Snap CEO Evan Spiegel wrote in an internal memo that the company will miss its revenue goals for this quarter. Snap will also slow its pace of hiring, a tactic that companies like Meta and Uber have employed as a way to cut costs. Though Snap continues to grow year over year, Spiegel says the
The UK’s data protection watchdog has confirmed a penalty for the controversial facial recognition company, Clearview AI — announcing a fine of just over £7.5 million today for a string of breaches of local privacy laws. The watchdog has also issued an enforcement notice, ordering Clearview to stop obtaining and using the personal data of
The move toward abandoning passwords is coming closer as Apple, Google and Microsoft announced plans to expand support for the Fast Identity Online Alliance’s FIDO2 specification, enabling users to enroll in passwordless authentication with multiple devices across the three platforms. Users will soon be able to use passwordless authentication in Android and iOS, Chrome, Edge
A new risk analysis published today warns that modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk. The analysis, published in the journal Nature Machine Intelligence, warns that hackers could exploit flaws in agricultural hardware used to plant and harvest crops. Additionally, it said automatic crop sprayers, drones and
by Paul Ducklin On Wednesday this week, virtualisation behemoth VMWare published a security advisory describing two just-patched security holes in its products. Virtualisation in general, and VMWare’s product set in particular, is widely used to turn individual physical computers into several “virtual computers” that share the same physical hardware. These virtual computers, known in the
Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code
Recent product news from Stripe and Plaid indicate the two private companies are gunning for one another as the market for B2B financial technology matures, expands and individual players increasingly overlap. It might sound silly that Stripe, best known for its payments technology, and Plaid, best known for its API that connects consumer bank accounts
Welcome to the very first episode of The TechCrunch Podcast! Every week, the new TC podcast will dive into the biggest stories in tech, as told by the writers who penned them. We’ve been developing and iterating on the concept for many months now, so we’re thrilled to finally be able to deliver our first
ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks Sandworm, the APT group behind some of the world’s most disruptive cyberattacks, continues to update its arsenal for campaigns targeting Ukraine. The ESET research team has now spotted an updated version of the ArguePatch malware loader that was
The US Department of Justice (DoJ) has announced it will no longer prosecute “good faith” hackers under the Computer Fraud and Abuse Act (CFAA). The historic policy shift was announced in a statement yesterday, which declared that white hat hackers will not be prosecuted for accessing a computer when done to improve cybersecurity. The DoJ defined good-faith
by Paul Ducklin Two of the big-news vulnerabilities in this month’s Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931, which affected the safety of authentication in Windows. Even though they were so-called EoP holes rather than RCE bugs (elevation of privilege, instead of the more serious problem of remote code execution), they were neverthless
Multiple versions of a WordPress plugin by the name of “School Management Pro” harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed
Hi all! Welcome back to Week in Review, our newsletter where we wrap up many of the top stories to hit TechCrunch over the last seven days. The big thing this week, based on what people were reading most, were the details of a memo sent from Y Combinator to its portfolio founders. As the
When you hear the term ‘cryptocurrency’, does ‘secure’ also spring to mind? Here are some implications of the lack of sound security practices in the world of crypto. When you hear the term ‘cryptocurrency’, does ‘secure’ also immediately spring to mind? In this edition of Week in security, Tony examines several implications of the lack
“You can often pick up significant market share in an economic downturn by just staying alive,” top startup accelerator Y Combinator wrote in an internal email to its founders this week. The advice was one of 10 bullet points in a memo meant to help its companies navigate the economic downturn crushing tech. Other standout
The devices employees use as they work from home could be the ones that put their companies at risk. With businesses continuing to support remote and hybrid workplaces, more employees are connecting more of their personal devices to corporate networks, yet these devices aren’t always well protected from malware, breaches, and theft—which can affect them
QNAP devices have been hit by DeadBolt ransomware for at least the second time in less than six months. In January, QNAP warned users that a new ransomware strain was widely targeting its network-attached storage (NAS) devices using an alleged zero-day vulnerability. DeadBolt was encrypting users’ data and demanding bitcoin payments in ongoing attacks on
Pro-Russian hackers have targeted the websites of various Italian institutions and government ministries, law enforcement said on Friday. The attack, which began on Thursday evening and was still in progress as of Friday early afternoon, was reportedly confirmed by Italy’s Postal Police. The attack was launched at around 20:00 GMT on Thursday by the hacker
by Paul Ducklin Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast… …but we were right about how Mozilla would react in our latest podcast promotional video: Latest podcast 🎧 Listen now! Firefox & Pwn2Own, Apple and an 0-day… and the mathematics that defeated
A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been
Founders have gotten the memo that the ground is shifting under their feet right now. What to do about it is the question. Already, teams are making plans to scale back their spending to preserve capital. They’re making painful staff cuts toward that same end — or else instituting hiring freezes. But they should also
CleverTap, a retention marketing platform which has raised $76.6M to date, is to fully acquire Bulgarian-originated but San Francisco-based Leanplum, a customer engagement platform which has raised $131.2M, for an undisclosed amount. The news was broken by South Eastern European startup news site The Recursive. Sunil Thomas, CleverTap Cofounder and Executive Chairman said: “Like many
There’s a digital counterpart for nearly everything we do, which means more of our personal information is online. And although this tends to make our lives easier, it opens the door for information to land in the wrong hands. Identity theft happens when someone uses your personal identifiable information (PII) for their own monetary or
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive to all federal agencies to mitigate two new VMware vulnerabilities. The directive relates to two new vulnerabilities – CVE-2022-22972 and CVE-2022-22973 – that CISA believes threat actors are likely to exploit across numerous VMware products. These are VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM),
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’22”] Fun Fact. What does the word “non-commensurate” mean? [01’41”] When is cracking passwords legal? [11’08”] Why did Firefox get patched? [15’20”] This Week in Tech. Which computer needed dropping onto the desk?
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within
Thursday May 19, 2022, and it’s the last day of our in-person Mobility event. Tomorrow we take the journey to the mean streets of the world wide web, and you can still join us virtually! — Haje and Christine The TechCrunch Top 3 Tl;dr: We know you don’t have 32 minutes to read Meta global
Cybercriminals continue to mine for opportunities in the crypto space – here’s what you should know about coin-mining hacks and crypto theft Wherever you look these days, cryptocurrencies are in the news. And it’s not just because of the recent slump in their prices. Everybody seems to have grabbed a slice of the crypto pie
Oishii made waves last year for its wildly expensive strawberries, fetching $50 for a box of eight to 11 berries. Based in the bastion of vertical farming that is Kearny, New Jersey, the company began supplying fruit to Michelin-starred restaurants (whose chefs clearly believed the product was worth the price). They’ve since rolled out to
Molding and shaping our kids while we can is every parent’s dream. When kids are young – and sweet! – they are far more inclined to take on board our advice and lovingly imposed rules. Oh, how I miss those days!! And in a nutshell – that’s what a good set of parental controls can