The Android spyware known as SpyNote has been targeting financial institutions since late 2022 while expanding its capabilities to carry out bank fraud. Security researchers at Cleafy have recently shared new findings about SpyNote, saying the malware exploits Accessibility services and various Android permissions to conduct multiple malicious activities. SpyNote distribution occurs through email phishing
Month: July 2023
by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of
Observability and security platform Dynatrace today announced that it plans to acquire Rookout, a Tel Aviv-based observability startup that focuses on helping developers troubleshoot and debug their code in production. Publicly traded Dynatrace already offers a comprehensive suite of observability tools, but the addition of Rookout will allow it to expand these services with code-level
Jul 31, 2023THNCyber Threat / Botnet The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. “The malware compromises exposed instances of the Redis data store by exploiting the replication feature,” Cado Security researchers Nate Bill and Matt Muir said
The battle between two of China’s largest e-commerce firms is heating up, as they take the cutthroat tactics that have long been around in the country to the international markets they both covet. Chinese e-commerce deals giant Pinduoduo’s affiliate, Temu, which is aggressively expanding overseas, recently filed a court document in the U.S. accusing fast
New research has highlighted the severe risks posed by forged certificate attacks, which can lead to unauthorized access to important company resources. These attacks, known as the Shadow Credentials technique, involve attackers exploiting certain parts of a system called Active Directory (AD) that manages user access to various services. Kaspersky cybersecurity expert Alexander Rodchenko conducted
Lately I’ve been thinking about media publishing startups (think Semafor and Puck) and their fundraising rounds. Semafor recently raised a $44 million seed round, and Puck raised a $7 million Series A in 2021. The Messenger, among the newest in the industry, recently raised $50 million. Publishing media jobs are uncertain, pushing those with an
Jul 29, 2023The Hacker NewsBrowser Security / Data Security Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop “The Definitive Browser Security RFP Template.” This resource helps streamline
Welcome to the TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where it gets its name. Want it in your inbox every Saturday? Sign up here. Today, a look at Israel from three different angles: drug discovery, AI-enabled cybersecurity threats, and investor reactions to the political crisis. — Anna From
The tagline of the comedy show Whose Line is it Anyway? is: “It’s the show where everything’s made up and the points don’t matter.” In the context of generative AI, all that is made up from it could matter and could have potentially serious implications — to the extent that top AI executives have likened
Nominations are open for the eighth annual Security Serious Unsung Heroes Awards to be held in London and run by Eskenzi PR. The awards are all about celebrating the UK’s cybersecurity professionals, teachers, lecturers, leaders and those working to make the industry not only more secure, but also more diverse and healthier for employees. Whether educating the
Hey, friends, welcome to Week in Review (WiR), TechCrunch’s roundup of the week in tech news. Life getting in the way of your daily TechCrunch habit? Not to worry. WiR will get you caught up in no time. This week, WiR covers the improving quality of AI porn generators and the ethical dilemmas they raise;
Jul 29, 2023THNAndroid / Malware A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as
Earlier this month, Twitter — which has since rebranded as X — began sharing ad revenue with verified creators in an attempt to retain top talent on its platform. Today, the company announced its “Ads Revenue Sharing” program is now available for eligible creators globally. The program, according to posts by X owner Elon Musk,
The UK’s Ministry of Defence (MoD) is launching an investigation after a typing error reportedly led to classified emails being sent to a close ally of Russia instead of the intended recipients. The emails were meant for the US military, identifiable by the domain “.mil.” However, due to a simple mistake omitting the letter “i,” the messages
Welcome to Startups Weekly. Sign up here to get it in your inbox every Friday. Not to get all GrumpyManYellsAtCloud.gif, but I’m getting pretty tired of the myth of the dropped-out-of-college founders. Investors — and the broader ecosystem — have known for a long time that while there are some high-profile outliers, it’s much easier
Jul 28, 2023THNMalware / Cyber Threat The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started
AMD plans to invest around $400 million in India over the next five years and set up its largest design center in the country’s southern city of Bengaluru as the chipmaker joins the growing list of firms that are backing the South Asian nation’s ambition of becoming a semiconductor manufacturing hub. AMD CTO Mark Papermaster
CardioComm Solutions, a Canadian medical provider of consumer heart monitoring and medical ECG software solutions, has disclosed a cybersecurity incident on Tuesday that occurred on the company’s servers. To address the situation, CardioComm said it is collaborating closely with KPMG-EGYDE, relevant authorities and third-party cybersecurity experts. The company assures its customers that there is no evidence
by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
Jul 27, 2023THNLinux / Endpoint Security Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. “The impacted
One of the best ways startup founders can hone their pitch until it’s sharp enough to impress VCs — and bring home the bacon — is by watching other founders pitch to investors. And there’s no better place to do that than by watching the Startup Battlefield competition at TechCrunch Disrupt 2023. Be in the
Bloom Money, a U.K.-based fintech, has raised £1 million to digitize an informal financial management system employed by ethnic communities across the world. Often referred to as “rotating savings and credit association” (ROSCA), the microcredit system varies in the details around the world, but usually, it involves an informal gathering of people from a certain
It may be high priority, but organizations still approach security hygiene and posture management haphazardly in silos, which opens doors for cyber adversaries. Security hygiene and posture management is the bedrock of cybersecurity. But before thinking about acceptable use policies, security awareness training or an assortment of security technologies, organizations must have a full understanding
The threat of vendor email compromise (VEC) attacks has escalated, with recent data showing a sharp increase in such cyber-threats. According to a new report published by cybersecurity firm Abnormal Security earlier today, VEC attacks – a variant of business email compromise (BEC) – pose a significant risk to organizations worldwide. These attacks impersonate trusted
by Paul Ducklin Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can’t use a bleed-style bug for a precision attack, such as “Find the shadow
Jul 26, 2023THNMalware / Cyber Threat A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it’s a significant upgrade over the Pupy RAT, an open-source remote access trojan it’s modeled on. “Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims to
Fundraising is hard, so it’s no wonder that SAFE rounds are popular. Conceived by Y Combinator as an alternative to convertible notes, simple agreements for future equity have long been considered a founder-friendly way to wrap a venture deal. But, as with most things, the reality is that SAFEs are only an ideal fit for
Swiggy has become the latest Indian startup to offer its customers a credit card as the food delivery giant broadens its efforts to drive engagement and retention. The Bengaluru-headquartered startup is co-launching the credit card with HDFC Bank, India’s largest private bank. The credit card will offer customers a 10% cashback on spends on Swiggy
Infoblox has unveiled crucial updates on the “Decoy Dog” remote access trojan (RAT) toolkit in a new threat report published today. Initially discovered and disclosed in April 2023, Decoy Dog has proven to be more sophisticated than previously thought, using DNS for command-and-control (C2) and is suspected to be employed in ongoing nation-state cyber-attacks. Following Infoblox’s
- 1
- 2
- 3
- …
- 6
- Next Page »