Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option. Starting today, Twitter is disabling SMS-based two-factor authentication (2FA) for all but paying users following a decision that, not unlike other recent moves by the social media giant, has been
Philip Choo
Seed Club, a DAO-focused accelerator program, has launched its venture arm out of stealth mode with a $25 million fund, the team shared exclusively with TechCrunch. “Seed Club is a DAO for builders at the intersection of builders and culture with three areas: an accelerator, a community of members and now the venture arm,” said
API use and capabilities have grown significantly over the past decade to improve application development; interaction with services and app features; and integration with applications, services and components of all types. Nowhere is this truer than in the cloud, where API availability and use are the norm rather than the exception. APIs have also become
The UK’s leading cybersecurity agency has launched two new services designed to help the nation’s small businesses to more effectively enhance their cyber-risk management. The National Cyber Security Agency (NCSC) today announced a Cyber Action Plan – a questionnaire for small organizations and individuals/families, which delivers a free personalized security to-do list depending on the answers
by Paul Ducklin There are plenty of military puns in operating system history. Unix famously has a whole raft of personnel known as Major Number, who organise the batallions of devices such as disk drives, keyboards and webcams in your system. Microsoft once struggled with the apparently incompetent General Failure, who was regularly spotted trying
Mar 21, 2023Ravie LakshmananLinux / Server Security Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot. “ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server,” AhnLab Security
On Monday, Google announced that it had flagged several apps made by a Chinese e-commerce giant as malware, alerting users who had them installed, and suspended the company’s official app. In the last couple of weeks, multiple Chinese security researchers accused Pinduoduo, a rising e-commerce giant that boasts almost 800 million active users, of making
What is the Cloud Security Alliance? The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing. CSA uses the expertise of industry practitioners, associations and governments, as well as its corporate and individual members,
Amazon has announced another substantial round of layoffs in four months, as the internet giant today revealed that a further 9,000 people are set to lose their jobs. In a memo published by CEO Andy Jassy this morning, the company said that the cuts will impact those in its AWS cloud unit, Twitch gaming division,
Attacker-reported ransomware incidents increased by 17% annually in the UK last year, despite a global decline in overall volumes, according to Jumpsec. The London-headquartered security vendor compiled its annual trends report from manual investigation techniques and automated bots designed to scrape public-facing websites run by ransomware actors. It said that data from the first part of
Mar 20, 2023Ravie LakshmananCyber Threat / Malware A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. “DotRunpeX is a new injector written in .NET using the Process Hollowing technique and
Before it crashed, Silicon Valley Bank was known to many startups and venture firms as the place to park their money or take out a capital line. But for emerging managers, it was a lot more than just a financial institution. Multiple emerging managers told TechCrunch+ that SVB was instrumental in helping them build their
Welcome to The Interchange! If you received this in your inbox, thank you for signing up and your vote of confidence. If you’re reading this as a post on our site, sign up here so you can receive it directly in the future. Mary Ann is on a much deserved break this week, so I
The Project Zero team at Google published a new advisory on Thursday, confirming it reported 18 zero-day vulnerabilities in Exynos Modems made by Samsung between late 2022 and early 2023. Written by Project Zero head, Tim Willis, the blog post states that four of the vulnerabilities (CVE-2023-24033 and three others that have yet to be
Mar 18, 2023Ravie LakshmananCyber Crime / Data Breach U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias “Pompompurin.” The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators “spent hours inside and
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers –
Welcome to Week in Review, folks, TechCrunch’s regular recap of the week in tech. GPT-4, OpenAI’s text- and image-understanding AI, might’ve dominated the headlines over the past few days. But fresh drama around Silicon Valley Bank’s collapse emerged as well. We cover all that and more in this edition, so grab a coffee and settle
After discovering 18 Samsung Exynos modem vulnerabilities, Google Project Zero veered from its standard disclosure policy for four of the zero-day flaws because public disclosure might have put users at significant risk. In a blog post Thursday, Tim Willis, senior security engineering manager and head of Google Project Zero, described — but did not detail
Trucking is a vital industry and yet the majority of operations are operating on outdated platforms. AtoB thinks it has the solution and CEO and co-founder Harshita Arora says the company is essentially Stripe for transportation. I’m excited to have her and Eric Tarczynski of Contrary Capital speaking on an upcoming TechCrunch Live taking place
Dozens of websites set up to deliver trojanized versions of WhatsApp and Telegram apps have been spotted targeting Android and Windows users. As discovered by security researchers at ESET, most of these apps rely on clipper malware designed to steal or modify the contents of the Android clipboard. Read more on clipper malware here: Shein
by Paul Ducklin Google has just revealed a fourfecta of critical zero-day bugs affecting a wide range of Android phones, including some of its own Pixel models. These bugs are a bit different from your usual Android vulnerabilities, which typically affect the Android operating system (which is Linux-based) or the applications that come along with
Mar 18, 2023Ravie LakshmananNetwork Security / Cyber Espionage The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto
Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse When mayhem, panic and chaos set in – as has been the case following the meltdowns of Silicon Valley Bank (SVB) and Signature Bank and
When Porsche partnered with venture studio UP.Labs, the mission was to create six startups over three years all designed to solve the German automaker’s biggest problems and be compelling enough as a standalone business it that can attract other customers. On Porsche’s list: software that helps manage and automate the performance of EVs. Pull Systems,
How cybercriminals can exploit Silicon Valley Bank’s downfall for their own ends – and at your expense Big news events and major crises usually trigger an avalanche of follow-on phishing attempts. The COVID-19 pandemic and Russia’s invasion of Ukraine are perhaps the most obvious examples, but the most recent one is the collapse of Silicon
“Nobody does creature work the way Wētā does,” Craig Mazin, co-creator of HBO’s “The Last of Us,” said in the official podcast for the video game adaptation series. If you’d had a chance to watch the bloater scene from episode five, then you most likely agree with him. It makes sense that HBO approached Wētā
The UK’s data protection regulator has reprimanded the country’s largest police service for failing to properly maintain records on organized crime groups (OGCs), resulting in inaccurate information being stored on a key database. The Information Commissioner’s Office (ICO) said that London’s Metropolitan Police (MPS) infringed the Data Protection Act 2018, which states that “all reasonable steps
by Paul Ducklin THE PRICE OF FAST FASHION Lucky Thirteen! The price of fast fashion. Firefox fixes. Feature creep fail curtailed in Patch Tuesday. No audio player below? Listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google
Mar 17, 2023The Hacker NewsZero Trust / Access Control Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. “I’m in!” he shouts in triumph. Clearly,
The Biden administration is escalating its pressure campaign against TikTok, threatening a U.S. ban against the world’s most popular app if the company doesn’t split with its Chinese ownership. The current administration’s public concerns around the hit app have ratcheted up considerably in recent days. The Wall Street Journal reported this week that the U.S.