Security

Cloudflare acquires stealthy startup S2 Systems, announces Cloudflare for Teams

Cloudflare announced that it has acquired S2 Systems, a browser isolation startup started by former Microsoft execs. The two companies did not reveal the acquisition price. Matthew Prince, co-founder and CEO at Cloudflare, says that this acquisition is part of a new suite of products called Cloudflare for Teams, which has been designed to protect […]

Homeland Security warns businesses to brace for Iranian cyberattacks

Homeland Security is warning U.S. companies to “consider and assess” the possible impacts and threat of a cyberattack on their businesses following heightened tensions with Iran. It’s its first official guidance published the government’s dedicated cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, just days after the killing of a leading Iranian military commander, […]

BigID bags another $50M round as data privacy laws proliferate

Almost exactly 4 months to the day after BigID announced a $50 million Series C, the company was back today with another $50 million round. The Series D came entirely from Tiger Global Management. The company has raised a total of $144 million. What warrants $100 million in interest from investors in just four months […]

2019 was a hot mess for cybersecurity, but 2020 shows promise

It’s no secret that I hate predictions — not least because the security field changes rapidly, making it difficult to know what’s next. But given what we know about the past year, we can make some best-guesses at what’s to come. Ransomware will get worse, and local governments will feel the heat File-encrypting malware that […]

Travelex suspends services after malware attack

Travelex, a major international foreign currency exchange, has confirmed its suspended some services after it was hit by malware on December 31. The London-based company, which operates more than 1,500 stores globally, said it took systems offline to “as a precautionary measure in order to protect data” and to stop the spread of the malware. […]

Here’s where California residents can stop companies selling their data

California’s new privacy law is now in effect, allowing state residents to take better control of the data that’s collected on them — from social networks, banks, credit agencies, and more. There’s just one catch: the companies, many of which lobbied against the law, don’t make it easy. California’s Consumer Privacy Act (CCPA) allows anyone […]

A ton of Ruckus Wireless routers are vulnerable to hackers

A security researcher has found several vulnerabilities in a number of Ruckus Wireless routers, which the networking giant has since patched. Gal Zror told TechCrunch that the vulnerabilities he found lie inside in the web user interface software that runs on the company’s Unleashed line of routers. The flaws can be exploited without needing a […]

Russia starts testing its own internal internet

Russia has begun testing a national internet system that would function as an alternative to the broader web, according to local news reports. Exactly what stage the country has reached is unclear, but certainly the goal of a resilient — and perhaps more easily controlled — internet is being pursued. The internet, of course, is […]

A Twitter app bug was used to match 17 million phone numbers to user accounts

A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” […]

No, Spotify, you shouldn’t have sent mysterious USB drives to journalists

Last week, Spotify sent out a number of USB drives to reporters with a note: “Play me.” It’s not uncommon for reporters to to receive USB drives in the post. Companies distribute USB drives all the time, including at tech conferences, often containing promotional materials or large files, such as videos that would otherwise be […]

Plenty of Fish app was leaking users’ hidden names and postal codes

Dating app Plenty of Fish has pushed out a fix for its apps after a security researcher found they were leaking information that users had set to “private” on their profiles. The app was always silently returning users’ first names and Zip postal codes to the app, according to The App Analyst, a mobile expert […]

MasterCard acquires security assessment startup, RiskRecon

MasterCard announced today that it is acquiring RiskRecon, a Salt Lake City startup that uses publicly available data to build security assessments of organizations. The companies did not share the purchase price. It’s become increasingly important for financial services companies like MasterCard to help customers navigate cyber security and RiskRecon will give customers an objective […]

F5 acquires Shape Security for $1B

F5 got an expensive holiday present today, snagging startup Shape Security for approximately $1 billion. What the networking company gets with a shiny red ribbon is a security product that helps stop automated attacks like credential stuffing. In an article earlier this year, Shape CTO Shuman Ghosemajumder explained what the company does: “We’re an enterprise-focused […]

Healthcare startup Lyfebin exposed medical images

Healthcare startup Lyfebin exposed thousands of medical imaging files, such as X-rays, MRI scans, and ultrasounds. The Los Angeles-based healthcare startup allows doctors and medical staff to store medical images in its “secure environment,” per its website, allowing patients and doctors access from anywhere. But the files were found stored in an unprotected Amazon Web […]

Over 1,500 Ring passwords have been found on the dark web

A security researcher has found on the dark web 1,562 unique email addresses and passwords associated with Ring doorbell passwords. The list of passwords was uploaded on Tuesday to an anonymous dark web text-sharing site commonly used to share stolen passwords or illicit materials. A security researcher found the cache of email addresses and passwords, […]

Osano, a risk and compliance startup, raises $5M in Series A

Risk and compliance startup Osano, which earlier this year debuted on the Battlefield stage at TechCrunch Disrupt SF, has raised $5.4 million in its Series A round. The company told TechCrunch that the round was led by LiveOak Venture Partners and Next Coast Ventures, both of which invested in the company’s seed round. Its Series […]

Cloud flaws expose millions of child tracking smartwatches

Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they’re not the only ones who can. This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a […]

Google details its approach to cloud-native security

Over the years, Google’s various whitepapers, detailing how the company solves specific problems at scale, have regularly spawned new startup ecosystems and changed how other enterprises think about scaling their own tools. Today, the company is publishing a new security whitepaper that details how it keeps it cloud-native architecture safe. The name, BeyondProd, already indicates […]

Satori Cyber raises $5.25M to help businesses protect their data flows

The amount of data that most companies now store — and the places they store it — continues to increase rapidly. With that, the risk of the wrong people managing to get access to this data also increases, so it’s no surprise that we’re now seeing a number of startups that focus on protecting this […]

New Orleans declares state of emergency following ransomware attack

New Orleans declared a state of emergency and shut down its computers after a cyber security event, the latest in a string of city and state governments to be attacked by hackers. Suspicious activity was spotted around 5 a.m. Friday morning. By 8 a.m., there was an uptick in that activity, which included evidence of […]

ACLU sues Homeland Security over ‘stingray’ cell phone surveillance

One of the largest civil liberties groups in the U.S. is suing two Homeland Security agencies for failing to turn over documents it requested as part of a public records request about a controversial cell phone surveillance technology. The American Civil Liberties Union filed suit against Customs & Border Protection (CBP) and Immigration & Customs […]

An iOS bug in AirDrop let anyone temporarily lock-up nearby iPhones

Apple has fixed a bug in iOS 13.3, out today, which let anyone temporarily lock users out of their iPhones and iPads by forcing their devices into an inescapable loop. Kishan Bagaria found a bug in AirDrop, which lets users share files from one iOS device to another. He found the bug let him repeatedly […]

Is your startup protected against insider threats?

We’ve talked about securing your startup, the need to understand phishing risks and how not to handle a data breach. But we haven’t yet discussed one of the more damaging threats that all businesses large and small face: the insider threat. The insider threat is exactly as it sounds — someone within your organization who has […]

Over 750,000 applications for US birth certificate copies exposed online

An online company that allows users to obtain a copy of their birth and death certificates from U.S. state governments has exposed a massive cache of applications — including their personal information. More than 752,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. (The bucket also had […]

RaySecur, a mailroom security startup, raises $3M in seed funding

Raysecur says at least ten times a day someone sends a suspicious package containing powder, liquid, or some other kind of hazard. The Boston, Mass.-based startup says its desktop-sized 3D real-time scanning technology, dubbed MailSecur, can intercept and detect threats in the mailroom before they ever make it onto the office floor. Mailroom security may […]

Reddit links UK-US trade talk leak to Russian influence campaign

Reddit has linked account activity involving the leak and amplification of sensitive UK-US trade talks on its platform during the ongoing UK election campaign to a suspected Russian political influence operation. Or, to put it more plainly, the social network suspects that Russian operatives are behind the leak of sensitive trade data — likely with […]

After criticism, Homeland Security drops plans to expand airport face recognition scans to US citizens

Homeland Security has confirmed it will not expand face recognition scans to U.S. citizens arriving and departing the country, days after it emerged the agency proposed making the scans for citizens mandatory. The department, whose responsibility is border protection and immigration checks, said in a government filing that it it wanted to “amend the regulations to […]

Justice Dept. charges Russian hacker behind the Dridex malware

U.S. prosecutors have brought computer hacking and fraud charges against a Russian citizen, Maksim Yakubets, who is accused of developing and distributing Dridex, a notorious banking malware used to allegedly steal more than $100 million from hundreds of banks over a multi-year operation. Per the unsealed 10-count indictment, Yakubets is accused of leading and overseeing […]

Most of the largest US voting districts are vulnerable to email spoofing

Only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks, seen as a key attack method by hackers who officials say want to disrupt the upcoming presidential election. The findings come less than a year before millions of Americans are set to go to the polls to […]

DHS wants to expand airport face recognition scans to US citizens

Homeland Security wants to expand facial recognition checks for travelers arriving and departing the U.S. to also include citizens, which had previously been exempt from the mandatory checks. In a filing, the department has proposed that all travelers, and not just foreign nationals or visitors, will have to complete a facial recognition check before they […]

Tuft & Needle exposed thousands of customer shipping labels

Mattress and bedding giant Tuft & Needle left hundreds of thousands of FedEx shipping labels containing customer names, addresses, and phone numbers on an unprotected cloud server. More than 236,400 shipping labels were found on an Amazon Web Services (AWS) storage bucket without a password, allowing anyone who knew the easy-to-guess web address access to […]

A bug in Microsoft’s login system put users at risk of account hijacks

Microsoft has fixed a vulnerability in its login system, which security researchers say could have been used to trick unsuspecting victims into giving over complete access to their online accounts. The bug allowed attackers to quietly steal account tokens, which websites and apps use to grant users access to their accounts without having them to […]

Facebook launches a photo portability tool, starting in Ireland

It’s not friend portability, but Facebook has announced the launch today of a photo transfer tool to enable users of its social network to port their photos directly to Google’s photo storage service, via encrypted transfer. The photo portability feature is initially being offered to Facebook users in Ireland, where the company’s international HQ is […]

Now even the FBI is warning about your smart TV’s security

If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things. Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected […]

Millions of SMS messages exposed in database security lapse

A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online. The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and […]

Ockam raises $3.2 million in seed funding to make it easier for developers to secure and scale their IoT apps

Ockam, a two-year-old, Bay Area-based company that’s selling tools to developers to they can establish an “architecture for trust” within their connected device applications, has raised $3.2 million in seed funding, including from Core Ventures, Okta Ventures, SGH Capital, and Future Ventures. This serverless platform for IoT development is being led by CEO Matthew Gregory […]

Mixcloud data breach exposes over 20 million user records

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web. The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to […]

Only a few 2020 US presidential candidates are using a basic email security feature

Just one-third of the 2020 U.S. presidential candidates are using an email security feature that could prevent a similar attack that hobbled the Democrats’ during the 2016 election. Out of the 21 presidential candidates in the race according to Reuters, seven Democrats and one Republican candidate are using and enforcing DMARC, an email security protocol […]

More than 1 million T-Mobile customers exposed by breach

T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack. The company said in its disclosure to […]

Startups face the same phishing risks as big corporations

This week, we reported on TechCrunch how thousands of remote employees with health and workplace benefits through human resources giant TriNet received emails that looked like a near-perfect phishing attempt. One recipient was so skeptical, they shared the email with TechCrunch so we could verify its authenticity. The message checked every suspicious box. In fact, […]

Another US court says police cannot force suspects to turn over their passwords

The highest court in Pennsylvania has ruled that the state’s law enforcement cannot force suspects to turn over their passwords that would unlock their devices. The state’s Supreme Court said compelling a password from a suspect is a violation of the Fifth Amendment, a constitutional protection that protects suspects from self-incrimination. It’s not an surprising […]

Congress extends NSA call records collection powers to March

In passing a short-term funding bill to avoid a U.S. government shutdown, Congress has also extended the government’s legal powers allowing it to collect daily millions of Americans’ call records. Buried in a funding bill passed by the House this week was a clause that extended the government’s so-called Section 215 powers, which allow the […]