Security

Microsoft will now pay up to $20k for Xbox Live security exploits

Think you’ve found a glaring security hole in Xbox Live? Microsoft is interested. The company announced a new bug bounty program today, focused specifically on its Xbox Live network and services. Depending on how serious the exploit is and how complete your report is, they’re paying up to $20,000. Like most bug bounty programs, Microsoft […]

Amazon quietly publishes its latest transparency report

Just as Amazon was basking in the news of a massive earnings win, the tech giant quietly published — as it always does — its latest transparency report, revealing a slight dip in the number of government demands for user data. It’s a rarely seen decline in the number of demands received by a tech […]

Ring’s new security ‘control center’ isn’t nearly enough

On the same day that a Mississippi family is suing Amazon -owned smart camera maker Ring for not doing enough to prevent hackers from spying on their kids, the company has rolled out its previously announced “control center,” which it hopes will make you forget about its verifiably “awful” security practices. In a blog post […]

Social media boosting service exposed thousands of Instagram passwords

A social media boosting startup, which bills itself as a service to increase a user’s Instagram followers, has exposed thousands of Instagram account passwords. The company, Social Captain, says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username […]

Indian airline SpiceJet confirms breach of 1.2 million passenger details

SpiceJet, one of India’s largest privately owned airlines, has confirmed a data breach involving the details of over a million of its passengers. The security researcher, who described their actions as “ethical hacking” but whom we are not naming as they likely ran afoul of U.S. computer hacking laws, gained access to one of SpiceJet’s […]

Verkada raises $80M at $1.6B to be every building’s security OS

50 iPads were stolen from Verkada co-founder Hans Robertson’s old company. Only when they checked the security system did they realize the video cameras hadn’t been working for months. He was pissed. “The market lagged behind the progress seen in the consumer space, where someone could buy high-end cameras with cloud-based software to protect their […]

Dept. of Interior grounds its drones amid cybersecurity concerns

The U.S. Department of the Interior has confirmed it has grounded its fleet of non-emergency drones amid concerns over cybersecurity. In a brief statement, the department said the move will help to ensure that “the technology used for these operations is such that it will not compromise our national security interests.” Interior spokesperson Carol Danko […]

Essential advice for securing your small startup

Jeff Bezos’ phone was hacked. And if the richest person in the world is vulnerable, chances are good that your startup could get hacked, too. The good news is that, as a tiny company, you’re not a big target. But as soon as you hire your first employee, it’s time to think about adopting basic […]

Essential advice for securing your small startup

Jeff Bezos’ phone was hacked. And if the richest person in the world is vulnerable, chances are good that your startup could get hacked, too. The good news is that, as a tiny company, you’re not a big target. But as soon as you hire your first employee, it’s time to think about adopting basic […]

A Christian-friendly payments processor spilled 6 million transaction records online

A little-known payments processor, which bills itself as a Christian-friendly company that does “not process credit card transactions for morally objectionable businesses,” left a database containing years’ worth of customer payment transactions online. The database contained 6.7 million records since 2013, and was updating by the day. But the database was not protected with a […]

LabCorp website bug exposed thousands of medical documents

A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data. It’s the second incident in the past year after LabCorp said in June that 7.7 million patients had been affected by a credit card data breach of a third-party payments processor. The breach also hit several other […]

UK will allow Huawei to supply 5G — with ‘tight restrictions’

The UK government will allow Chinese tech giant Huawei to play a limited role in supplying the country’s 5G networks, it has been announced today. The government said the package of restrictions being announced on “high risk” 5G vendors will allow it to “mitigate the potential risk posed by the supply chain and to combat […]

An adult sexting site exposed thousands of models’ passports and driver’s licenses

A popular sexting website has exposed thousands of photo IDs belonging to models and sex workers who earn commissions from the site. SextPanther, an Arizona-based adult site, stored over 11,000 identity documents on an exposed Amazon Web Services (AWS) storage bucket, including passports, driver’s licenses, and Social Security numbers, without a password. The company says […]

Daily Crunch: Saudis probably hacked Bezos’ phone

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here. 1. UN calls for investigation after Saudis linked to Bezos phone hack United Nations experts are calling for an investigation after a […]

Daily Crunch: Saudis probably hacked Bezos’ phone

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here. 1. UN calls for investigation after Saudis linked to Bezos phone hack United Nations experts are calling for an investigation after a […]

Should tech giants slam the encryption door on the government?

Reuters reported yesterday, citing six sources familiar with the matter, that the FBI pressured Apple into dropping a feature that would allow users to encrypt iPhone backups stored in Apple’s cloud. The decision to abandon plans to end-to-end encrypt iCloud-stored backups was reportedly made about two years ago. The feature, if rolled out, would have […]

Octarine releases open source security scanning tools for Kubernetes

Octarine, a startup that helps automate security of Kubernetes workloads, released an open source scanning tool today. The tool, which is called KubeScan, is designed to help developers understand the level of security risk in their Kubernetes clusters. The company is also open sourcing a second tool called KCSS, which is the underlying configuration framework […]

Thundra announces $4M Series A to secure and troubleshoot serverless workloads

Thundra, an early stage serverless tooling startup, announced a $4 million Series A today led by Battery Ventures. The company spun out from OpsGenie after it was sold to Atlassian for $295 million in 2018. York IE, Scale X Ventures and Opsgenie founder Berkay Mollamustafaoglu also participated in the round. Battery’s Neeraj Agarwal is joining […]

Snyk snags $150M investment as its valuation surpasses $1B

Snyk, the company that wants to help developers secure their code in a modern context, announced a $150 million investment today. The company indicated the investment brings the company valuation to over $1 billion (although it did not share the exact figure). Today’s round was led by Stripes, a New York City investment firm with […]

Israel’s cybersecurity startup scene spawned new entrants in 2019

Yoav Leitersdorf Contributor Share on Twitter Yoav Leitersdorf is the Silicon Valley-based Managing Partner at YL Ventures, where he accelerates cybersecurity startups in the U.S. market. More posts by this contributor A look back at the Israeli cyber security industry in 2018 Trends in Israel’s cybersecurity investments Ofer Schreiber Contributor Share on Twitter Ofer Schreiber […]

TechCrunch’s Top 10 investigative reports from 2019

Facebook spying on teens, Twitter accounts hijacked by terrorists, and sexual abuse imagery found on Bing and Giphy were amongst the ugly truths revealed by TechCrunch’s investigating reporting in 2019. The tech industry needs more watchdogs than ever as its size enlargens the impact of safety failures and the abuse of power. Whether through malice, […]

Microsoft says it will fix an Internet Explorer security bug under active attack

Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers, but that it has no immediate plans to fix. In a late-evening tweet, US-CERT, the division of Homeland Security tasked with reporting on major security flaws, tweeted a link to a security advisory detailing the bug, describing it as “being […]

Cyral announces $11M Series A to help protect data in cloud

Cyral, an early stage startup that helps protect data stored in cloud repositories, announced an $11 million Series A today. The company also revealed a previous undisclosed $4.1 million angel investment, making the total $15.1 million. The Series A was led by Redpoint Ventures. A.Capital Ventures, Costanoa VC, Firebolt, SV Angel and Trifecta Capital also […]

The US government should stop demanding tech companies compromise on encryption

In a tweet late Tuesday, President Trump criticized Apple for refusing “to unlock phones used by killers, drug dealers and other violent criminal elements.” Trump was specifically referring to a locked iPhone that belonged to a Saudi airman who killed three U.S sailors in an attack on a Florida base in December. It’s only the latest […]

Buttigieg’s CISO resigns, leaving no known cybersecurity chiefs among the 2020 candidates

Presidential candidate Pete Buttigieg has lost his campaign’s chief information security officer, who cited “differences” with the campaign over its security practices. Mick Baccio, who served under the former South Bend mayor’s campaign for the White House, left his position earlier this month. The Wall Street Journal first reported the news. TechCrunch also confirmed Baccio’s […]

Google finally brings its security key feature to iPhones

More than half a year after Google said Android phones could be used as a security key, the feature is coming to iPhones. Google said it’ll bring the feature to iPhones in an effort to give at-risk users, like journalist and politicians, access to additional account and security safeguards, effectively removing the need to use […]

Cloudflare is giving away its security tools to US political campaigns

Network security giant Cloudflare said it will provide its free security tools and services to U.S. political campaigns, as part of its efforts to secure upcoming elections against cyberattacks and election interference. The company said its new Cloudflare for Campaigns offering will include distributed denial-of-service attack mitigation, load balancing for campaign websites, a website firewall, […]

Microsoft and NSA say security bug affects millions of Windows 10 computers

Microsoft has released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10. The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. The component has a range of functions, one of which allows developers digitally sign their software, proving that the software has not been […]

Instagram tests Direct Messaging on web where encryption fails

Instagram will finally let you chat from your web browser, but the launch contradicts Facebook’s plan for end-to-end encryption in all its messaging apps. Today Instagram began testing Direct Messages on the web for a small percentage of users around the globe, a year after TechCrunch reported it was testing web DMs. When fully rolled […]

Seattle’s ExtraHop expects $100M ARR in 2021, IPO

Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between. Today we’re continuing our series on companies that have reached the $100 million annual recurring revenue (ARR) threshold, or are about to. ExtraHop is the company of the day, a Seattle-based firm that deals with […]

At CES, companies slowly start to realize that privacy matters

Every year, Consumer Electronics Show attendees receive a branded backpack, but this year’s edition was special; made out of transparent plastic, the bag’s contents were visible without the wearer needing to unzip. It isn’t just a fashion decision. Over the years, security has become more intense and cumbersome, but attendees with transparent backpacks didn’t have […]

Amazon has fired an employee for leaking user email addresses and phone numbers

Amazon has fired an employee after it shared user email address and phone number with a third-party “in violation of our policies,” according to an email seen by TechCrunch. The email, which was sent to customers on Friday afternoon, said the employee was “terminated” and the company is supporting law enforcement in their prosecution. “No […]

A billion medical images are exposed online, as doctors ignore warnings

This story was reported in partnership with health news site The Mighty Every day, millions of new medical images containing the personal health information of patients are spilling out onto the internet. Hundreds of hospitals, medical offices and imaging centers are running insecure storage systems, allowing anyone with an internet connection and free-to-download software to […]

Mozilla says a new Firefox security bug is under active attack

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users. The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to […]

How Ring is rethinking privacy and security

Ring is now a major player when it comes to consumer video doorbells, security cameras — and privacy protection. Amazon acquired the company and promotes its devices heavily on its e-commerce websites. Ring has even become a cultural phenomenon with viral videos being shared on social networks and the RingTV section on the company’s website. […]

As ransomware gets craftier, companies must start thinking creatively

Some say ransomware is in decline. Others say it’s getting craftier. File-encrypting malware, known as ransomware, infects vulnerable computers and scrambles its files, inviting victims to return access to their data once they pay a ransom. Ransomware remains one of the most popular types of malware and is said to be a multi-billion dollar — albeit […]

AvePoint lands $200M investment to expand market for Microsoft cloud governance tools

While Microsoft cloud services such as SharePoint, Microsoft Teams and Office 365 are used widely by large organizations, the products don’t come standard with an enterprise-grade control layer. That’s where AvePoint, a Microsoft independent software (ISV), comes in. Today, the company announced a $200 million Series C investment. The round was led by TPG Sixth […]