Aug 31, 2023THNMalware / Cyber Threat An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants. “Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the
Month: August 2023
Cybersecurity giant Malwarebytes this week laid off 100 employees as it prepares for a major restructuring that will see the business split into two, TechCrunch has learned. The layoffs come almost exactly a year after Malwarebytes eliminated 14% of its global workforce. A former employee who asked not to be named told TechCrunch that the layoffs
Manhattan federal prosecutors and the Securities and Exchange Commission are separately investigating the use of Tesla funds to bankroll a secret project that is described internally as a glass house for CEO Elon Musk, according to a report from the Wall Street Journal that cites people familiar with the matter. WSJ reported in July that
A new security flaw has been discovered in the widely used All-in-One WP Migration Extensions plugin, potentially leaving millions of WordPress websites vulnerable to unauthorized access token manipulation. The All-in-One WP Migration plugin, a popular tool for seamlessly migrating WordPress websites, boasts over 60 million installations. The plugin offers premium extensions, including those for Box,
Aug 30, 2023THNMalware / Endpoint Security New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month. Microsoft’s container
Gmail’s new AI companion will be able to help you draft and customize your emails, Google announced as part of this week’s news from its Google Cloud Next ’23 event. The company had shared a number of updates about its AI-powered companion, Duet AI, which is becoming generally available for Workspace users, aiding them with
General Motors has found a new way to get in on the generative AI buzz. The automaker is now using Google Cloud’s conversational chatbot, dubbed Dialogflow, to handle some non-emergency OnStar features. GM announced the collaboration alongside a keynote from Alphabet CEO Sundar Pichai at the Google Cloud Next 23 event Tuesday. OnStar, GM’s in-car
The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations. Writing in an advisory published last Friday, Kaspersky researchers Eduardo Ovalle and Francesco Figurelli have provided insights into the consequences of this breach, shedding light on the array of LockBit 3.0 derivatives. LockBit 3.0, also known as
by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as “highly responsive
Mom’s Meals, a meal delivery service for people with chronic health conditions, has confirmed a data breach affecting more than 1.2 million individuals. In a data breach notice filed this week with Maine’s attorney general, Mom’s Meals parent company PurFoods confirmed that the meal delivery service experienced a cyberattack between January 16 and February 22.
The majority of Vietnam’s population live in rural areas and often lack access to financial services because banks and other institutions open most of their physical locations in cities. MFast wants to change that with what it says is the leading financial services distribution network in Vietnam. The company announced today it has raised $6
What is ISACA? ISACA is an independent, nonprofit, global association that engages in the development, adoption and use of globally acceptedinformation system(IS) knowledge and practices. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only. What does ISACA offer? ISACA provides guidance, benchmarks and governance tools for enterprises
The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This
Aug 28, 2023THNVulnerability / Active Directory Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens,”
Google Flights today is releasing a new feature that will help travelers better determine the right time to book. Rolling out this week, the company is debuting new insights that will leverage historical trend data that lets consumers see when prices have typically been lowest to their chosen destination on their selected dates. The addition
Chinese electric vehicle upstart Xpeng is acquiring the smart EV assets of Didi, China’s ride hailing giant, marking another significant alliance that the Tesla challenge has struck in recent months. In an announcement on Monday, Didi said the duo is forming a strategic partnership to “promote the global application of smart electric vehicles and technologies.”
The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers
Aug 26, 2023THNData Breach / SIM Swapping Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a “highly sophisticated” SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee’s T-Mobile account, the company said. “Specifically, T-Mobile, without any authority from or
Welcome back to The Interchange, where we take a look at the hottest fintech news of the previous week. Better.com finally went public last week, and the stock’s performance was worse than expected. Affirm, on the other hand, saw its shares get a boost on the back of a better-than-expected earnings report. There was also a
Hello, folks, and welcome to Week in Review (WiR), TechCrunch’s regular newsletter that covers the biggest happenings in tech over the past few days. Haven’t been able to follow the news closely? Don’t sweat it. WiR will get you up to speed. In this edition of WiR, we cover Microsoft bringing Python to Excel, Cruise
Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. “The attacker behind this incident decided to use a
Listen here or wherever you get your podcasts. Hello and welcome back to Equity, a podcast about the business of startups, where we unpack the numbers and nuance behind the headlines. Welcome to an old-school Equity tradition: the bonus show! Despite getting through our regular episodes this week, we have one more for you. Why the extra
Memes can happen in the blink of an eye, like a Jeopardy! contestant who accidentally makes a sexual innuendo under the pressure of stage lights, or a kid who randomly gets interviewed on a playground and professes his undying love for America’s most plentiful crop, corn. But as soon as we knew former President Donald
Danish cloud host CloudNordic said it suffered a ransomware attack Aug. 18 that has resulted in the majority of its customers losing all data hosted with the company. CloudNordic announced the update via the homepage of its website. The cloud host said the attack “has paralyzed CloudNordic completely” and that unnamed threat actors shut down
The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused. Text pest cases occur when an individual gives their personal details, including phone number or email, to a business for legitimate reasons. However, someone working
Aug 25, 2023THNCyber Crime / Data Breach Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information. This includes Arion
Listen here or wherever you get your podcasts. Hello and welcome back to Equity, a podcast about the business of startups, where we unpack the numbers and nuance behind the headlines. This is our Friday show, and we’re talking about the week’s biggest startup and tech news. This week, Mary Ann and Alex were joined by Kirsten Korosec, who
Reddit is launching the “Mod Helper Program” to reward moderators who offer helpful advice to other moderators, along with an updated moderator help center. The announcement comes amid growing discontent among the site’s moderators, many of whom relied on third-party apps that have since been shut down because of Reddit’s API pricing. Moderators have asked
- 1
- 2
- 3
- …
- 5
- Next Page »