Security
Security

There’s a new supply chain attack targeting customers of a phone system with 12 million users

Multiple security firms have sounded the alarm about an active supply chain attack that’s using a trojanized version of 3CX’s widely-used voice and video-calling client to target downstream customers.  3CX is the developer of a software-based phone system used by more than 600,000 organizations worldwide, including American Express, BMW, McDonald’s and the U.K.’s National Health […]

Read More
Security Startups

DataDome, which uses AI to protect against bot-based attacks, raises $42M

Online businesses are at risk of bad bot activity, certainly more now than they used to be. According to a survey from Imperva, 42.3% of internet traffic in 2021 wasn’t human, but instead bots that ran automated routines with ill intent. Given the damage bots can do — for example, stealing content and inventory, degrading […]

Read More
Security

Silence gets you nowhere in a data breach

In cybersecurity, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organizations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. LastPass has refused to answer any of TechCrunch+’s questions since it confirmed in December that hackers […]

Read More
Enterprise Security Startups

Spera raises $10M for its identity security posture management platform

Spera, a Palo Alto-based security startup that provides businesses with the tools to proactively protect themselves from identity-driven threats, today said it has raised a $10 million seed funding round led by YL Ventures, with participation from a number of prominent angel investors and serial entrepreneurs. The company’s founders, Dor Fledel (CEO) and Ariel Kadyshevitch […]

Read More
Security

Hackers used spyware made in Spain to target users in the UAE, Google says

In November 2022, Google revealed the existence of a then-unknown spyware vendor called Variston. Now, Google researchers say they have seen hackers use Variston’s tools in the United Arab Emirates. In a report published on Wednesday, Google’s Threat Analysis Group (TAG) said it discovered hackers targeting people in the UAE who used Samsung’s native Android […]

Read More
Security

Lawmakers call on USPS to combat surge in ‘change of address’ fraud

A group of bipartisan lawmakers has called on the U.S. Postal Service to strengthen its internal processes to reduce change of address fraud, which each year allows fraudsters to redirect thousands of people’s mail, including bills, checks and bank statements. U.S. Congressman Josh Gottheimer (D-NJ, 5th) and other House lawmakers want USPS to make it […]

Read More
Security Startups

Microsoft lets generative AI loose on cybersecurity

As a part of its continued quest to inject generative AI into all its products, Microsoft today introduced Security Copilot, a new tool that aims to “summarize” and “make sense” of threat intelligence. In a light-on-the-details announcement, Microsoft pitched Security Copilot as a way to correlate data on attacks while prioritizing security incidents. Countless tools […]

Read More
Security

Hackers could remotely turn off lights, honk, mess with Tesla’s infotainment system

Thanks to three vulnerabilities chained together, malicious hackers could remotely hack into a Tesla, turn off the lights, honk the horn, open the trunk, activate the windshield wipers, and mess with the infotainment system, according to security researchers. The researchers, who work for security firm Synacktiv, found the vulnerabilities and showcased them at the Pwn2Own […]

Read More
Security

Biden executive order bans federal agencies from using commercial spyware

The Biden administration on Monday announced a new executive order that would broadly ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. The move to ban federal agencies — including law enforcement, defense and intelligence — from using commercial spyware comes as officials confirmed that dozens […]

Read More
Apps Security

GitHub takes down repository containing Twitter’s source code

GitHub has taken down a repository by a user named “FreeSpeechEnthusiast” that contained Twitter’s proprietary source code after the social network filed a DCMA takedown request. The username certainly seems to be a jab at Twitter owner Elon Musk, who has claimed to be a “free speech absolutist” many times. On Friday, Twitter filed a […]

Read More