The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint statement with the Department of Energy (DoE) warning of attacks against internet-connected uninterruptible power supply (UPS) devices. UPS devices provide emergency battery backup power during power surges and outages and are routinely attached to networks for power monitoring and routine maintenance. In a warning
Month: March 2022
by Paul Ducklin Yesterday, we wrote about a bug in the VMware Spring product, a project we described as “an open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the ‘server’ part of the process yourself.” But Spring is a huge project, with
The White House recently reissued a warning to American businesses in response to the unprecedented economic sanctions the U.S. has imposed on Russia for the Ukraine invasion, stating, “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.” Along with this statement, the White House published a fact sheet outlining the
The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported
Last year, when we wrote about new investment for Israeli startup Granulate — which applies AI to high-priority computing workloads to optimize how they travel across a customers’ cloud and on-premises networks — we noted that the network management space was going through some consolidation, with point solutions getting snapped up by platform players. Well
The second day of Y Combinator’s Winter 2022 Demo Day is now behind us, and the TechCrunch team is recovering from watching hundreds of pitches in quick succession. Every accelerator demo day is a marathon, but the American group has worked with more startups over time, making its pitch sessions a veritable deluge of new
The United States Federal Bureau of Investigation (FBI) is currently investigating more than 100 different variants of ransomware, many of which have been used in multiple ransomware campaigns. Information on the Bureau’s efforts to tackle the malware threat was among the remarks delivered to the United States House Committee on the Judiciary in Washington on Tuesday by
by Paul Ducklin VMware Spring is a open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the “server” part of the process yourself. If you’ve heard the term serveless computing, then this is the sort of programming environment it refers to: the overall
A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. “Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens,” Morphisec malware researcher Arnold Osipov said in a report
Leading Slovak computer scientist Mária Bieliková shares her experience working as a woman driving technological innovation and reflects on how to inspire the next generation of talent in tech It’s no secret that women continue to be underrepresented in the ranks of technologists. Indeed, with the scales traditionally tipped towards men, we may not always realize
The credit card giant Visa has launched a NFT creator program in an effort to bring small businesses into the digital economy. “We’ve seen rapid growth in the NFT ecosystem over the past year,” Cuy Sheffield, head of crypto at Visa, told TechCrunch. “We think NFTs represent a new form of ecommerce.” The idea of
China’s augmented reality startup Nreal is on a roll. The company, which hopes to bring AR to the masses by making bright-color, lightweight smart glasses, has just received $60 million in a Series C extension round, bringing its total funding in the last 12 months to a handsome $200 million. The new investment is led by
At its core, sustainability is about using resources in a way that avoids exhausting them and strategically meets today’s needs, while also preparing for the needs of tomorrow. Environmental sustainability, for example, aims to conserve natural resources, such as water, forests and fertile land, so future generations can thrive. Similarly, cybersecurity sustainability means investing time,
A Russian tech company is sending to Russia data collected from iOS app users who have never used its apps, according to a security researcher. In a report by the Financial Times, researcher Zach Edwards explains how third-party apps can use a developer tool created by the company Yandex to harvest iOS users’ data. Yandex is the largest
by Paul Ducklin You’ve probably heard of Zlib, but even if you haven’t, you’ve almost certainly used it. Zlib’s unashamedly 1990s-style website describes the product as A Massively Spiffy Yet Delicately Unobtrusive Compression Library (Also Free, Not to Mention Unencumbered by Patents). Data compression software (and, of course, the matching code to decompress it later)
I can remember so clearly the day I got my first mobile phone. I was 21, had just finished university and was beyond excited at the idea of driving around in my red Mazda 121 (bubble car) making calls on my new fancy phone! The fact that it was the size of a brick, didn’t
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. “Transparent Tribe has been a highly active APT group in the Indian subcontinent,” Cisco Talos researchers said in an analysis shared with
Soaring energy prices and increased geopolitical tensions amid the Russian invasion of Ukraine bring a sharp focus on European energy security It is generally understood that the world is deeply interconnected, especially when it comes to energy supplies and the global energy trade. Maintaining complex, but reliable business and nation-state relationships has been central to
Churpy, a fintech startup based in Kenya, is looking to expand across Africa by setting up hubs in Egypt, Nigeria and South Africa for a planned continent-wide growth, driven by the $1 million in seed funding it has just raised. The account receivables automation startup is out to change how businesses manage the debt owed
ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques ESET researchers recently described Wslink, a unique and previously undocumented malicious loader that runs as a server and that features a virtual-machine-based obfuscator. There are no code, functionality or operational
Singapore-headquartered esports startup Ampverse has raised $12 million in Series A funding led by Falcon Capital. The company says this is the largest Series A raised by an esports organization in Southeast Asia, based on data from PitchBook and other third-party platforms. The round will be used to expand in Indonesia and the Philippines, acquire
A Health District in the State of Washington has made its second data breach announcement of 2022. Both data breaches at the Spokane Regional Health District (SRHD) occurred when employees fell victim to phishing attacks. On January 24, the district confirmed that personal data may have been compromised when an unauthorized individual compromised an employee’s email account
by Paul Ducklin Last time we reported on a Chrome zero-day flaw was back in February 2022. Back then, Google noted that the Chrome browser – and, by implication, all other browsers based on the Chromium-project code and its underlying Blink rendering engine – had been patched against a range of memory mismanagement bugs that
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. “The emails use a social engineering technique of conversation hijacking (also known as thread hijacking),” Israeli company Intezer said in a report
Figuring out what’s going on in the brain is generally considered to be somewhere between extremely difficult and impossible. One major challenge is that the best ways to do so are room-sized machines relegated to hospitals — but brain.space is hoping that its portable, powerful, and most importantly user-friendly EEG helmet (plus $8.5M in funding)
It’s consolidation time in the freelancer marketplace industry. French startup Malt is acquiring Comatch, a competing marketplace focused on consultants and industry experts. Comatch originally started in Germany, which means that Malt is also doubling down on the German market with this acquisition. Terms of the deal are undisclosed but it involves a mix of
The Department of Justice charged four Russian nationals for extensive hacking campaigns against critical infrastructure entities across the globe. Two separate indictments were unsealed Thursday that alleged the defendants targeted the energy-sector organizations across the globe with critical infrastructure attacks between 2012 and 2018. As described in the allegations, one campaign involved hacking industrial control
Personal data belonging to American Major League Baseball Players and their family members have been stolen during a cyber-attack on a third-party vendor. Consulting firm Horizon Actuarial Services LLC. (Horizon Actuarial), based in Silver Spring, Maryland, was attacked with ransomware in November 2021. In a recent data incident notice, the company revealed that data in its
Editor’s Note: This is the third in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. “The malicious activity represents one of the first public examples
- 1
- 2
- 3
- …
- 6
- Next Page »