Search Results for “Zack Whittaker”

April 7, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Healthcare Security Startup CyberMDX Raises $20 Million in New Round of Venture Funding

U.S.-Israel healthcare security startup CyberMDX has raised $20 million in a growth round of venture financing led by Europe’s largest insurance and risk management provider Sham, a division of Relyens Group, with participation from existing investors Pitango Venture Capital and Qure Ventures. One of the more mature cybersecurity startups in the medical space, CyberMDX works primarily to secure medical devices and improve hospital network security through its cyber intelligence platform, which manages a hospital’s network-connected assets and devices, and monitors threats in real-time. CyberMDX last raised $10 million in a Series A round in July 2018, bringing its total funding to date to $30 million.

June 12, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Senate Bill Requires Government to Spell Out Threats Posed by Private Sector Spyware Makers Such As NSO Group, Hacking Team

The annual intelligence authorization bill passed by the Senate Intelligence Committee last week requires the government to detail the threats posed by private sector spyware makers such as NSO Group and Hacking Team. They build spyware and hacking tools designed to surreptitiously break into a victim’s devices for conducting surveillance. The bill instructs the Director of National Intelligence to submit a report to both House and Senate intelligence committees within six months on the “threats posed by the use by foreign governments and entities of commercially available cyber intrusion and other surveillance technology” against U.S. citizens, residents and federal employees.

April 30, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
New Android Malware ‘EventBot’ Masquerades as Legitimate Android Apps, Steals Passwords, Intercepts Two-Factor Codes For Banking and Currency Apps

A newly discovered Android malware that targets banking apps and cryptocurrency wallets called EventBot masquerades as a legitimate Android app and abuses Android’s in-built accessibility features to obtain deep access to the device’s operating system, researchers at Cybereason discovered. Once installed, the fake app quietly siphons off passwords for more than 200 banking and cryptocurrency apps, including PayPal, Coinbase, CapitalOne and HSBC, and intercepts and two-factor authentication text message codes. With the password and two-factor code, hackers can break into the financial accounts of the victims. The researchers say they have not yet seen EventBot on Android’s app store or in active use in malware campaigns, limiting the exposure to potential victims for now.

Related: ComputerWeekly: IT security, IT Pro, Reddit – cybersecurity, Tech Advisor – Security, Graham Cluley, Finextra Research news, TechNadu, Threatpost, ZDNet Security, Security Affairs, The Hacker News, The State of Security

May 9, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Data Breach at U.S. Marshals Service Exposed Personal Information of Current and Former Prisoners

A data breach at the U.S. Marshals Service exposed the personal information of current and former prisoners. In a letter sent to those affected, the Justice Department notified the U.S. Marshals on December 30, 2019, of a data breach affecting a public-facing server storing personal information on current and former prisoners in its custody. The breach may have included their address, date of birth, and Social Security number.

June 10, 2020
Joseph Menn / Reuters

Joseph Menn / Reuters  
U.S. Lawmakers Seek Answers From Juniper Networks on NSA Backdoor Discovered In Company’s NetScreen Software in 2015

A group of U.S. lawmakers preparing to fight a legislative attack on encrypted communications is trying to establish what happened when the NSA subverted encryption at Silicon Valley maker of networking gear Juniper Networks.  Senate Intelligence Committee member Ron Wyden (D-OR), Republican Senator Mike Lee of the Judiciary Committee and the chairmen of the House Judiciary and Homeland Security committees sent a letter to Juniper Chief Executive Rami Rahim asking what had happened to an investigation Juniper announced after it found “unauthorized code” inside its widely used NetScreen security software in 2015.  The code was later discovered to be a mechanism secretly designed by the National Security Agency and widely believed to contain a back door for spying, known as Dual Elliptic Curve.

June 18, 2020
Alfred Ng / CNET

Alfred Ng / CNET  
Microsoft Tried to Sell Its Facial Recognition Technology to the Drug Enforcement Agency

Although Microsoft recently said it would stop selling its facial recognition technology to police, emails obtained by the American Civil Liberties Union (ACLU) show that the company had been in talks with the Drug Enforcement Agency from September 2017 to December 2018 in attempts to sell its artificial intelligence tools including facial recognition and voice recognition. “We are gathering requirements for AI services that could be leveraged for transcription, language translation, face recognition, and others. We are planning to extend our cloud environment to include AI services from Microsoft Azure Government (MAG) cloud,” a senior Microsoft employee wrote in an email to the DEA in November 2018.

Related: TechCrunch, Tech Insider, Input, The Hill, Slashdot

Tweets:@alfredwkng @zackwhittaker

June 25, 2020
Eric Tucker / Associated Press

Eric Tucker / Associated Press  
New DOJ Indictment Against Julian Assange Claims He Sought to Recruit Hackers at Conferences, Conspired With Hacking Organizations and Directed Teen to Steal Information

A new Justice Department indictment against Wikileaks co-founder Julian Assange alleges that he sought to recruit hackers at conferences in Europe and Asia who could provide his anti-secrecy website with classified information and conspired with members of hacking organizations. On top of that,  the indictment accuses Assange of conspiring with members of hacking groups known as LulzSec and Anonymous. He also worked with a 17-year-old hacker who gave him information stolen from a bank and directed the teenager to steal additional material, including audio recordings of high-ranking government officials, The superseding indictment does not contain additional charges beyond the 18 counts the Justice Department unsealed last year. But prosecutors say it underscores Assange’s efforts to procure and release classified information, allegations that form the basis of criminal charges he already faces.

Related: The Sun, Sydney Morning Herald, IT News, Business Insider, CNET, WA Today, AP Top News, ZDNet Security, The Hill: Cybersecurity, TASS, RT USA, TIME, Homeland Security Today, Cyberscoop, New York Post, Security News | Tech Times, Fars News Agency,, South China Morning Post, AP Top News, Al Jazeera English, CyberSecurity Help s.r.o., NBC News Top Stories, Shadowproof, Evening Standard, iTnews – Security, Courthouse News Service, AndroidRookies, New York Post,

Tweets:@zackwhittaker @emptywheel @jeffstone500 @alfredwkng @BiellaColeman @cfarivar @eTuckerAP @r0wdy_

The Sun: Julian Assange prosecutors ‘broaden’ charges against WikiLeaks boss claiming he conspired with Anonymous-linked hackers
Sydney Morning Herald: Assange faces fresh allegations in US indictment
iTnews – Security: US accuses Assange of recruiting LulzSec hackers
Business Insider : WikiLeaks founder Julian Assange faces broadened charges of conspiring with ‘Anonymous’ hackers in new federal grand jury indictment
CNET: WikiLeaks’ Julian Assange charged with recruiting and conspiring with hackers
WA Today : Assange faces fresh allegations in US indictment
Sydney Morning Herald: Assange faces fresh allegations in US indictment
AP Top News: WikiLeaks founder Assange faces new indictment in US
ZDNet Security: WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers
The Hill: Cybersecurity: Hillicon Valley: Justice Department announces superseding indictment against WikiLeaks’ Assange | Facebook ad boycott gains momentum | FBI sees spike in coronavirus-related cyber threats | Boston city government bans facial recognition technology
TASS: US files new indictment against WikiLeaks founder Assange
RT USA: New US indictment of Assange accuses WikiLeaks co-founder of ‘conspiring with Anonymous’ hackers… in FBI sting op?
TIME: WikiLeaks Founder Julian Assange Accused of Conspiring With LulzSec and Anonymous Hackers
Homeland Security Today: WikiLeaks Founder Charged in Superseding Indictment
Cyberscoop : Julian Assange accused of conspiring with Anonymous and LulzSec in superseding US indictment
New York Post: WikiLeaks founder Julian Assange charged with conspiring with ‘Anonymous’
Security News | Tech Times: ‘Anonymous’ and ‘LulzSec’ Hired by WikiLeaks Founder? Here’s What They Found
Fars News Agency: New US Indictment Alleges WikiLeaks’ Assange Conspired with Anonymous, Affiliated Hacker Groups Julian Assange indicted for recruiting hackers to obtain data for WikiLeaks
South China Morning Post: WikiLeaks founder Julian Assange travelled to Europe and Asia trying to recruit hackers, US government alleges
AP Top News: WikiLeaks founder Assange faces new indictment in US
Al Jazeera English: Julian Assange ‘conspired with Anonymous-affiliated hackers’
CyberSecurity Help s.r.o.: US authorities broaden charges against WikiLeaks founder Assange
NBC News Top Stories: WikiLeaks founder Assange faces new accusations of trying to recruit hackers at conferences
Shadowproof: US Government Expands Assange Indictment To Criminalize Assistance Provided To Edward Snowden
Evening Standard: US prosecutors file new claims that Wikileaks founder Julian Assange conspired with Anonymous and LulzSec hackers
iTnews – Security: US accuses Assange of recruiting LulzSec hackers
Courthouse News Service: Julian Assange Accused of Recruiting Hackers in New Indictmentt
AndroidRookies: US authorities file new charge sheet against Wikileaks founder Julian Assange
New York Post: WikiLeaks founder Julian Assange charged with conspiring with ‘Anonymous’ Indictment

@zackwhittaker: New: DOJ has filed a superseding indictment against Julian Assange with new allegations that he conspired with hackers affiliated with Anonymous.
@emptywheel: Still reading the Assange superseding, but this post from December holds up. The WikiLeaks Conspiracy: The Government Prepares to Argue WikiLeaks Has Always Been an Organized Crime Syndicate
@jeffstone500: The latest superseding indictment against Assange doesn’t include new charges but elaborates on existing counts. Mostly, it details an alleged conspiracy with LulzSec.
@alfredwkng: The Justice Department just announced a second superseding indictment against Julian Assange. Court documents here:
@BiellaColeman: Wow, new US gov indictment against #Assange is something else. They are really trying to nail him for conspiring with hackers like Anonymous, Lulzsec and "Teenager." 50 pages of Wikileaks/Anonymous and hacker history among other topics
@cfarivar: DOJ has just released a superseding indictment against Julian Assange, founder of @wikileaks.
@eTuckerAP: RT @etuckerAP: WASHINGTON (AP) _ The Justice Department says a federal grand jury has returned a new indictment against WikiLeaks founder J…
@r0wdy_: oooooooooo my spidey sense was tingling lets dig in

June 4, 2020
Christopher Bing / Reuters

Christopher Bing / Reuters  
Google Threat Analysis Group Head Says China-backed Hackers Have Targeted Biden Campaign, Iranian Hackers Have Targeted Trump’s Campaign Staff

State-backed hackers from China have targeted staffers working on the U.S. presidential campaign of Democrat Joe Biden, the head of Google’s Threat Analysis Group, Shane Huntley, said in a series of tweets. He also said Iranian hackers had recently targeted email accounts belonging to Donald Trump’s campaign staff. Huntley said there was “no sign of compromise” of either campaign. Google did not offer any details beyond tweets containing the statements sent out by Huntley.

Related:, CNET, ZDNet Security, Cyberscoop, TechCrunch, Boing Boing, CNET, Engadget, Washington Examiner, The Hill: Cybersecurity, POLITICO, Daily Maverick, France 24, Washington Post, SiliconANGLE, YEngadget, Futurism, Daily Maverick, Sydney Morning Herald, Wall Street Journal, News : NPR, SC Magazine, Digital Journal,, Miami Herald, NYT > Politics,, Threatpost

Tweets:@shanehuntley @shanehuntley @zackwhittaker @xeni @Joseph_Marks_ @jeneps Chinese and Iranian hackers targeted Biden and Trump campaigns, Google says
CNET: Google found Chinese and Iranian hackers attempting to hack Biden, Trump campaigns
ZDNet Security: Google: Chinese and Iranian hackers targeted Biden and Trump campaign staffers
Cyberscoop: Google: Biden and Trump campaigns targeted by separate spearphishing campaigns – CyberScoop
TechCrunch: Google says Iranian, Chinese hackers targeted Trump, Biden campaigns
Boing Boing: Google says China- and Iran-backed hackers hit Biden and Trump campaigns
CNET: Chinese, Iranian hackers tried to hack Biden, Trump campaigns, Google says
Engadget: Google says state-backed hackers are targeting Trump and Biden campaigns
Washington Examiner: Trump and Biden campaigns targeted by suspected Chinese and Iranian hackers
The Hill: Cybersecurity: Google: Chinese and Iranian hackers targeting Biden, Trump campaigns
POLITICO: Google: Chinese and Iranian hackers targeting Trump, Biden campaigns
Daily Maverick: Newsdeck: Chinese and Iranian hackers targeted Biden and Trump campaigns, Google says
France 24: Chinese, Iranian hackers targeted Biden and Trump campaigns, Google official says
Washington Post: China, Iran targeting presidential campaigns with hacking attempts, Google announces
SiliconANGLE: Trump and Biden campaigns targeted by state-sponsored hackers
Engadget: Google says state-backed hackers are targeting Trump and Biden campaigns
Futurism: Google: Foreign Hackers Targeting Both Trump and Biden Campaigns
Daily Maverick: Newsdeck: Chinese and Iranian hackers targeted Biden and Trump campaigns, Google says
Sydney Morning Herald: State-based hackers targeted Trump, Biden campaigns, says Google
Wall Street Journal: Presidential Campaigns Targeted by Suspected Chinese, Iranian Hackers
News : NPR: Chinese, Iranian Hackers Targeted Biden And Trump Campaigns, Google Says
SC Magazine: Chinese, Iranian phishing campaigns target Biden, Trump campaigns | SC Media
Digital Journal: Biden, Trump campaigns targeted by foreign hackers: Google Hackers from China and Iran trying to spy on Trump and Biden campaigns, Google says
Miami Herald: Hackers from China and Iran trying to spy on Trump and Biden campaigns, Google says
NYT > Politics: Chinese Hackers Target Email Accounts of Biden Campaign Staff, Google Says Trump and Biden campaigns targeted by suspected Chinese and Iranian hackers
Threatpost: Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

@shanehuntley: Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement.
@shanehuntley: If you are working on a campaign this election cycle, your personal accounts may be targeted. Use the best protection you can. Two factor authentication or Advanced Protection really can make a difference.
@zackwhittaker: Statement from the Biden camp.
@xeni: Google's threat analysis group (TAG) says China- and Iran-backed hackers have been attacking Biden and Trump campaigns. No evidence of compromise, @ShaneHuntley said earlier today.
@Joseph_Marks_: Nation state hackers targeting both Trump and Biden campaigns. A preview of a very messy election cycle to come.

June 11, 2020
Jay Greene / Washington Post

Jay Greene / Washington Post  
Amazon to Pause Law Enforcement Use of Its Facial Recognition System for One Year As Nation Rages Over Police Brutality

Amazon said it would ban police use of its facial recognition software Rekognition for one year amid national protest over police brutality toward and murder of African Americans and against the backdrop of overall concern about law enforcement surveillance of citizens. “We’ve advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge,” the company wrote in a brief blog post.

Related: TIME, The Telegraph, EFF, VICE News, Vox, Vox, Axios, Daily Dot, The Verge, Fortune, StateScoop, Protocol, InputPolitico, Amazon, TechCrunch, Forbes, NDTV, Channel News Asia, CNET, Daily Dot, RT USA, Silicon Republic, The Next Web, WIRED

Tweets:@geoffreyfowler @alfredwkng @davegershgorn @campuscodi @zackwhittaker @iblametom @iblametom

TIME: Amazon Bans Police Use of Its Face Recognition Technology for a Year
The Telegraph: Amazon bans sales of face recognition software to police for one year
EFF: Amazon Ring Must End Its Dangerous Partnerships With Police
VICE News: Amazon Puts 1-Year Ban on Police Use of its Biased Facial Recognition Software
Vox: Members of Congress want to know more about law enforcement’s surveillance of protesters
Vox: Amazon suspends police access to its facial recognition technology. But only for one year.
Axios: Amazon to halt police use of its facial recognition technology for one year
Daily Dot: Amazon says it’s halting police use of facial recognition for 1 year
The Verge: Amazon bans police from using its facial recognition technology for the next year
Fortune: Amazon bans police from using its facial-recognition technology for a year
StateScoop: Amazon suspends police use of facial recognition software for one year
Protocol: Amazon, facing pressure, won’t provide facial recognition to police for a year
Input: Amazon has placed a one-year moratorium on police use of Rekognition
Politico: Amazon to pause police use of its facial recognition tool amid wave of protests
Amazon: We are implementing a one-year moratorium on police use of Rekognition
TechCrunch: Amazon’s facial recognition moratorium has major loopholes
Forbes: Microsoft Urged To Follow Amazon And IBM: Stop Selling Facial Recognition To Cops After George Floyd’s Death
NDTV TikTok Faces Scrutiny From EU Watchdogs
Channel News Asia: EU watchdog sets up TikTok task force, warns on Clearview AI software
CNET: Clearview AI still backs facial recognition, despite competitors’ concerns
Daily Dot: Amazon says it’s halting police use of facial recognition for 1 year
RT USA: Amazon declares ‘moratorium’ on police use of its ‘racist’ facial recognition tech
Silicon Republic: Amazon puts one-year ban on use of facial recognition tech by police
The Next Web: Amazon is pausing its facial recognition program for police for a year — but that’s not enough
WIRED: Amazon Won’t Let Police Use Its Facial-Recognition Tech for One Year

@geoffreyfowler: Amazon bans police use of its facial-recognition tech for a year: This is not just about bias built into Rekonition, which hasn’t been independently vetted recently. It’s also about bias in how police use the tech, which is currently largely unregulated.
@alfredwkng: Breaking: Amazon is implementing a 1 year moratorium on police using facial recognition
@davegershgorn: "We’re implementing a one-year moratorium on police use of Amazon’s facial recognition technology. "
@campuscodi: Amazon bans police use of its facial recognition software for one year
@zackwhittaker: New: Amazon's says it'll put a moratorium on police using its controversial facial recognition tech for 1 year. But it says nothing about cutting off access to federal agencies or law enforcement. Amazon declined to comment.…
@iblametom: Huge update: Microsoft has declined to comment.
@iblametom: After Amazon and IBM moves, Microsoft is urged to ditch its gov face recognition business. Amazon Ring also told to give it a rest.

January 2, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Major Currency Exchange Travelex Suspends Some Services as It Grapples With an Unspecified Malware Attack

London-based major international foreign currency exchange Travelex has suspended some services after it was hit by malware on December 31. The company said it said it took systems offline “as a precautionary measure in order to protect data” and to stop the spread of the malware. Some of Travelex’s 1,500 stores are said to be processing customer requests by hand. The company said no customer data had been compromised “to date.” Although Travelex didn’t specify what kind of malware hit it, several high profile companies and state and local governments have been infected with ransomware that likewise forced them to take systems offline as “precautionary measures.”

Related: Mirror, BBC News, The Guardian, The Sun, Currencyscoop, Silicon UK, CISO Mag, Spyware news, Computer Business Review, Cyber Security Review, The State of Security, Enterprise Times, ET news, The Register – Security, ZDNet Security, BetaNews

Tweets:@zackwhittaker @zackwhittaker @zackwhittaker @wbm312 @malwarejake @TravelexUK

Mirror: Travelex forced to remove website after being hit by virus attack online
BBC News : Travelex site taken offline after cyber attack – BBC News
The Guardian: Travelex forced to take down website after cyber-attack
The Sun: Travelex foreign currency site DOWN after being attacked by major virus
Currencyscoop: Foreign Currency Service, Travelex Down After Cyberattack
Silicon UK: Travelex UK Website Still Down After Cyberattack
CISO Mag : London-based Forex Company Suffers Cyber-Attack – CISO MAG
Spyware news: Travelex currency exchange service taken down by malware attack
Computer Business Review: Three Days After Travelex “Virus” Attack, Systems Remain Down
Cyber Security Review: Travelex UK Website Still Down After Cyberattack
The State of Security: Travelex Temporarily Disabled All Its Systems Following a Malware Attack
Enterprise Times: Travelex ransomware attack hits travellers
ET news: Travelex takes its services offline after massive cyber attack
The Register – Security: This page is currency unavailable… Travelex scrubs UK homepage, kills services, knackers other sites amid ‘software virus’ infection
ZDNet Security: New Year’s Eve malware attack strikes Travelex, services still offline
BetaNews: Foreign currency specialist Travelex suspends some services after cyber attack

@zackwhittaker: Here's what we know: - Travelex was hit by malware on Dec. 31 Here's what we don't know: - What kind of malware it is - Was any data taken, or was data ransomed? - Why it took two days to disclose - If authorities have been informed per GDPR
@zackwhittaker: Small update: comms now tells me the UK's Financial Conduct Authority and Information Commissioner's Office has been informed.
@zackwhittaker: Also, this is a good rebuttal to why I asked why it took Travelex two days to go public. It disclosed with UK regulators within the 72-hour period, per GDPR — and it was a bank holiday! Fair play. I'm definitely curious what kind of malware it was, though.
@wbm312: Why did it take 2 days to disclose? 1. you have to get your ducks in a row with various stakeholders before going live with disclosure. 2. 2 days is great turn around especially since most of the company probably had Jan 1 off and left early on Dec. 31.
@malwarejake: We're in an amazing position in infosec when we are asking "why did it take two days to disclose" - because compared to a few years ago of "why didn't they disclose at all until the data leaked?!" we're looking pretty good.
@TravelexUK: Hi Izzy, we're currently having IT issues and are extremely sorry for any inconvenience. At this stage, we’re unable to perform transactions on the website or through the app. Sorry again for any inconvenience and we’re working around the clock to fix the issues.