The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors. The security loophole affects the Windows, macOS, and
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware “TinyTurla” for its limited functionality and efficient coding style that allows it to
LinkedIn earlier this month unveiled a new push around creators to bring more original content (and engagement) to its platform, but that’s not the only effort they are making to bring more activity to its networking site. TechCrunch has learned and confirmed that LinkedIn is also running a test around events — specifically, paid events.
A leading port in the United States has successfully fended off an attempted cyber-attack, which authorities believe was sponsored by a foreign power. Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly revealed to a Senate committee on September 23 that malicious hackers had targeted the Port of Houston in August. The 25-mile-long port complex is one
Apple is facing criticism of its bug bounty and vulnerability reporting program following the release of three zero-day flaws in iOS. A researcher operating under the handle “illusionofchaos” wrote in a blog post that they decided to release details on the three flaws after being treated poorly by Apple’s vulnerability disclosure program. Specifically, illusionofchaos accused
Chances are, you’ve heard the term VPN more and more lately but still can’t figure out exactly what it does or if your family needs one. You aren’t alone. The short answer is yes—you need a VPN on your family devices—and here’s why. One of the main reasons you’re hearing more about VPNs is that cybercrime and data breaches are skyrocketing—especially since the pandemic.
Swedish electric vehicle maker Polestar is reportedly preparing to go public via special purpose acquisition with Gores Guggenheim Inc., reports the Wall Street Journal citing people familiar with the matter. The SPAC deal, which sources say could be reached by Monday, would value Polestar at $21 billion. Polestar falls under Volvo Car Group’s electric performance
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system,
Hello and welcome back to TechCrunch’s China roundup, a digest of recent events shaping the Chinese tech landscape and what they mean to people in the rest of the world. On Friday, Huawei’s chief financial executive Meng Wanzhou was released from house arrest in Vancouver after reaching a breakthrough deal with the U.S. Justice Department. Chinese
Cell phone users in Canada and the United States are being targeted by a new and advanced form of SMS malware that lures victims with COVID-19-related content. Threat analysts at Cloudmark discovered the new low-volume campaign attacking Android mobile device users and named it TangleBot. This complex malware can directly obtain personal information, control device interaction with apps
The latest ransomware trends suggest that IT teams will need to be more diligent than ever. Organizations that fail to either put data at risk or may even bring organizations to the point where full recovery can be impossible. The repercussions from a ransomware attack can be enormous, and cost up to millions in lost
Hyper-growth and a determination to stand above the crowd compelled a popular Eastern European telecom to upgrade its trusty McAfee Enterprise security infrastructure, which they relied on for many years to protect their 8,000 corporate endpoints. Competitive pressure to keep costs low and cybercriminals at bay for both their internal users and their customers spurred
Welcome to Startups Weekly, a fresh human-first take on this week’s startup news and trends. To get this in your inbox, subscribe here. And just like that, TechCrunch Disrupt 2021 has come to an end. I’m exhausted, but it’s hard not to feel optimistic for the future after spending three days hearing vulnerable thoughts from
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that’s known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another
by Paul Ducklin If you’ve already listened to this week’s Naked Security Podcast you’ll know that we had finally concluded that iOS 12, the version before the version before the latest-and-greatest iOS 15, which arrived this Monday… …had been dumped forever by Apple. Apple notoriously won’t tell you anything about the security situation in its
Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app industry continues to grow, with a record 218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone.
Lawmakers in Florida are asking why the state has failed to spend millions of dollars it was assigned to fund the implementation of new cybersecurity measures. The Miami Herald reports that despite lawmakers’ allocating $30m for the improvements months ago, the Sunshine State is yet to spend a single cent. The office of Florida’s statewide chief information
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide. We have named this group FamousSparrow and we believe it has been active since at least 2019. Reviewing telemetry data during our investigation, we realized that FamousSparrow leveraged
Welcome back to our executive blog series, where I chat with some of the pivotal players behind McAfee Enterprise and the Advanced Threat Research Team to hear their takes on today’s security trends, challenges, and opportunities for companies across the globe. Q: What got you interested in technology and threat research? As a little kid, I was
To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here. Hello and welcome to Daily Crunch for September 24, 2021. Hanging in there, everyone? It was more than a busy week, but the TechCrunch team is still ticking along, covering the startup
A new as-yet unpatched weakness in Apple’s iCloud Private Relay feature could be circumvented to leak users’ true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop
by Paul Ducklin [02’01”] A scarily exploitable hole in Microsoft open source code. [10’00”] A simpler take on delivery scams. [19’26”] Memory lane: cool mobile devices from the pre-iPhone era. [23’24”] A Face ID bypass hack, patched for the initial release of iOS 15. [35’21”] Oh! No! When you can’t get into the server (room).
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented Researchers have uncovered a flaw in Apple’s macOS Finder system that could allow remote threat actors to dupe unsuspecting users into running arbitrary commands on their devices. The security loophole affects all versions of the macOS Big
This year has been one of the busiest yet in terms of new commercial launch companies coming online, with companies like Astra and Firefly Aerospace actually getting rockets up and running (if not flying as designed quite yet), and with landmark human spaceflight missions from Blue Origin, Virgin Galactic and SpaceX. And with more constellations
The board of directors at Korean electronics company LG Electronics has approved the acquisition of Israel-based vehicle cybersecurity startup Cybellum. In announcing the deal on Thursday, LG said it would assume a stake of around 64% in Cybellum, which was valued at $140m. The remaining shares will be acquired soon, at which time the final valuation and total investment amount will
A flaw in Autodiscover, a protocol utilized in Microsoft Exchange, is responsible for a massive data leak of various Windows and Microsoft credentials, according to new Guardicore research. Autodiscover is used by Exchange to automatically configure client applications like Microsoft Outlook. In research published Wednesday, Amit Serper, area vice president of security research for enterprise
This month Microsoft released patches for 86 vulnerabilities. While many of these vulnerabilities are important and should be patched as soon as possible, there is one critical vulnerability that McAfee Enterprise wants to immediately bring to your attention due to the simplicity of what is required to exploit, and evidence that possible exploitation is already
Amazon has launched Prime Video Channels in India, allowing its customers to subscribe to eight streaming services including Discovery+ and Mubi from one hub, the latest in a series of efforts by the U.S. giant to win customers in the South Asian nation. The new offering makes it easier for users to login and pay
An unpatched design flaw in the implementation of Microsoft Exchange’s Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. “This is a severe security issue, since if an attacker can control such domains or has the ability to ‘sniff’ traffic in the same network, they can
by Paul Ducklin Thanks to James Cope and Rajeev Kapur of Sophos IT for their help with this article. Researchers at a cybersecurity startup called Guardicore just published a report about an experiment they conducted over the past four months… …in which they claim to have collected hundreds of thousands of Exchange and Windows passwords