Month: May 2021

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. “This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Tom Burt, Microsoft’s Corporate
American multinational technology company Microsoft says that the threat group behind the Microsoft and SolarWinds hack has launched a massive new phishing campaign targeting government agencies, NGOs and think tanks.  Last year, an advanced persistent threat (APT) group exploited vulnerabilities in Microsoft and SolarWinds programs to carry out a supply-chain attack that trojanized SolarWinds’ Orion business software
Delhivery, India’s largest independent e-commerce logistics startup, has raised $277 million in what is expected to be the final funding round before the firm files for an IPO later this year. In a regulatory filing, the Gurgaon-headquartered startup disclosed it had raised $277 million in a round led by Boston-headquartered investment firm Fidelity. Singapore’s sovereign
BYOD sets up a huge productivity improvement for workers and a huge challenge for IT staff. IT departments need to secure business applications and data on personal mobile devices without affecting personal data. They also must deploy devices, patches and updates and account for lost devices. Apple’s introduction of the iPhone in 2007 caused a
Welcome back to The TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s broadly based on the daily column that appears on Extra Crunch, but free, and made for your weekend reading. Want it in your inbox every Saturday? Sign up here. Ready? Let’s talk money, startups and spicy IPO rumors. Hello from Friday, I presume that
Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document’s visible content by displaying malicious content over the certified content without invalidating its signature. “The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under
A scammer who defrauded elderly American computer users by tricking them into believing that their computers had suffered a cyber-attack will be spending the next three years in federal prison. Himanshu Asri, of Delhi, India, took part in a five-year telemarketing scheme that conned around 2,000 computer users, most of whom were seniors.  The 34-year-old
A venture capitalist once told me candidly that whenever you see the phrase “democratization” in tech marketing material, think of it as a red flag. Democracy, generally speaking, often comes with an ironic caveat: It disproportionately benefits white and male participants. Now, you know me well enough to know that I wouldn’t start off your
Digital transformation is creating a wealth of STEM jobs faster than they can be filled by qualified professionals. Cybersecurity has been disproportionately affected by the workforce shortage, with an estimated 3.5 million open positions globally, according to Cybersecurity Ventures. Among the strategies proposed to combat this issue include hiring people from diverse, nontraditional backgrounds and
Believe it or not, the baby turns 3 today! And like with every three-year-old, there is a lot to watch out for. Granted, when GDPR was born it was after a 2-year gestation (transition) period. What followed were many sleepless nights with the new baby when it was born on May 25, 2018; not to
Wejo, the connected vehicle data startup backed by GM and Palantir, plans to go public through a merger with special purpose acquisition company Virtuoso Acquisition Corp. The agreement, announced in a regulator filing Friday, will give the combined company an enterprise valuation of $800 million, which includes debt. The deal raises $330 million in proceeds
Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed “Facefish” by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to
The United States Federal Bureau of Investigation issued a flash warning Thursday over the exploitation of Fortinet vulnerabilities by advanced persistent threat (APT) groups. According to the FBI, an APT actor group has “almost certainly” been exploiting a FortiGate appliance since at least May 2021 to access a web server hosting the domain for a US municipal
Patches to remedy the vulnerabilities should be released over the coming weeks Cybercriminals could exploit several vulnerabilities in Bluetooth to carry out impersonation attacks and masquerade as a legitimate device during the pairing process, according to the Bluetooth Special Interest Group (SIG). The security flaws, which affect the Bluetooth Core and Mesh Profile specifications, were discovered by researchers
May 2021 has been an extraordinary month in the cybersecurity world, with the DoD releasing its DoD Zero Trust Reference Architecture (DoDZTRA), the Colonial Pipeline being hit with a ransomware attack, and the White House releasing its Executive Order on Improving the Nation’s Cybersecurity (EO). Add to that several major vendors that our government depends
A hacker who launched a long-running cyber-attack against a New Hampshire police department has been sent to prison for a year and a day. Wayne Kenney Jr. broke into the computer systems of the Farnum Center, the Auburn Police Department (APD) and several department employees in 2015 after receiving a suspended sentence for heroin possession.
Google researchers have uncovered a new variation on the Rowhammer hardware attack that allows an adversary to flip transistor states from further distances than previously thought possible. The new take on Rowhammer, dubbed “Half-Double,” shows how the attacker can turn a targeted transistor to an on or off state by repeatedly flipping transistors one and