […]

Google enlists mobile security firms to help rid Google Play o…

Google has partnered with mobile security firms ESET, Lookout and Zimperium to combat the scourge of malicious Android apps that sneak into the Google Play app store. The announcement came Wednesday, with each company confirming their part in the newly created App Defense Alliance. Google said it’s working with the companies to “stop bad apps […]

Apple refreshes its privacy site with new technical whitepapers

For the fourth year in a row, Apple has updated its privacy pages. Every year the tech giant’s refreshes the privacy portion of its website — usually a month or so after its product launches — to keep customers up to date with its latest features and technologies. Since its fight with the FBI, which […]

Cyber-skills platform Immersive Labs raises $40M in North Amer…

Immersive Labs, a cybersecurity skills platform, has raised $40 million in its Series B, the company’s second round of funding this year following an $8 million Series A in January. Summit Partners led the fundraise with Goldman Sachs participating, the Bristol, U.K.-based company confirmed. Immersive, led by former GCHQ cybersecurity instructor James Hadley, helps corporate […]

Huawei calls hackers to Munich for secret bug bounty meeting

Chinese tech giant Huawei has asked some of the world’s best phone hackers to a secret meeting in Munich later this month as the company tries to curry favor with global governments, TechCrunch has learned. Sources with knowledge of the November 16 meeting said Huawei will privately present its new bug bounty program, which would […]

Google launches OpenTitan, an open-source secure chip design project

Google has partnered with several tech companies to develop and build OpenTitan, a new, collaborative open-source secure chip design project. The aim of the new coalition is to build trustworthy chip designs for use in datacenters, storage, and computer peripherals, which are both open and transparent, allowing anyone to inspect the hardware for security vulnerabilities […]

Disinformation ‘works better than censorship,’ warns internet …

A rise in social media surveillance, warrantless searches of travelers’ devices at the border, and the continued spread of disinformation are among the reasons why the U.S. has declined in internet freedom rankings, according to a leading non-profit watchdog. Although Freedom House said that the U.S. enjoys some of the greatest internet freedoms in the […]

Sumo Logic acquires JASK to fill security operations gap

Sumo Logic, a mature security event management startup with a valuation over $1 billion, announced today that it has acquired JASK, a security operations startup that raised almost $40 million. The companies did not share the terms of the deal. Sumo’s CEO Ramin Sayer, says that the combined companies give customers a complete security solution. […]

A network of ‘camgirl’ sites exposed millions of users and sex workers

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across […]

Hackers can steal the contents of Horde webmail inboxes with one click

A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. Horde is one of the most popular free and open-source web email systems available. It’s built and maintained by a core team of developers, with contributions from the […]

Twitter says government demands for user data continue to rise

Twitter says the number of government demands for user data are at a record high. In its latest transparency report covering the six-months between January and June, the social media giant said it received 7,300 demands for user data, up by 6% a year earlier, but that the number of accounts affected are down by […]

IoT security startup Particle raises $40M in Series C

Particle, a platform for Internet of Things devices, has raised $40 million in its latest round of funding. Qualcomm Ventures and Energy Impact Partners led the Series C raise, with backing from existing investors including Root Ventures, Bonfire Ventures, Industry Ventures, Spark Capital, Green D Ventures, Counterpart Ventures, and SOSV. With its latest round of […]

IoT security startup Particle raises $40M in Series C

Particle, a platform for Internet of Things devices, has raised $40 million in its latest round of funding. Qualcomm Ventures and Energy Impact Partners led the Series C raise, with backing from existing investors including Root Ventures, Bonfire Ventures, Industry Ventures, Spark Capital, Green D Ventures, Counterpart Ventures, and SOSV. With its latest round of […]

NHS pagers are leaking medical data

An amateur radio rig exposed to the internet and discovered by a security researcher was collecting real-time of medical data and health information broadcast by hospitals and ambulances across U.K. towns and cities. The rig, operated out of a house in North London, was picking up radio waves from over the air and translating them […]

WhatsApp blames — and sues — mobile spyware maker NSO Group ov…

WhatsApp has filed a suit in federal court accusing Israeli mobile surveillance maker NSO Group of creating an exploit that was used hundreds of times to hack into target’s phone. The lawsuit, filed in a California federal court, said the mobile surveillance outfit “developed their malware in order to access messages and other communications after […]

FCC proposes rules requiring telcos remove Huawei, ZTE equipment

The Federal Communications Commission said it will move ahead with proposals to ban telecommunications giants from using Huawei and ZTE networking equipment, which the agency says poses a “national security threat.” The two-part proposal revealed Monday would first bar telecoms giants from using funds it receives from the the FCC’s Universal Service Fund, used by […]

Providing emergency and security services to employees, Base O…

In 2017, when a destructive earthquake struck Puebla, Mexico, sending shockwaves to Mexico City and destroying buildings in the nation’s megalopolis and its surrounding suburbs, both public and private emergency services sprung into action. For multinational corporations operating in the city it was a test of their internal support services, which were established to meet […]

American Cancer Society’s online store infected with credit ca…

The American Cancer Society’s online store has become the latest victim of credit card stealing malware. Security researcher Willem de Groot found the malware on the organization’s store website, buried in obfuscated code designed to look like legitimate analytics code. The code was designed to scrape credit card payments from the page, like similar attacks […]

Lawmakers ask US intelligence chief to investigate if TikTok i…

Two lawmakers have asked the government’s most senior U.S. intelligence official to assess if video sharing app TikTok could pose “national security risks” to the United States. In a letter by Sens. Charles Schumer (D-NY) and Tom Cotton (R-AR), the lawmakers asked the acting director of national intelligence Joseph Maguire if the app maker could […]

Lawmakers ask US intelligence chief to investigate if TikTok i…

Two lawmakers have asked the government’s most senior U.S. intelligence official to assess if video sharing app TikTok could pose “national security risks” to the United States. In a letter by Sens. Charles Schumer (D-NY) and Tom Cotton (R-AR), the lawmakers asked the acting director of national intelligence Joseph Maguire if the app maker could […]

By tweeting from a SCIF, House lawmakers put national security at risk

If you thought storming into a highly secured government facility with your electronics but without permission was a smart idea, you’d be wrong. But that didn’t stop Rep. Matt Gaetz and close to three-dozen of his Republican colleagues on Wednesday from doing exactly that. Gaetz, a Republican congressman from Florida, proudly announced in his since-deleted […]

Randori Recon acts like a hacker to reveal your weaknesses

Randori, a Boston-based start-up from a former Carbon Black executive and a former Red Team consultant, announced its first product today called Randori Recon, a service designed to act with a hacker’s mindset to surface all of your company’s external weaknesses. Brian Hazzard, co-founder and CEO, says he had worked with his co-founder David Wolpoff […]

Very Good Security raises $35M in Series B in ‘zero data’ push

Data security startup Very Good Security, has raised $35 million in its latest round of funding. Its Series B, announced Thursday, was led by Goldman Sachs, with participation from existing investors Andreessen Horowitz — which led its $8.5 million Series A round — and Vertex Ventures US. Very Good Security’s offering is simple. Instead of […]

Alexa, where are the legal limits on what Amazon can do with m…

The contract between the UK’s National Health Service (NHS) and ecommerce giant Amazon — for a health information licensing partnership involving its Alexa voice AI — has been released following a Freedom of Information request. The government announced the partnership this summer. But the date on the contract, which was published on the gov.uk contracts […]

Millions downloaded dozens of Android apps on Google Play infe…

Security researchers have found dozens of Android apps in the Google Play store serving ads to unsuspecting victims as part of a money-making scheme. ESET researchers found 42 apps containing adware, which they say have been downloaded over 8 million times since they first debuted in July 2018. These apps look normal but act sneakily. […]

TikTok’s new set of safety videos teach users about features, …

TikTok today released a new set of safety videos designed to playfully inform users about the app’s privacy controls and other features — like how to filter comments or report inappropriate behavior, among other things. One video also addresses TikTok’s goal of creating a “positive” social media environment, where creativity is celebrated and harassment is […]

Early stage privacy startup DataGrail gets boost from Okta partnership

When Okta launched its $50 million Okta Ventures investment fund in April, one of its investments was in an early stage privacy startup called DataGrail. Today, the companies announced a partnership that they hope will help boost DataGrail, while providing Okta customers with a privacy tool option. DataGrail CEO and co-founder Daniel Barber says that […]

British parliament presses Facebook on letting politicians lie in ads

In yet another letter seeking to pry accountability from Facebook, the chair of a British parliamentary committee has pressed the company over its decision to adopt a policy on political ad that supports flagrant lying. In the letter Damian Collins, chair of the DCMS committee, asks the company to explain why it recently took the […]

6 tips founders need to know about securing their startup

If you’ve read anything of mine in the past year, you know just how complicated security can be. Every day it seems there’s a new security lapse, a breach, a hack, or an inadvertent exposure, such as leaving a cloud storage server unprotected without a password. These things happen, but they don’t have to; aecurity […]

NordVPN confirms it was hacked

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private keys exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. VPN providers are […]