by Paul Ducklin A not-yet-published paper from researchers in the UK has been making media headlines because of its dramatic claims about Apple Pay. Apple-centric publication 9to5Mac covered it with a headline that was almost a story in itself: Apparent flaw allows hackers to steal money from a locked iPhone, when a Visa card is
Month: September 2021
The California Department of Motor Vehicles gave General Motors-backed Cruise and Alphabet-owned Waymo the green light to start charging for autonomous services offered to the public. On Thursday, Cruise received a “driverless deployment permit,” which means it can receive compensation for services provided without a safety operator in the front seat. Waymo’s “drivered deployment permit”
A Kittitian soccer player has made a charitable donation of the compensation he received after being racially abused on social media. Midfielder Romaine Sawyers, who is currently on loan at Stoke City Football Club from his parent club, West Bromwich Albion, was victimized by 50-year-old cyber-bully Simon Silwood of Kingswinford, West Midlands. Silwood was arrested
The latest gadget on the tech and fashion streets is Ray-Ban Stories, a sunglasses collaboration between Facebook and Ray-Ban. These pair of shades feature two cameras that capture video, audio, and photos and sync to a mobile app. Social media fanatics are excited about this new ability to capture and share hands-free content. Do gadgets like Ray-Ban Stories make you immediately think,
What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks The NSA and CISA have released joint guidance to help organizations select their Virtual Private Network (VPN) solution and hardening it against compromise. Vulnerable VPN servers are attractive targets for threat actors, as they provide great opportunities
“Every form of digital communications has its unique benefits, and delivering high quality at scale requires both extensive technical capabilities and deep subject matter expertise“, comments Oscar Werner, Sinch CEO, in a statement. “Together with Pathwire, we will be able to offer a best-of-breed product set, across messaging, voice and email, that empowers businesses and
Facebook on Wednesday announced it’s open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. “[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they
Another day, another direct listing. The once-exotic method of going public is increasingly popular with venture-backed companies as they look to list without running head-first into the IPO pricing issues that have bedeviled a number of high-profile public offerings in the last year. Precisely who is underpricing whom in those situations is a fun, if
Canadian vaccine passport app PORTpass may have exposed personal information belonging to hundreds of thousands of users. According to a report by CBC News, the app’s operators left data, including names, identification documents, and email addresses, on an unsecured website. The personal information was allegedly stored in plain text and could be accessed by the
Summary In late June 2021, Secureworks® Counter Threat Unit™ (CTU) researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant. CTU™ researchers reported
Following a series of attacks over the past year that leveraged zero-day exploits against on-premises versions of Microsoft Exchange servers, a new tool aims to provide emergency mitigation. While Microsoft patched the three sets of “Proxy” flaws that first emerged in March, installing security updates proved difficult for a significant number of customers. To allow
The security operations center (SecOps) team sits on the front lines of a cybersecurity battlefield. The SecOps team works around the clock with precious and limited resources to monitor enterprise systems, identify and investigate cybersecurity threats, and defend against security breaches. One of the important goals of SecOps is a faster and more effective collaboration
Millennial consumers are emerging as a key demographic in the insurance market, and today a Swedish startup that’s building a business catering specifically to their needs and priorities is announcing a round of funding to fuel its growth. Hedvig, a neo-insurer that provides property, travel, contents, and accident insurance geared to the lifestyles of younger
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that could
by Paul Ducklin You’ve probably heard of Let’s Encrypt, an organisation that makes it easy and cheap (in fact, free) to get HTTPS certificates for your web servers. HTTPS, short for secure HTTP, relies on the encryption protocol known as TLS, which is short for transport layer security. TLS encrypts and protects the data you
Andy Weyer Contributor Given the surplus of liquidity in the markets, entrepreneurs have access to more funding options than ever before. Venture banks, venture debt funds and venture capitalists are each jockeying to prove how their money is greener. Nonetheless, each has constraints that dictate their behavior. While a venture capitalist may swing for the
A cyber-criminal imprisoned in the United States for operating websites devoted to fraud and computer hacking has reportedly been deported to Russia. Aleksei Burkov was 30 years old when a senior district judge in the Eastern District of Virginia sentenced him, in June 2020, to nine years in prison. Russian native Burkov was placed under lock and key after
What is authentication? Authentication is the process of determining whether someone or something is, in fact, who or what it says it is. Authentication technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server. In doing
Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research (ATR) team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by more than 9,000 school systems around the world. Netop was very responsive and released several updates to address many of the critical findings, creating
In the summer of 2019, Timilehin Ajiboye became intrigued with the idea of building a travel app after conversations with a circle of friends. One friend reached out to Ajiboye asking if he knew of any platform where she could find new, aesthetically pleasing places to dine in, visit and take pictures. And then, during a
The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors. The security loophole affects the Windows, macOS, and
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware “TinyTurla” for its limited functionality and efficient coding style that allows it to
LinkedIn earlier this month unveiled a new push around creators to bring more original content (and engagement) to its platform, but that’s not the only effort they are making to bring more activity to its networking site. TechCrunch has learned and confirmed that LinkedIn is also running a test around events — specifically, paid events.
A leading port in the United States has successfully fended off an attempted cyber-attack, which authorities believe was sponsored by a foreign power. Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly revealed to a Senate committee on September 23 that malicious hackers had targeted the Port of Houston in August. The 25-mile-long port complex is one
Apple is facing criticism of its bug bounty and vulnerability reporting program following the release of three zero-day flaws in iOS. A researcher operating under the handle “illusionofchaos” wrote in a blog post that they decided to release details on the three flaws after being treated poorly by Apple’s vulnerability disclosure program. Specifically, illusionofchaos accused
Chances are, you’ve heard the term VPN more and more lately but still can’t figure out exactly what it does or if your family needs one. You aren’t alone. The short answer is yes—you need a VPN on your family devices—and here’s why. One of the main reasons you’re hearing more about VPNs is that cybercrime and data breaches are skyrocketing—especially since the pandemic.
Swedish electric vehicle maker Polestar is reportedly preparing to go public via special purpose acquisition with Gores Guggenheim Inc., reports the Wall Street Journal citing people familiar with the matter. The SPAC deal, which sources say could be reached by Monday, would value Polestar at $21 billion. Polestar falls under Volvo Car Group’s electric performance
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system,
Hello and welcome back to TechCrunch’s China roundup, a digest of recent events shaping the Chinese tech landscape and what they mean to people in the rest of the world. On Friday, Huawei’s chief financial executive Meng Wanzhou was released from house arrest in Vancouver after reaching a breakthrough deal with the U.S. Justice Department. Chinese
Cell phone users in Canada and the United States are being targeted by a new and advanced form of SMS malware that lures victims with COVID-19-related content. Threat analysts at Cloudmark discovered the new low-volume campaign attacking Android mobile device users and named it TangleBot. This complex malware can directly obtain personal information, control device interaction with apps
- 1
- 2
- 3
- …
- 7
- Next Page »