Search Results for “TechCrunch”


May 3, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Core Databases of Coronavirus Symptom Checker Developed by India’s Jio Were Exposed to the Internet Without a Password

A security lapse exposed core databases of a coronavirus symptom checker to the internet without a password, security researcher Anurag Sen discovered. The symptom checker was developed by India’s largest cell network Jio. Sen found the database on May 1, just after it was first exposed, and informed TechCrunch to notify the company. Jio quickly pulled the system offline after TechCrunch made contact. The database contains millions of logs and records starting April 17 through to the time that the database was pulled offline. The database contains millions of logs and records starting April 17 through to the time that the database was pulled offline, including vast numbers of user-generated self-test data. The database also included individual records of those who signed up to create a profile, allowing users to update their symptoms over time. These records contained the answers to each question asked by the symptom checker, including what symptoms they are experiencing, who they have been in contact with, and what health conditions they may have.

Related: Cyber Kendra, GBHackers On Security, Hindu Businessline, Databreaches.net

Tweets:@zackwhittaker @hak1mlukha


May 12, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Yubico Launches YubiEnterprise Delivery Service That Allows Enterprise Customers to Ship YubiKey Keys to Employees, Partners and Customers Anywhere

Security key maker Yubico has launched a new service called YubiEnterprise Delivery that lets enterprise customers ship its YubiKey security keys directly to their employees, partners, and customers, even to their homes. YubiEnterprise Delivery is a cloud-based dashboard that is available from anywhere, allowing IT staff to log in, check their inventory levels, and request and ship out security keys to staff either in bulk or on a case-by-case basis.

April 2, 2020
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Pan-European Privacy-Preserving Proximity Tracing Aims to Conduct COVID-19 Contacts Tracing in a Way That Thwarts State Surveillance

A European coalition of technologists and scientists from at least eight countries led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) has unveiled contacts-tracing proximity technology for COVID-19 called Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) that’s designed to comply with the region’s strict privacy rules. The project is a response to the coronavirus pandemic generating a massive spike in demand for citizens’ data that’s intended to offer not just another app but instead offers what the scientists call “a fully privacy-preserving approach” to COVID-19 contacts tracing. The idea is to use smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person but to do so in a manner that can’t be exploited by state surveillance authorities using anonymous IDs and encryption.

Romain Dillet / TechCrunch

Romain Dillet / TechCrunch  
Zoom CEO Apologizes for Security and Privacy Glitches, Says Company Will Implement 90-Day Feature Freeze and Work with Third-Party Experts to Produce Transparency Report

Wildly popular videoconferencing app Zoom has been battered with a series of privacy and security controversies since its meteoric rise during the COVID-19 crisis even as the company has quickly signed up 200 million new users. In the wake of these controversies, CEO Eric S. Yuan has written a lengthy blog post to address some of the concerns around Zoom. In particular, Yuan said that Zoom is enacting a 90-day feature freeze during which the company won’t ship any new feature until it is done fixing the current feature set. Zoom will also work with third-party experts and prepare a transparency report. Yuan apologized for the glitches saying that “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.”

Related: Forbes, CNET, Neowin, BusinessLine – Home, iPhone Hacks, Engadget, The Verge, Business Insider, TechJuice, HOTforSecurity, Computer Business Review, GeekWire, Reuters: Top News, PhoneArena, Android Authority, ZDNet Security, ExtremeTech, MobileSyrup.com, WCCFtech, Trusted Reviews, TechNadu, RTE, E-Commerce Times, GBHackers On Security, 9to5Mac, Digital Trends, Telecomlive.com, Android Central , iMore, Windows Central ,South China Morning Post, Big News Network, Thomas Brewster – Forbes, Android Authority, Graham Cluley, Telecompaper Headlines, MobileSyrup.com, The Financial Express, Security AffairsUbergizmo, ET news, Fast Company, USA Today, SlashGear » security, City A.M. – Technology, The State of Security, TechWorm, The Hill, CBSNews.com, The Next Web, E Hacking News, BBC News, Digital Trends, BetaNews, The Verge, Tom’s Guide News, Zoom

Tweets:@josephfcox @TheHackersNews @runasand @ashk4n

Forbes : Zoom Just Made These Powerful COVID-19 Security And Privacy Moves Following Outcry
CNET: Zoom boss says it’ll freeze feature updates to address security issues
Neowin: Zoom to fix security and privacy issues in 90-day feature freeze
BusinessLine – Home: Zoom announces 90-day freeze on feature updates to focus on privacy and security
iPhone Hacks: Zoom Announces 90 Days Feature Freeze, Will Work on Improving the Security Of Its Platform
Engadget: Zoom vows to win back user trust with extensive security review
The Verge: What Zoom doesn’t understand about the Zoom backlash
Business Insider: Zoom’s CEO apologizes for its many security issues as daily users balloon to 200 million
TechJuice: ‘Zoombombing’ is becoming an issue amid rising popularity due to coronavirus
HOTforSecurity: Zoom-bombing: FBI warns of rise in teleconference hijacking amid stay-at-home order
Computer Business Review: Zoom Security Storm: Company Apologises, Hackers Squabble
GeekWire: Zoom Security Storm: Company Apologises, Hackers Squabble
Reuters: Zoom pulls in more than 200 million daily video users during worldwide lockdowns
PhoneArena: SpaceX employees forbidden from using the Zoom app over privacy concerns
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
ZDNet Security: Zoom: We’re freezing all new features to sort out security and privacy
TechCrunch: Zoom freezes feature development to fix security and privacy issues
ExtremeTech: Zoom’s Security and Privacy Practices Kind of Zuck
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
WCCFtech: Zoom Gets Banned at SpaceX Following Privacy Concerns
Trusted Reviews: Why Zoom is attracting so much criticism right now
RTE: Zoom stops product development to fix security issues
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
9to5Mac: Zoom penetration tests commissioned to improve ‘trust, safety and privacy’
Digital Trends: SpaceX tells workers to ditch Zoom over ‘significant’ privacy concerns
Android Central : Zoom apologizes over security and privacy issues and freezes new features
iMore: Zoom apologizes over security and privacy issues and freezes new features
Windows Central : Zoom apologizes over security and privacy issues and freezes new features
Channel News Asia: Elon Musk’s SpaceX bans Zoom over privacy concerns
Tech Insider: Elon Musk’s SpaceX bans Zoom over security and privacy concerns
Thomas Brewster – Forbes: Why Zoom Really Needs Better Privacy: $1.3 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
Graham Cluley: Zoom promises to improve its security and privacy as usage (and concern) soars
Telecompaper Headlines: Zoom promises full security review as users pass 200 mln per day
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
The Financial Express: Has Zoom got it right on security?
Security Affairs: Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak
Ubergizmo: Zoom Pledges To Spend The Next 90 Days Fixing Its Privacy And Security Issues
ET news: Security snafus exhumed amid Zoom boom
Fast Company: Elon Musk’s SpaceX bans employees from using Zoom over ‘significant privacy and security concerns’
USA Today: Zoom to focus on security, privacy, CEO says, as usage booms during coronavirus crisis
SlashGear » security: Zoom CEO responds: What happens next for hit video calling app
City A.M. – Technology: Zoom vows to fix security issues as it hits 200m daily users
The State of Security: Zoom promises to improve its security and privacy as usage (and concern) soars
TechWorm: Zoom Security Vulnerability Leaks Windows Login Credentials To Hackers
The Hill: Zoom vulnerabilities draw new scrutiny amid coronavirus fallout
CBSNews.com: FBI warns of online attacks on video conference app Zoom
The Next Web: After a litany of security fuck-ups, Zoom promises weekly updates
E Hacking News: Hackers use fake Zoom domains to spread malware
BBC News: Zoom boss apologises for security issues and promises fixes
Digital Trends: Zoom freezes development of new features to fix privacy issues
Trusted Reviews: Why Zoom is attracting so much criticism right now
BetaNews: Zoom issues an apology for privacy and security issues, will enact a feature freeze to focus on fixes
The Verge: Zoom announces 90-day feature freeze to fix privacy and security issues
Tom’s Guide News: Zoom privacy and security issues: Here’s everything that’s wrong (so far)
Zoom: A Message to Our Users

@josephfcox: Zoom announces several changes, such as a "feature freeze" and moving all engineering resources to fixing privacy and security issues; enhancing its bug bounty program https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
@TheHackersNews: UPDATE: After facing backlash over #privacy & security concerns, #Zoom today issued updates to patch some recently disclosed flaws & also announced to enhance its #bugbounty program and shift all of its engineering resources to resolve further issues. https://thehackernews.com/2020/04/zoom-windows-password.html
@runasand: Letter from @zoom_us CEO @ericsyuan outlines what the company has done and will do moving forward to address issues and concerns, including shifting “engineering resources to focus on our biggest trust, safety, and privacy issues.”
@ashk4n: I have to say the response from @zoom_us to all the privacy, security, and #abusability issues surrounding their platform is very good: CEO acknowledges the specific problems, lays out steps they’re taking to fix them, and clear communicates steps to users


May 26, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Strandhogg 2.0 Vulnerability Imitates Legit Apps to Steal Passwords, Sensitive Data and Affects Almost Every Version of Android

Security researchers have found a significant vulnerability, dubbed Strandhogg 2.0, in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data. The “evil twin” to an earlier bug of the same name, according to Norwegian security firm Promon, which discovered both vulnerabilities six months apart, Strandhogg 2.0 tricks a victim into thinking they’re entering their passwords on a legitimate app while instead interacting with a malicious overlay. It can also hijack other app permissions to siphon off sensitive user data, like contacts, photos, and track a victim’s real-time location. Promon and Google say they’ve found no evidence of Strandhogg 2.0’s exploitation. Promon said updating Android devices with the latest security updates will fix the vulnerability.

Related: fossBytes, ComputerWeekly: IT security, Neowin, TechNadu, Security News | Tech Times, SecurityWeek, The Hacker News, Promon

Tweets:@TheHackerNews @zackwhittaker


April 30, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Education Giant Chegg Confirms Its Third Data Breach Since 2018, Says Hackers Stole 700 Current and Former Employee Records

Education giant Chegg said hackers stole 700 current and former employee records, including their names and Social Security numbers, the third data breach the company has experienced since 2018. In 2018, hackers made off with 40 million customer records, forcing the company to reset user passwords, and about a year later, Chegg confirmed another data breach at its tech education arm Thinkful, which it had just acquired. On Tuesday, a federal judge in Baltimore granted Chegg’s motion to force into arbitration a lawsuit stemming from the 2018 data breach.

May 9, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Data Breach at U.S. Marshals Service Exposed Personal Information of Current and Former Prisoners

A data breach at the U.S. Marshals Service exposed the personal information of current and former prisoners. In a letter sent to those affected, the Justice Department notified the U.S. Marshals on December 30, 2019, of a data breach affecting a public-facing server storing personal information on current and former prisoners in its custody. The breach may have included their address, date of birth, and Social Security number.

May 5, 2020
Frederic Lardinois / TechCrunch

Frederic Lardinois / TechCrunch  
Cloud Security Start-Up Orca Security Raises $20.5 Million in Series A Round

Israeli cloud security firm Orca Security has raised $20.5 million in a Series A funding round led by GGV Capital, with participation from seed investors YL Ventures and Silicon Valley CISO Investments. Orca focuses on giving enterprises better visibility into their cloud deployments with a particular focus on quickly providing workload-level visibility without the need for an agent or network scanner.

May 1, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Shareholder Files Lawsuit Against LabCorp Accusing Board of Hiding Details of Two Data Breaches

LabCorp shareholder Raymond Eugenio filed a lawsuit against the laboratory giant, accusing its board of concealing details of two data breaches that affected millions of patients. The first breach hit third-party billing provider AMCA in 2019, affecting 7.7 million LabCorp patients and millions more from other lab test providers, including Quest and BioReference. A second security lapse involved the exposure of thousands of patient documents) was also referenced in the suit.  The lawsuit claims LabCorp’s “insufficient cybersecurity procedures” contributed in part to the two security incidents, and that the board fell short of its fiduciary duty by not disclosing the security incidents to shareholders.

April 9, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Bugcrowd Raises $30 Million in Series D Round of Venture Funding

Crowdsourced bug bounty and vulnerability disclosure platform Bugcrowd has raised $30 million in its Series D funding round led by Rally Ventures and including unnamed new and existing investors. Bugcrowd CEO Ashish Gupta said the $30 million would help the company ramp up the expansion of its platform, particularly in Europe and Asia.