The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The “successful attack,” which is believed to have occurred last week, was mounted against its Confluence
Philip Choo
A couple from California who were convicted of using fake or stolen identities to claim millions of dollars in Covid-19 relief fraud fraudulently have gone on the run. Authorities said that Encino residents 37-year-old Marietta Terabelian and 43-year-old Richard Ayvazyan cut off their electronic monitoring anklets and absconded. In June, the husband and wife were found guilty of
Meetings are an inevitable part of the work day, but as workplaces became more distributed over the past 18 months, Vowel CEO Andy Berman says we are steadily moving toward “death by meeting.” His virtual meeting platform is the latest to receive venture capital funding — $13.5 million — with the goal of making meetings
Portcast founders Dr. Lingxiao Xia and Nidhi Gupta For many manufacturers and freight forwarders, managing logistics is still a very manual process: tracking shipments with a call or online lookup, and entering that data into an Excel spreadsheet. Portcast, which describes itself as a “next-generation logistics operating system,” makes the process more efficient by gathering
End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a “legally binding order from the Swiss Federal Department of Justice” related to a collective
by Paul Ducklin Not long ago, independent software developer Tim Perry, creator of the HTTP Toolkit for intercepting and debugging web traffic… …decided to add proxy support to his product, which, like lots of software these days, is written using Node.js. ICYMI, Node.js is the project that took the JavaScript language out of your browser
Western media channels are being systematically manipulated to spread pro-Russian government propaganda and disinformation, according to a new report by the Crime and Security Research Institute at Cardiff University. The researchers said they uncovered evidence that “provocative” pro-Russian or anti-Western statements were being systematically posted in reader comments sections in articles relating to Russia in 32 prominent
The Station is a weekly newsletter dedicated to all things transportation. Sign up here — just click The Station — to receive it every weekend in your inbox. Hello readers: Welcome to The Station, your central hub for all past, present and future means of moving people and packages from Point A to Point B. Before
A critical vulnerability in Atlassian’s Confluence Server software is now under active attack. Disclosed last week by Atlassian, CVE-2021-26084 is a remote code execution bug that is considered a critical security risk by the vendor. The flaw, which was rated a 9.8 on the CVSS scale, is due to an injection bug in the open
Les chercheurs d’ESET expliquent les détails d’une faille découverte dans VaxiCode Vérif, l’application mobile permettant la vérification des preuves vaccinales québécoise La sortie d’applications mobiles permettant le stockage et la vérification du passeport vaccinal par le gouvernement du Québec (VaxiCode et VaxiCode Vérif) a fait couler beaucoup d’encre la semaine dernière. C’est avec raison; l’application
Mercedes-Benz introduced a slew of electric vehicles ahead of the IAA Mobility show in Germany, including its first AMG-branded high-performance EV, a sedan and a G-Class SUV concept — all part of the company’s bid to become an electric-only automaker by the end of the decade. Mercedes has already started producing the all-electric EQS, a
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with “high confidence” to a threat actor operating out of China. In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U’s implementation of the
Another Accellion breach victim has been named nine months after threat actors exploited zero-day vulnerabilities in the company’s File Transfer Application. Beaumont Health has notified approximately 1500 patient that their personal data may have been compromised in the December attack on Accellion software. Goodwin Procter LLP, which was hired by Beaumont to provide legal services, used Accellion’s File Transfer software
Along with a cadre of other TechCrunch folks, I spent this week extremely focused on one event: Y Combinator. The elite accelerator announced a staggering 377 startups as its Summer 2021 cohort. We covered every single on-the-record startup that presented and plucked out some favorites: There’s something quite earnest and magical about spending literally hours
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending to be a tax-filing application. We have identified two main campaigns that used different fake app themes to lure in taxpayers. The first campaign from November 2020 pretended to be a fake IT certificate application while the second campaign, first seen in May 2021, used the fake tax-filing theme. With this discovery,
Hello friends, and welcome back to Week in Review. Last week, we dove into the truly bizarre machinations of the NFT market. This week, we’re talking about something that’s a little bit more impactful on the current state of the web — Apple’s NeuralHash kerfuffle. If you’re reading this on the TechCrunch site, you can
Apple is temporarily hitting the pause button on its controversial plans to screen users’ devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided
Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure. While in some parts of the world kids have already returned to their classrooms, in virtual form or in person, in others they are just gearing
Two new senior cybersecurity appointments have been announced by the United States Department of Homeland Security. Former lead solution engineer at Salesforce, David Larrimore, has been named as the Department’s chief technology officer. Between 2016 and 2019, Larrimore occupied the same position at the Immigration and Customs Enforcement (ICE) component. Other roles held by Larrimore include an
To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here. Hello and welcome to Daily Crunch for September 3, 2021. As noted yesterday, most of TechCrunch has the day off so today’s newsletter is a little bit different than usual. Up top
You open your laptop and see an email from a healthcare organization that you don’t recognize. The subject line reads “URGENT – PROOF OF VACCINATION NEEDED.” Impulsively, you open the email and click on the link. You’re redirected to a website that asks you to enter your name, date of birth, Social Security Number, and a photo of
Seksom Suriyapa was seemingly destined to land at a venture firm. A Stanford Law graduate, he worked at two blue-chip investment banks before joining the cybersecurity company McAfee as a senior corp dev employee, later logging six years at the human resources software company SuccessFactors and, in 2018, landing at Twitter, where he headed up
Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye’s Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users. Twitter has unveiled a new feature called Safety Mode aimed at curbing abusive behavior, by autoblocking any unwanted tweets and other forms of online harassment. Currently the feature is available to a handful of users.
by Paul Ducklin [02’00”] Security code flushes out security bugs. [15’48”] Recursion: see recursion. [26’34”] Phishing (and lots of it). [33’09”] Oh! No! The Windows desktop that got so big it imploded. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to
A private university in New York State is being sued for negligence by one of its students over a data breach that may have exposed thousands of Social Security numbers. Syracuse University (SU) suffered a data breach on September 25 last year after an employee fell victim to a phishing attack and clicked on a malicious link.
Kalepa, an insurance underwriting platform based out of New York, has raised a $14 million Series A funding round led by Inspired Capital, with participation from previous investor IA Ventures. Also participating was Gokul Rajaram of Doordash, Coinbase, and formerly of Google, Jackie Reses, formerly of Square, and Henry Ward of Carta. Founded by Paul
Beaumont Health is the latest organization to disclose an incident related to the Accellion breach last year. In a statement Friday, the healthcare system, based in Southfield, Mich., revealed that the information of 1,500 patients may have been affected. Beaumont is a client of Goodwin Procter LLP, a law firm that used Accellion’s File Transfer
Welcome back to our executive blog series, where we’re sitting down with some of the pivotal players behind McAfee Enterprise to hear their takes on today’s security trends, challenges, and opportunities for enterprises across the globe. Q: Do you have a role model? If so, who is it? Well, there are work and there are
Firefly launched its first rocket from Vandenberg Space Force Base in California, and on board it carried a number of payloads with an intended destination of low Earth orbit. The rocket took off as planned, and seemed to be doing fairly well during the initial portion of the launch, before experiencing “an anomaly” that clearly
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 225
- Next Page »