This $70 device can spoof an Apple device and trick you into sharing your password
Attendees at Def Con, one of the world’s largest hacking conferences, are used to weird shenanigans, such as a seemingly innocuous wall of computer screens that display people’s passwords sniffed over the conference Wi-Fi network. But at this year’s event, even conference veterans were confused and concerned when their iPhones started showing pop-up messages prompting them to connect their Apple ID or share a password with a nearby Apple TV.
Researchers watched 100 hours of hackers hacking honeypot computers
Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it. That’s pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers. The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around.
Russia-backed hackers used Microsoft Teams to breach government agencies | TechCrunch
Russian state-sponsored hackers posed as technical support staff on Microsoft Teams to compromise dozens of global organizations, including government agencies.
High school changes every student’s password to ‘Ch@ngeme!’
After a cybersecurity audit mistakenly reset everyone’s password, a high school changed every student’s password to “Ch@ngeme!” giving every student the chance to hack into any other student’s account, according to emails obtained by TechCrunch.
Shell Recharge security lapse exposed EV drivers’ data
Oil giant Shell said it is investigating after a security researcher found an exposed internal database spilling the personal information of drivers who use the company’s electric vehicle charging stations.
Another huge US medical data breach confirmed after Fortra mass-hack
Hackers stole another half a million people’s personal and health information during a ransomware attack on a technology vendor earlier this year. Intellihartx, a Tennessee-based company that handles patient payment balances and collections, said in a notice filed with the Maine attorney general’s office that 489,830 patients had information stolen in the cyberattack targeting its vendor, Fortra.
New victims come forward after mass-ransomware attack
The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked. The City of Toronto told TechCrunch in a revised statement on March 23: “Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system.”
Support King, banned by FTC, linked to new phone spying operation
year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found. A groundbreaking FTC order in 2021 banned the stalkerware app SpyFone, its parent company Support King, and its chief executive Scott Zuckerman from the surveillance industry. The order, unanimously approved by the regulator’s five sitting commissioners, also demanded that Support King delete the phone data it illegally collected and notify victims that its app was secretly installed on their device.
Crime group hijacks hundreds of US news websites to push malware
A cybercriminal group has compromised a media content provider to deploy malware on the websites of hundreds of news outlets in the U.S. according to cybersecurity company Proofpoint.
DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch
Cloud giant DigitalOcean says that some customers’ email addresses were exposed because of a recent “security incident” at email marketing company Mailchimp. In a scant blog post dated August 12, just two days after the company’s co-founder and long-time CEO Ben Chestnut stepped down, Mailchimp said a recent but undated attack saw threat actors targeting […]
Lockdown Mode is a new Apple feature you should hope you’ll never need to use. But for those who do, like journalists, politicians, lawyers and human rights defenders, it’s a last line of defense against nation-state spyware designed to punch through an iPhone’s protections. The new security feature was announced earlier this year as an […]
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
Fears grow for smaller nations after ransomware attack on Costa Rica escalates
The Russia-linked ransomware gang demanded $20 million in ransom — and the overthrow of Costa Rica's elected government. Where does that leave smaller, equally vulnerable nation states?