Search Results for “Zack Whittaker”


May 13, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Identity and Privileged Access Management Company CyberArk Buys Startup Idaptive for $70 Million

Israeli identity and privileged access management cybersecurity company CyberArk has acquired identity startup Idaptive for $70 million in an all-cash deal. Santa Clara, CA-based Idaptive is a zero-trust identity management security start-up. CyberArk hopes that Idaptive will bolster its standing in the identity management space.

May 12, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Yubico Launches YubiEnterprise Delivery Service That Allows Enterprise Customers to Ship YubiKey Keys to Employees, Partners and Customers Anywhere

Security key maker Yubico has launched a new service called YubiEnterprise Delivery that lets enterprise customers ship its YubiKey security keys directly to their employees, partners, and customers, even to their homes. YubiEnterprise Delivery is a cloud-based dashboard that is available from anywhere, allowing IT staff to log in, check their inventory levels, and request and ship out security keys to staff either in bulk or on a case-by-case basis.

June 4, 2020
Zack Whittaker, Frederic Lardinois / TechCrunch

Zack Whittaker, Frederic Lardinois / TechCrunch  
VMWare Is Buying Threat Detection Network Security Firm Lastline and Will Let 50 Lastline Employees Go

Cloud infrastructure and digital workspace infrastructure company VMware is buying threat detection network security firm Lastline and will let go around 40% of Lastline’s employees, about 50 staffers, as part of the acquisition. Terms of the deal were not disclosed. The deal, subject to regulatory approvals, is expected to close by the end of July.

May 1, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Shareholder Files Lawsuit Against LabCorp Accusing Board of Hiding Details of Two Data Breaches

LabCorp shareholder Raymond Eugenio filed a lawsuit against the laboratory giant, accusing its board of concealing details of two data breaches that affected millions of patients. The first breach hit third-party billing provider AMCA in 2019, affecting 7.7 million LabCorp patients and millions more from other lab test providers, including Quest and BioReference. A second security lapse involved the exposure of thousands of patient documents) was also referenced in the suit.  The lawsuit claims LabCorp’s “insufficient cybersecurity procedures” contributed in part to the two security incidents, and that the board fell short of its fiduciary duty by not disclosing the security incidents to shareholders.

June 19, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Web Tracking Data From Ad Tech Company BlueKai Spilled Out Onto the Open Internet Due to Exposed and Unsecured Server

Web tracking data amassed by ad tech company BlueKai was spilling out onto the open internet because a server was left unsecured and without a password, exposing billions of records for anyone to fin, security researcher Anurag Sen discovered. He reported his finding to Oracle through an intermediary, Roi Carthy, chief executive at cybersecurity firm Hudson Rock. Oracle bought BlueKai for a little over $400 million in 2014. The database contained names, home addresses, email addresses, and other identifiable data in the database. The data also revealed sensitive users’ web browsing activity from purchases to newsletter unsubscribes. Oracle declined to say if it informed those whose data was exposed about the security lapse. The company also declined to say if it had warned U.S. or international regulators of the incident.

April 30, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Education Giant Chegg Confirms Its Third Data Breach Since 2018, Says Hackers Stole 700 Current and Former Employee Records

Education giant Chegg said hackers stole 700 current and former employee records, including their names and Social Security numbers, the third data breach the company has experienced since 2018. In 2018, hackers made off with 40 million customer records, forcing the company to reset user passwords, and about a year later, Chegg confirmed another data breach at its tech education arm Thinkful, which it had just acquired. On Tuesday, a federal judge in Baltimore granted Chegg’s motion to force into arbitration a lawsuit stemming from the 2018 data breach.

April 29, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Pharmaceutical Giant ExecuPharm Was Hit By Ransomware, Attackers Published Stolen Data on Dark Web Site

U.S. pharmaceutical giant ExecuPharm told the Vermont attorney general’s office that it was hit by a ransomware attack on March 13, and warned that Social Security numbers, financial information, driver licenses, passport numbers, and other sensitive data may have been accessed. The ransomware group behind the attack subsequently published the data stolen from the company’s servers and posted it on the dark web associated with the CLOP ransomware group. That website contains a vast cache of data, including thousands of emails, financial and accounting records, user documents, and database backups, stolen from ExecuPharm’s systems. ExecuPharm said it has launched an investigation, alerted federal and local law enforcement authorities, retained leading cybersecurity firms to investigate the nature and scope of the incident, and notified all potentially impacted parties.

April 23, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Millions of Credit Card Transactions Were Left Exposed on the Internet in Unsecured Database Belonging to Card Payments Processor Paay

A massive database storing millions of credit card transactions belonging to Paay, a card payments processor based in New York, was exposed publicly on the internet without a password before it was secured. Security researcher Anurag Sen discovered the unprotected trove of data. Paay verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions. The database contained daily records of card transactions dating back to September 1, 2019, from several merchants, exposing the full plaintext credit card number, expiry date, and the amount spent for each transaction.

April 17, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Misconfigured Server for Controversial Facial Recognition Company Clearview AI Exposed Internal Files, Apps and Source Code

A misconfigured server exposed internal files, apps, and source code for controversial facial recognition company Clearview AI, Mossab Hussein, the chief security officer at Dubai-based cybersecurity firm SpiderSilk discovered.  Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code. The company’s source code could be used to compile and run Clearview’s apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets, which contained copies of its finished Windows, Mac, and Android apps, as well as its iOS app. Clearview founder Hoan Ton-That accused the cybersecurity firm of extortion, although emails between Hussein and Clearview contradict that assertion. Ton-That also says that no unauthorized access to the misconfigured server occurred.

April 9, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Bugcrowd Raises $30 Million in Series D Round of Venture Funding

Crowdsourced bug bounty and vulnerability disclosure platform Bugcrowd has raised $30 million in its Series D funding round led by Rally Ventures and including unnamed new and existing investors. Bugcrowd CEO Ashish Gupta said the $30 million would help the company ramp up the expansion of its platform, particularly in Europe and Asia.