SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack | TechCrunch
The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control
Decade of newborn child registry data stolen in MOVEit mass-hack
The breach affecting more than 3.4 million people — including newborns and children — is one of the biggest MOVEit-related hacks of the year.
LogicMonitor customers hit by hackers, because of default passwords | TechCrunch
An unknown number of LogicMonitor's customers have been hacked due to the fact that the company set weak default passwords.
MOVEit, the biggest hack of the year, by the numbers
The mass-exploitation of MOVEit file transfer servers — the largest hack of the year so far — now affects at least 60 million people.
This $70 device can spoof an Apple device and trick you into sharing your password
Attendees at Def Con, one of the world’s largest hacking conferences, are used to weird shenanigans, such as a seemingly innocuous wall of computer screens that display people’s passwords sniffed over the conference Wi-Fi network. But at this year’s event, even conference veterans were confused and concerned when their iPhones started showing pop-up messages prompting them to connect their Apple ID or share a password with a nearby Apple TV.
Researchers watched 100 hours of hackers hacking honeypot computers
Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it. That’s pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers. The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around.
Spyware maker LetMeSpy shuts down after hacker deletes server data
A June data breach wiped out the spyware maker's servers
Russia-backed hackers used Microsoft Teams to breach government agencies | TechCrunch
Russian state-sponsored hackers posed as technical support staff on Microsoft Teams to compromise dozens of global organizations, including government agencies.
High school changes every student’s password to ‘Ch@ngeme!’
After a cybersecurity audit mistakenly reset everyone’s password, a high school changed every student’s password to “Ch@ngeme!” giving every student the chance to hack into any other student’s account, according to emails obtained by TechCrunch.
TSMC confirms data breach after LockBit cyberattack on third-party supplier
One of the world's biggest chipmakers confirmed a data breach after the LockBit ransomware gang targeted one of its third-party providers.
LetMeSpy, a phone tracking app spying on thousands, says it was hacked
A data breach reveals the spyware is built by a Polish developer
A simple bug exposed access to thousands of smart security alarm systems
The vulnerability — now fixed — was discovered in a cloud-based system that allows customers to remotely manage their security alarm systems.
Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch
The hackers responsible for exploiting a flaw to target users of a popular file transfer tool has begun listing victims of the mass-attacks
Shell Recharge security lapse exposed EV drivers’ data
Oil giant Shell said it is investigating after a security researcher found an exposed internal database spilling the personal information of drivers who use the company’s electric vehicle charging stations.
Another huge US medical data breach confirmed after Fortra mass-hack
Hackers stole another half a million people’s personal and health information during a ransomware attack on a technology vendor earlier this year. Intellihartx, a Tennessee-based company that handles patient payment balances and collections, said in a notice filed with the Maine attorney general’s office that 489,830 patients had information stolen in the cyberattack targeting its vendor, Fortra.
Popular Android TV boxes sold on Amazon are laced with malware
The malware-infected AllWinner and RockChip-powered Android TV models are still available to purchase on Amazon.
Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch
Apple has fixed the three exploits used to deploy the Pegasus spyware, which did not require any interaction from the target.
Hackers claim vast access to Western Digital systems
One of the hackers who breached Western Digital provided some details about the hack, the data stolen, and what the hackers are demanding.
Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch
Researchers found malware developed by QuaDream, a little-known government spyware maker, which was used against journalists and politicians.
New victims come forward after mass-ransomware attack
The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked. The City of Toronto told TechCrunch in a revised statement on March 23: “Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system.”
Telehealth startup Cerebral shared millions of patients' data with advertisers
The startup shared millions of patients' personal information and health data with Google, Facebook, and TikTok.
Sensitive US military emails spill online
A security researcher told TechCrunch that a government server was exposing military emails to the internet because no password was set.
Mailchimp says it was hacked — again
This is the second breach to hit Mailchimp in six months. It also appears to be almost identical to a previous incident.
Support King, banned by FTC, linked to new phone spying operation
year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found. A groundbreaking FTC order in 2021 banned the stalkerware app SpyFone, its parent company Support King, and its chief executive Scott Zuckerman from the surveillance industry. The order, unanimously approved by the regulator’s five sitting commissioners, also demanded that Support King delete the phone data it illegally collected and notify victims that its app was secretly installed on their device.
Crime group hijacks hundreds of US news websites to push malware
A cybercriminal group has compromised a media content provider to deploy malware on the websites of hundreds of news outlets in the U.S. according to cybersecurity company Proofpoint.
Inside TheTruthSpy, the stalkerware network spying on thousands • TechCrunch
Leaked data obtained by TechCrunch reveals the notorious network of Android spyware apps tracked locations and recorded calls of Americans.
DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch
Cloud giant DigitalOcean says that some customers’ email addresses were exposed because of a recent “security incident” at email marketing company Mailchimp. In a scant blog post dated August 12, just two days after the company’s co-founder and long-time CEO Ben Chestnut stepped down, Mailchimp said a recent but undated attack saw threat actors targeting […]
Hands-on with Lockdown Mode in iOS 16
Lockdown Mode is a new Apple feature you should hope you’ll never need to use. But for those who do, like journalists, politicians, lawyers and human rights defenders, it’s a last line of defense against nation-state spyware designed to punch through an iPhone’s protections. The new security feature was announced earlier this year as an […]
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
Fears grow for smaller nations after ransomware attack on Costa Rica escalates
The Russia-linked ransomware gang demanded $20 million in ransom — and the overthrow of Costa Rica's elected government. Where does that leave smaller, equally vulnerable nation states?