Month: May 2023

By the time Howard Rheingold’s “Virtual Reality” was published in 1991, the Sensorama was already a “slowly deteriorating” relic stashed away in a cabana next the pool at its inventor’s West Los Angeles home. Rheingold describes awe — even surprise — that the system was still operable almost 30 years after its introduction. “I was
Danni Brooke, former Met police officer and star of Channel 4’s Hunted, has been confirmed as the keynote speaker at this year’s Women in Cybersecurity event at Infosecurity Europe, the most influential information security event running from 20-22 June 2023 at ExCeL London. Dubbed the ‘Undercover Mother’, Danni is a leading intelligence figure, formerly working as a
May 31, 2023Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have found “backdoor-like behavior” within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged
Microsoft Azure has certifications to validate your knowledge and help you along your cloud career path. One of these core certifications that all IT administrators and security administrators should pass is AZ-500: Microsoft Azure Security Technologies. Once you pass this exam, you become a Microsoft Certified: Azure Security Engineer Associate. This certification targets Azure Security
Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised.   This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring, Stephen Robinson, senior threat intelligence analyst at WithSecure said
May 30, 2023Ravie LakshmananZero Day / Vulnerability Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different teams from Qrious Secure, STAR Labs, and DEVCORE
A cybersecurity firm says a popular Android screen recording app that racked up tens of thousands of downloads on Google’s app store subsequently began spying on its users, including by stealing microphone recordings and other documents from the user’s phone. Research by ESET found that the Android app, “iRecorder — Screen Recorder,” introduced the malicious
India’s JioCinema broke the global record for the most concurrent views to a live streamed event on Monday, eclipsing a long-standing milestone set by Disney’s Hotstar, as the Asian tycoon Mukesh Ambani spares no expense in expanding his digital empire. The Indian streaming app, whose partner includes James Murdoch’s Bodhi Tree-backed Viacom18, surpassed the record
Smart contracts execute processes, transactions and other tasks when specific events, conditions and logic are met, depending on how they are programmed. Smart contracts are deployed on a blockchain, such as Ethereum or other distributed ledger infrastructure, where they listen for events and updates from cryptographically secure data feeds called oracles. These contracts often control
Perception Point has observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022. According to the company’s 2023 Annual Report: Cybersecurity Trends & Insights report, the total number of attacks increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread
May 27, 2023Ravie LakshmananAPI Security / Vulnerability A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using
ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool This week, ESET malware researcher Lukas Stefanko revealed how an initially legitimate Android app morphed into a malicious trojan that could steal users’ files and record surrounding audio from the device’s microphone and then exfiltrate
Welcome to the TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where it gets its name. Want it in your inbox every Saturday? Sign up here. From cybersecurity to SaaS for restaurants, the key to running a successful business is selling a product that solves your clients’ real problems. —
A Chinese nation-state threat group is conducting intrusion and espionage campaigns against U.S. critical infrastructure entities, according to a new report by Microsoft. In a blog post Wednesday, Microsoft Threat Intelligence detailed the ongoing campaign that involves a group of Chinese state-sponsored hackers it tracks as “Volt Typhoon” that’s been active since 2021. Because the
New Russian-linked malware designed to take down electricity networks has been identified by Mandiant threat researchers, who have urged energy firms to take action to mitigate this “immediate threat.” The specialized operational technology (OT) malware, dubbed COSMICENERGY, has similarities to malware used in previous attacks targeting electricity grids, including the ‘Industroyer’ incident that took down
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility,” Trend Micro said in a
After sales software startup TigerEye closed its Series A and established a board of directors, its co-founders put them on notice: One thing we’d like to never do is the three-hour, too-in-the-weeds, non-strategic board meeting. “Every board deck I’ve made and seen is more than 80 pages long,” says Tracy Young, co-founder and CEO of
A smart contract is a type of blockchain application that performs transactions and other processes according to a set of rules defined within the program’s code. The contract executes automatically if its terms are met; it doesn’t depend on a person, institution or other third-party intermediary. Many people associate smart contracts with cryptocurrency platforms, where