by Danny Bradbury When is an address bar not an address bar? When it’s a fake. Security researcher James Fisher has run across a sneaky attack that could fool unwitting mobile users into browsing a phishing site with an address bar displaying a legitimate URL. The trick exploits the way that the Android version of
Month: April 2019
Our data lives in the cloud, and nearly a quarter of it requires protection to limit our risk. You won’t be able to get far in your transformation to the cloud without learning the sources of cloud data risk and how to circumnavigate them. In our latest Cloud Adoption and Risk Report, we analyze the
The monetization hose is on full blast at Instagram now, and today at F-8 Facebook unveiled one of the latest developments on that front. The company said that creators will now be able to tag items to sell them directly to people viewing their posts and Stories. For now, this will work only on items
Criminal activities against accountants on the rise – Buhtrap and RTM still active What better way to target accountants than to target them as they search the web, looking for documents pertinent to their job? This is just what has been happening for the past few months, where a group using two well-known backdoors —
An ongoing attack against Electrum Bitcoin wallets has just grown bigger and stronger with attackers now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users, raising the amount of stolen users’ funds to USD 4.6 million. Electrum has been facing cyber attacks since December last year when a team
Samsung’s Q1 earnings are in and, as the company itself predicted, they don’t make for pretty reading. The Korean giant saw revenue for the three-month period fall by 13 percent year-on-year to 52.4 trillion KRW, around $45 billion. Meanwhile, operating profit for Q1 2019 came in at 6.2 trillion KRW, that’s a whopping $5.33 billion but
App developer DO Global, a Chinese developer partly owned by Baidu that generates over a half billion installs, has been banned from Google Play after the store received reports the apps were part of an ad fraud scheme, according to BuzzFeed News. As of April 26, 46 apps from DO Global had reportedly been removed from
by John E Dunn After more than 20 years of steady improvement, the US National Institute of Standards and Technology (NIST) thinks it has reached an important milestone with something called Combinatorial Coverage Measurement (CCM). Part of a research toolkit called Automated Combinatorial Testing for Software (ACTS), CCM is an algorithmic approach used to test software
Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims’ files and asking for payment to decrypt them, has gained notoriety for the targets it has affected. In this blog, we will look at the findings
Facebook’s annual F8 developer conference is taking over the McEnery Convention Center Center in San Jose this week and TechCrunch will be on the ground covering any and all announcements. The week is sure to have its fair share of fireworks as the company’s top brass takes the stage to talk about the future of
Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission (FTC) as the result of an investigation into its privacy policies—that’s about one month’s revenue for the social media giant. To be clear the amount of fine is not what the FTC has announced or hinted yet; instead,
Apple is defending its removal of certain parental control apps from the app store in a new statement. The company has come under fire for its removal of certain apps that were pitched as tools giving parents more control over their children’s screen-time, but that Apple said relied on technology that was too invasive for
Best practices — we all know they’re important. Most of the time, they’re static guidelines on how to design or implement systems. But in terms of email security, best practices for employees are almost always a combination of steps taken by security architects and a set of desired behaviors for an organization’s email system end
After Facebook alerted the Data Protection Commission (DPC) that it had found hundreds of millions of user passwords stored in its internal servers in plain text format, DPC launched an investigation to determine whether the company had acted in compliance with the General Data Protection Regulation (GDPR), according to an April 25 press release. According
by John E Dunn What is it about a secure password that makes us think it’s secure? Traditionally, for businesses it’s been things like complexity, minimum length, avoiding known bad passwords, and how often passwords are changed to counter the possibility of undetected compromise. And yet, recently, the last of those orthodoxies – password expiration
Thirty years ago, Tim Berners-Lee set out to accomplish an ambitious idea – the World Wide Web. While most of us take this invention for granted, we have the internet to thank for the technological advances that make up today’s smart home. From smart plugs to voice assistants – these connected devices have changed the
Whatever happened to the ethics of engineering? We’ve seen just one disastrous news story after another these past few years, almost all knowable and preventable. Planes falling out of the sky. Nuclear power plants melting down. Foreign powers engorging on user data. Environmental testing thrashed. Electrical grids burning states to the ground. The patterns are
Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems
Sending severed heads, and even more PR DON’Ts I wrote a “master list” of PR DON’Ts earlier this week, and now that list has nearly doubled as my fellow TechCrunch writers continued to experience even more bad behavior around pitches. So, here are another 12 things of what not to do when pitching a startup:
The Hong Kong branch of Amnesty International has reportedly been the target of a sophisticated state-sponsored attack believed to have been carried out by a group of hostile threat actors within the Chinese government. An April 25 press release from Amnesty International said the cyber-attack was detected on March 15, 2019, after monitoring tools identified
by Lisa Vaas True, we accidentally swapped fingerprints for Danish citizens’ left and right hands on their passports, but it probably won’t cause much grief for these 228,000 people, said the head of Kube Data, which encoded the biometric data on the passports’ microprocessors. The Copenhagen Post quoted Jonathan Jørgensen: It’s difficult to imagine that
As adults, we know the importance of strong passwords, and we’ve likely preached the message to our kids. But let’s rewind for a minute. Do our kids understand why strong passwords are important and why it needs to become a habit much like personal health and hygiene? If we want the habit to stick, the
The only job named in and protected by the U.S. constitution is journalism. But when it’s under attack from fake news, misinformation, and the supposed defender-of-the-constitution-in-chief, who looks out for the press? Reporters have an unlikely ally in the late night comedy circuit. Late night television has a steady stream of male comedians ready to
Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company’s single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately. The breach
Tesla, Elon Musk and the U.S. Securities and Exchange Commission reached an agreement Friday that will give the CEO freedom to use Twitter —within certain limitations — without fear of being held in contempt for violating an earlier court order. Musk can tweet as he wishes except when it’s about certain events or financial milestones. In
After years of requesting a seat at the table, cybersecurity professionals are starting to feel that they see eye to eye with their stakeholders, according to a new report. The AT&T cybersecurity report surveyed 733 security experts at the RSA 2019 conference and found that the vast majority of respondents feel mostly or somewhat in
by Danny Bradbury The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week. Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating
Many breaches start with an “own goal,” an easily preventable misconfiguration or oversight that scores a goal for the opponents rather than for your team. In platform-as-a-service (PaaS) applications, the risk profile of the application can lure organizations into a false sense of security. While overall risk to the organization can be lowered, and new capabilities otherwise
If free nations demand companies store data locally, it legitimizes that practice for authoritarian nations which can then steal that data for their own nefarious purposes, according to Facebook CEO Mark Zuckerberg. He laid out the threat in a new 93-minute video of a discussion with Sapiens author Yuval Noah Harari released today. Zuckerberg has
On the good news front, the FBI notes the success of its newly-established team in recovering some of the funds lost in BEC scams Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams reached nearly US$1.3 billion in 2018, which was nearly double the amount (US$675 million) lost in the year
- 1
- 2
- 3
- …
- 7
- Next Page »