The move toward abandoning passwords is coming closer as Apple, Google and Microsoft announced plans to expand support for the Fast Identity Online Alliance’s FIDO2 specification, enabling users to enroll in passwordless authentication with multiple devices across the three platforms. Users will soon be able to use passwordless authentication in Android and iOS, Chrome, Edge
A new risk analysis published today warns that modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk. The analysis, published in the journal Nature Machine Intelligence, warns that hackers could exploit flaws in agricultural hardware used to plant and harvest crops. Additionally, it said automatic crop sprayers, drones and
by Paul Ducklin On Wednesday this week, virtualisation behemoth VMWare published a security advisory describing two just-patched security holes in its products. Virtualisation in general, and VMWare’s product set in particular, is widely used to turn individual physical computers into several “virtual computers” that share the same physical hardware. These virtual computers, known in the
Recent product news from Stripe and Plaid indicate the two private companies are gunning for one another as the market for B2B financial technology matures, expands and individual players increasingly overlap. It might sound silly that Stripe, best known for its payments technology, and Plaid, best known for its API that connects consumer bank accounts
Welcome to the very first episode of The TechCrunch Podcast! Every week, the new TC podcast will dive into the biggest stories in tech, as told by the writers who penned them. We’ve been developing and iterating on the concept for many months now, so we’re thrilled to finally be able to deliver our first
The US Department of Justice (DoJ) has announced it will no longer prosecute “good faith” hackers under the Computer Fraud and Abuse Act (CFAA). The historic policy shift was announced in a statement yesterday, which declared that white hat hackers will not be prosecuted for accessing a computer when done to improve cybersecurity. The DoJ defined good-faith
by Paul Ducklin Two of the big-news vulnerabilities in this month’s Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931, which affected the safety of authentication in Windows. Even though they were so-called EoP holes rather than RCE bugs (elevation of privilege, instead of the more serious problem of remote code execution), they were neverthless
The devices employees use as they work from home could be the ones that put their companies at risk. With businesses continuing to support remote and hybrid workplaces, more employees are connecting more of their personal devices to corporate networks, yet these devices aren’t always well protected from malware, breaches, and theft—which can affect them
QNAP devices have been hit by DeadBolt ransomware for at least the second time in less than six months. In January, QNAP warned users that a new ransomware strain was widely targeting its network-attached storage (NAS) devices using an alleged zero-day vulnerability. DeadBolt was encrypting users’ data and demanding bitcoin payments in ongoing attacks on
CleverTap, a retention marketing platform which has raised $76.6M to date, is to fully acquire Bulgarian-originated but San Francisco-based Leanplum, a customer engagement platform which has raised $131.2M, for an undisclosed amount. The news was broken by South Eastern European startup news site The Recursive. Sunil Thomas, CleverTap Cofounder and Executive Chairman said: “Like many
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive to all federal agencies to mitigate two new VMware vulnerabilities. The directive relates to two new vulnerabilities – CVE-2022-22972 and CVE-2022-22973 – that CISA believes threat actors are likely to exploit across numerous VMware products. These are VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM),
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’22”] Fun Fact. What does the word “non-commensurate” mean? [01’41”] When is cracking passwords legal? [11’08”] Why did Firefox get patched? [15’20”] This Week in Tech. Which computer needed dropping onto the desk?
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within