Security

Over 1,500 Ring passwords have been found on the dark web

A security researcher has found on the dark web 1,562 unique email addresses and passwords associated with Ring doorbell passwords. The list of passwords was uploaded on Tuesday to an anonymous dark web text-sharing site commonly used to share stolen passwords or illicit materials. A security researcher found the cache of email addresses and passwords, […]

Osano, a risk and compliance startup, raises $5M in Series A

Risk and compliance startup Osano, which earlier this year debuted on the Battlefield stage at TechCrunch Disrupt SF, has raised $5.4 million in its Series A round. The company told TechCrunch that the round was led by LiveOak Venture Partners and Next Coast Ventures, both of which invested in the company’s seed round. Its Series […]

Cloud flaws expose millions of child tracking smartwatches

Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they’re not the only ones who can. This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a […]

Google details its approach to cloud-native security

Over the years, Google’s various whitepapers, detailing how the company solves specific problems at scale, have regularly spawned new startup ecosystems and changed how other enterprises think about scaling their own tools. Today, the company is publishing a new security whitepaper that details how it keeps it cloud-native architecture safe. The name, BeyondProd, already indicates […]

Satori Cyber raises $5.25M to help businesses protect their data flows

The amount of data that most companies now store — and the places they store it — continues to increase rapidly. With that, the risk of the wrong people managing to get access to this data also increases, so it’s no surprise that we’re now seeing a number of startups that focus on protecting this […]

New Orleans declares state of emergency following ransomware attack

New Orleans declared a state of emergency and shut down its computers after a cyber security event, the latest in a string of city and state governments to be attacked by hackers. Suspicious activity was spotted around 5 a.m. Friday morning. By 8 a.m., there was an uptick in that activity, which included evidence of […]

ACLU sues Homeland Security over ‘stingray’ cell phone surveillance

One of the largest civil liberties groups in the U.S. is suing two Homeland Security agencies for failing to turn over documents it requested as part of a public records request about a controversial cell phone surveillance technology. The American Civil Liberties Union filed suit against Customs & Border Protection (CBP) and Immigration & Customs […]

An iOS bug in AirDrop let anyone temporarily lock-up nearby iPhones

Apple has fixed a bug in iOS 13.3, out today, which let anyone temporarily lock users out of their iPhones and iPads by forcing their devices into an inescapable loop. Kishan Bagaria found a bug in AirDrop, which lets users share files from one iOS device to another. He found the bug let him repeatedly […]

Is your startup protected against insider threats?

We’ve talked about securing your startup, the need to understand phishing risks and how not to handle a data breach. But we haven’t yet discussed one of the more damaging threats that all businesses large and small face: the insider threat. The insider threat is exactly as it sounds — someone within your organization who has […]

Over 750,000 applications for US birth certificate copies exposed online

An online company that allows users to obtain a copy of their birth and death certificates from U.S. state governments has exposed a massive cache of applications — including their personal information. More than 752,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. (The bucket also had […]

RaySecur, a mailroom security startup, raises $3M in seed funding

Raysecur says at least ten times a day someone sends a suspicious package containing powder, liquid, or some other kind of hazard. The Boston, Mass.-based startup says its desktop-sized 3D real-time scanning technology, dubbed MailSecur, can intercept and detect threats in the mailroom before they ever make it onto the office floor. Mailroom security may […]

Reddit links UK-US trade talk leak to Russian influence campaign

Reddit has linked account activity involving the leak and amplification of sensitive UK-US trade talks on its platform during the ongoing UK election campaign to a suspected Russian political influence operation. Or, to put it more plainly, the social network suspects that Russian operatives are behind the leak of sensitive trade data — likely with […]

Justice Dept. charges Russian hacker behind the Dridex malware

U.S. prosecutors have brought computer hacking and fraud charges against a Russian citizen, Maksim Yakubets, who is accused of developing and distributing Dridex, a notorious banking malware used to allegedly steal more than $100 million from hundreds of banks over a multi-year operation. Per the unsealed 10-count indictment, Yakubets is accused of leading and overseeing […]

Most of the largest US voting districts are vulnerable to email spoofing

Only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks, seen as a key attack method by hackers who officials say want to disrupt the upcoming presidential election. The findings come less than a year before millions of Americans are set to go to the polls to […]

DHS wants to expand airport face recognition scans to US citizens

Homeland Security wants to expand facial recognition checks for travelers arriving and departing the U.S. to also include citizens, which had previously been exempt from the mandatory checks. In a filing, the department has proposed that all travelers, and not just foreign nationals or visitors, will have to complete a facial recognition check before they […]

Tuft & Needle exposed thousands of customer shipping labels

Mattress and bedding giant Tuft & Needle left hundreds of thousands of FedEx shipping labels containing customer names, addresses, and phone numbers on an unprotected cloud server. More than 236,400 shipping labels were found on an Amazon Web Services (AWS) storage bucket without a password, allowing anyone who knew the easy-to-guess web address access to […]

A bug in Microsoft’s login system put users at risk of account hijacks

Microsoft has fixed a vulnerability in its login system, which security researchers say could have been used to trick unsuspecting victims into giving over complete access to their online accounts. The bug allowed attackers to quietly steal account tokens, which websites and apps use to grant users access to their accounts without having them to […]

Facebook launches a photo portability tool, starting in Ireland

It’s not friend portability, but Facebook has announced the launch today of a photo transfer tool to enable users of its social network to port their photos directly to Google’s photo storage service, via encrypted transfer. The photo portability feature is initially being offered to Facebook users in Ireland, where the company’s international HQ is […]

Now even the FBI is warning about your smart TV’s security

If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things. Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected […]

Millions of SMS messages exposed in database security lapse

A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online. The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and […]

Ockam raises $3.2 million in seed funding to make it easier for developers to secure and sca…

Ockam, a two-year-old, Bay Area-based company that’s selling tools to developers to they can establish an “architecture for trust” within their connected device applications, has raised $3.2 million in seed funding, including from Core Ventures, Okta Ventures, SGH Capital, and Future Ventures. This serverless platform for IoT development is being led by CEO Matthew Gregory […]

Mixcloud data breach exposes over 20 million user records

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web. The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to […]

Only a few 2020 US presidential candidates are using a basic email security feature

Just one-third of the 2020 U.S. presidential candidates are using an email security feature that could prevent a similar attack that hobbled the Democrats’ during the 2016 election. Out of the 21 presidential candidates in the race according to Reuters, seven Democrats and one Republican candidate are using and enforcing DMARC, an email security protocol […]

Anti-bot startup Kasada raises $7M in Series A from CIA’s venture fund In-Q-Tel

Kasada, an anti-bot startup we profiled earlier this year, has raised $7 million in its Series A led by In-Q-Tel, the non-profit venture arm of the intelligence community. The Sydney and Chicago-based company helps to fight online bots using its proprietary anti-bot platform Polyform. Bots don’t just pummel websites with junk traffic to try to […]