Security

Mercedes-Benz app glitch exposed car owners’ information to ot…

Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information. TechCrunch spoke to two customers who said the Mercedes-Benz’ connected car app was pulling in information from other accounts and not their own, allowing them to see personal information […]

A set of new tools can decrypt files locked by Stop, a highly …

Thousands of ransomware victims may finally get some long-awaited relief. New Zealand-based security company Emsisoft has built a set of decryption tools for Stop, a family of ransomware that includes Djvu and Puma, which they say could help victims recover some of their files. Stop is believed to be the most active ransomware in the […]

Popular app Snaptube caught serving invisible ads and charging…

A popular video downloader app for Android has been found generating fake ad clicks and unauthorized premium purchases from its users, according to a security firm. Snaptube, which boasts some 40 million users, allows users to download videos and music from YouTube, Facebook, and other major video sites. The app, developed in China, is not […]

Samsung confirms glaring S10 fingerprint reader flaw, promises fix

Galaxy S10 users should be turn on some alternative security features as Samsung works to address a major flaw with the device’s in-screen fingerprint sensor. The consumer electronics giant noted the issue today after a British user reported the ability to unlock her device with unregistered fingerprints. The flaw was discovered after placing a $3.50 […]

MyGate raises $56M to bring its security management service to…

MyGate, a Bangalore-based startup that offers security management and convenience service for guard-gated premises, said today it has bagged over $50 million in a new financing round as it looks to expand its footprint in the nation. Chinese internet giant Tencent, Tiger Global, JS Capital, and existing investor Prime Venture Partners funded the three-year-old startup’s […]

Inside the shutdown of the ‘world’s largest’ child sex abuse website

This morning, the Justice Department announced that it had brought charges against the administrator and hundreds of users of the “world’s largest” child sexual exploitation marketplace on the dark web. For me, it marked the end of a story I’ve wanted to write for two years. In November 2017, I was working for CBS as […]

Foursquare CEO calls on Congress to regulate the location data…

The chief executive of Foursquare, one of the largest location data platforms on the internet, is calling on lawmakers to pass legislation to better regulate the wider location data industry amid abuses and misuses of consumers’ personal data. It comes in the aftermath of the recent location sharing scandal, which revealed how bounty hunters were […]

Instagram will give you more control over your third-party app…

Instagram is slowly rolling out a new feature that will help better protect your personal data from being accessed by your long discarded, third-party applications — that is, any app you had once authorized to access your Instagram profile over the years. This may include websites you used for printing your Instagram photos, various dating apps, […]

Justice Dept. says it’s taken down ‘one of the world’s largest…

The Justice Department says it’s dismantled one of the largest child exploitation sites on the dark web. With the help of international partners in the U.K. and South Korea, U.S. prosecutors have brought charges against a South Korean citizen, Jong Woo Son, for conspiracy to advertise, product, and distribute child abuse imagery. Son was charged […]

Twitter says it will restrict users from retweeting world lead…

Twitter said it will restrict how users can interact with tweets from world leaders who break its rules. The social media giant said it will not allow users to like, reply, share or retweet the offending tweets, but instead will let users to quote-tweet to allow ordinary users to express their opinions. The company said […]

Elastic adds endpoint security to its expanding toolset

Elastic acquired Endgame Security in June for $234 million, and as a result of that deal, today the company announced Elastic Endpoint security to help customers secure laptops and servers. It also announced the acquisition has officially closed. Elastic CEO and co-founder Shay Banon says that the company has already been helping threat hunters inside […]

Germany says it won’t ban Huawei or any 5G supplier up front

Germany is resisting US pressure to shut out Chinese tech giant Huawei from its 5G networks — saying it will not ban any supplier for the next-gen mobile networks on an up front basis, per Reuters. “Essentially our approach is as follows: We are not taking a pre-emptive decision to ban any actor, or any company,” […]

Shipping giant Pitney Bowes hit by ransomware

Shipping tech giant Pitney Bowes has confirmed a ransomware incident on its systems. The company said in a statement that its systems were hit by a “malware attack that encrypted information” on its systems, more commonly known as a ransomware attack. “At this time, the company has seen no evidence that customer or employee data […]

Google updates its Titan security keys with USB-C

Google has revealed its latest Titan security key — and it’s now compatible with USB-C devices. The latest Titan key arrives just weeks after its closest market rival Yubico — which also manufactures the Titan security key for Google — released its own USB-C and Lightning compatible key, but almost two years after the release […]

Thoma Bravo makes $3.9 billion offer to acquire security firm Sophos

Sophos announced this morning that private equity firm Thoma Bravo, has agreed to buy the British company for £3.1 billion ($3.9 billion USD). The price is based on $7.40 USD per share and the company indicated that the board of directors will recommend that shareholders accept the offer. Sophos CEO Kris Hagerman, as you would […]

California’s Privacy Act: What you need to know now

This week California’s attorney general, Xavier Becerra, published draft guidance for enforcing the state’s landmark privacy legislation. The draft text of the regulations under the California Consumer Privacy Act (CCPA) will undergo a public consultation period, including a number of public hearings, with submissions open until December 6 this year. The CCPA itself will take […]

Flaw in Cyberoam firewalls exposed corporate networks to hackers

Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password. The vulnerability allows an attacker to remotely gain “root” permissions on a vulnerable device, giving them the highest level of access, by […]

Cisco hit by an internal network outage

Not a great start to the day for Cisco employees, many of which are struggling in the face of an internal IT outage. The technology and networking giant confirmed in a tweet it was “aware of some disruption” to its IT systems and is “working” on restoring the network. Worse, the company’s corporate blog also […]

Xage now supports hierarchical blockchains for complex implementations

Xage is working with utilities, energy companies and manufacturers to secure their massive systems, and today it announced some significant updates to deal with the scale and complexity of these customers’ requirements including a new hierarchical blockchain. Xage enables customers to set security policy, then enforce that policy on the blockchain. Company CEO Duncan Greatwood […]

Okta wants to make every user a security ally

End users tend to get a bad rap in the security business because they are often the weakest security link. They fall for phishing schemes, use weak passwords and often unknowingly are the conduit for malicious actors getting into your company’s systems. Okta wants to change that by giving end users information about suspicious activity […]

New Vector scores $8.5M to plug more users into its open, dece…

New Vector, a European startup founded in 2017 by the creators of an open, decentralized communications standard called Matrix to drive adoption and grow an ecosystem around an alternative messaging protocol for instant messaging and VoIP apps, has raised an $8.5 million Series A funding round. Investors in New Vector’s Series A round include enterprise […]

DHS cyber unit wants to subpoena ISPs to identify vulnerable systems

Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure Security Agency (CISA), founded just under a year ago, wants the new administrative subpoena […]

European risk report flags 5G security challenges

European Union Member States have published a joint risk assessment report into 5G technology which highlights increased security risks that will require a new approach to securing telecoms infrastructure. The EU has so far resisted pressure from the U.S. to boycott Chinese tech giant Huawei as a 5G supplier on national security grounds, with individual […]

Senate report says Russian election interference ‘invariably’ …

A bipartisan Senate investigation into Russian interference in the 2016 election released today definitively implicates the country in online operations designed specifically to get then-candidate Donald Trump elected. The tactics used were "overtly and almost invariably supportive" of his campaign even to the detriment of other Republicans. The report recommends major chances to how disinformation and election interference are handled in this country.

Twitter admits it used two-factor phone numbers and emails for…

Twitter has said it used phone numbers and email addresses, provided by users to set up two-factor authentication on their accounts, to serve targeted ads. In a disclosure Tuesday, the social media giant said it did not know how many users were impacted. The issue stemmed from the company’s tailored audiences program, which allows companies […]

Nadella warns government conference not to betray user trust

Microsoft CEO Satya Nadella, delivering the keynote at the Microsoft Government Leaders Summit in Washington, DC today, had a message for attendees to maintain user trust in their tools technologies above all else. He said it is essential to earn user trust, regardless of your business. “Now, of course, the power law here is all […]

No one could prevent another ‘WannaCry-style’ attack, says DHS…

The U.S. government may not be able to prevent another global cyberattack like WannaCry, a senior cybersecurity official has said. Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCrunch Disrupt SF that the 2017 WannaCry cyberattack, which saw hundreds of thousands of computers […]

How you shouldn’t handle your data breach

So you’ve had a data breach. Don’t worry, it’s not just you. These days it happens to everyone, no matter how large or small your company is. It’s almost inevitable, some might say, and not a case of if but when. A lot is already out of your control. Whether a hacker broke in and […]

Daily Crunch: Facebook faces government pressure over encryption

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here. 1. Facebook is being leaned on by US, UK, Australia to ditch its end-to-end encryption expansion plan U.S. Attorney General William Barr, […]

Microsoft says Iranian hackers targeted 2020 presidential candidate

Microsoft said it has found evidence that hackers associated with Iran have targeted a 2020 presidential candidate. The tech giant’s security and trust chief confirmed the attack in a blog post, but the company would not say which candidate was the target. The threat group, which Microsoft calls Phosphorous — also known as APT 35 […]

The lack of cybersecurity talent is “a national security threa…

One of the most senior officials tasked with protecting U.S. critical infrastructure says that the lack of security professionals in the U.S. is one of the leading threats to national cyber security. Speaking at TechCrunch Disrupt SF, Jeannette Manfra, the assistant director for cybersecurity for the Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said […]

Facebook is being leant on by US, UK, Australia to ditch its e…

Here we go again. Western governments are once again dialling up their attack on end-to-end encryption — calling for either no e2e encryption or backdoored e2e encryption so platforms can be commanded to serve state agents with messaging data in “a readable and usable format”. US attorney general William Barr, acting US homeland security secretary Kevin […]

Google rolls out new privacy tools for Maps, YouTube and Assistant

Google today announced a handful of new consumer privacy tools for some of its most-used products, including Google Maps, YouTube, and Google Assistant. The tools are meant to better allow users to control, manage and erase the data Google collects from those who use its services or prevent Google from collecting that data in the […]

Cybersecurity giant Comodo can’t even keep its own website secure

Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked. The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software and used by Comodo. The flaw, which requires little skill to exploit, allows an […]

A flaw in Webex and Zoom let researchers snoop on users’ video calls

A team of security researchers found they could tap into Webex and Zoom video meetings because many weren’t protected with a code. Researchers at Cequence, a startup focused on protecting applications from scraping and account takeovers, programmed a bot to cycle through lists of valid meeting IDs and get access to active conference calls. The […]