Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch
The spyware maker's founder, Bryan Fleming, said pcTattletale is "out of business and completely done," following a data breach.
'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch
The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”
What we learned from the indictment of LockBit’s mastermind
Five takeaways from the indictment of Dmitry Yuryevich Khoroshev, the hacker who U.S. and U.K. authorities accuse of being the mastermind of the LockBit ransomware gang.
Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist | TechCrunch
A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.
Change Healthcare stolen patient data leaked by ransomware gang
This is the second group to demand a ransom payment from Change Healthcare to prevent the release of stolen patient data in as many months.
Ransomware gang’s new extortion trick? Calling the front desk
When a hacker called the company that his gang claimed to breach, he felt the same way that most of us feel when calling the front desk: frustrated. The phone call between the hacker, who claims to represent the ransomware gang DragonForce, and the victim company employee was posted by the ransomware gang on its dark web site in an apparent attempt to put pressure on the company to pay a ransom demand. In reality, the call recording just shows a somewhat hilarious and failed attempt to extort and intimidate a company’s rank-and-file employees.
Roku says 576,000 user accounts hacked after second security incident
Streaming giant Roku has confirmed a second security incident in as many months, with hackers this time able to compromise more than half a million Roku user accounts. In a statement Friday, the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.
Microsoft employees exposed internal passwords in security lapse
Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar, a cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating to Microsoft’s Bing search engine. The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems.
Price of zero-day exploits rises as companies harden products against hackers
Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like
Facebook snooped on users’ Snapchat traffic in secret project, documents reveal | TechCrunch
A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.
OpenAI's chatbot store is filling up with spam
When OpenAI CEO Sam Altman announced GPTs, custom chatbots powered by OpenAI's generative AI models, onstage at the company's first-ever developer
Russian spies keep hacking into Microsoft in 'ongoing attack,' company says
Microsoft says the ongoing hacking is part of the Russian government's efforts to figure out what information Microsoft has on its hackers.
US sanctions founder of spyware maker Intellexa for targeting Americans | TechCrunch
The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is
Popular video doorbells can be easily hijacked, researchers find
Walmart and Temu pulled the affected doorbell cameras from their stores. Amazon and others have taken no action.
BMW security lapse exposed sensitive company information, researcher finds | TechCrunch
A misconfigured cloud storage server belonging to BMW exposed sensitive company information, including private keys and internal data
Spyware startup Variston is losing staff — some say it’s closing | TechCrunch
In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was
Government hackers targeted iPhones owners with zero-days, Google says
One of the hacking campaigns used exploits developed by Variston, a Barcelona-based startup. Sources say the spyware maker is losing staff.
Here is Apple's official 'jailbroken' iPhone for security researchers | TechCrunch
A security researchers shared a picture of the instructions that go along Apple's Security Research Device and more details about this special iPhone.
Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'
Apple said the vulnerability, which is being exploited in the wild, allows malicious code to run on an affected device.
How a mistakenly published password exposed Mercedes-Benz source code
Mercedes accidentally exposed a trove of sensitive data after a leaked security key gave “unrestricted access” to company’s source code.
NSA is buying Americans’ internet browsing records without a warrant
Spy agency argues the practice is entirely legal — until a US court says otherwise
Anthropic researchers find that AI models can be trained to deceive
A study co-authored by researchers at Anthropic finds that AI models can be trained to deceive -- and that this deceptive behavior is difficult to combat.
Hackers stole $2 billion in crypto in 2023, data shows
Data shows hackers stole around $2 billion in crypto this year, according to data analyzed by blockchain security firms.
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful Behind closed doors, senior officials from Modi's administration demanded that Apple soften the political impact of the state-sponsored warnings, according to Washington Post.
Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site | TechCrunch
The FBI says it has released a decryption tool allowing hundreds of ALPHV/BlackCat victims to restore their scrambled files.
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack | TechCrunch
The U.S.-based owner of apparel brands including Vans, Supreme and The North Face says it cannot fulfill customer orders after a cyberattack.
Supply chain attack targeting Ledger crypto wallet leaves users hacked
Hackers pushed out a malicious version of a software library made by crypto company Ledger, which powers several web3 applications.
Apple will no longer give police users' push notification data without a warrant
Apple says it will now require a judge-approved order before handing over its users' push notification records to government agencies.
US healthcare giant Norton says hackers stole millions of patients' data during ransomware attack | TechCrunch
Hackers accessed the personal and health data of 2.5 million patients — and employees — during a May ransomware attack.
23andMe confirms hackers stole ancestry data on 6.9 million users
Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.