Carly Page
Sr. Reporter, Cybersecurity
The Latest from Carly Page
Microsoft employees exposed internal passwords in security lapse
The tech giant secured a cloud storage server that was inadvertently spilling Microsoft internal data and credentials to the open internet.
Should we ban ransom payments?
As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. U.S. officials have long urged against paying ransom demands. But
NSA says it’s tracking Ivanti cyberattacks as hackers hit US defense sector
The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesp
Feds hack LockBit, LockBit springs back. Now what?
Days after it was knocked offline by a sweeping, years-in-the-making law enforcement operation, the notorious Russia-based LockBit ransomware group has returned to the dark web with a new leak site co
Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack
Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the v
Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they h
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit
Security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms
Six things we learned from the LockBit takedown
A sweeping law enforcement operation led by the U.K.’s National Crime Agency (NCA) this week took down LockBit, the notorious Russia-linked ransomware gang that for years has wreaked havoc on busine
Authorities disrupt operations of notorious LockBit ransomware gang
A coalition of international law enforcement agencies, including the U.S. Federal Bureau of Investigation and the U.K.’s National Crime Agency, have disrupted the operations of the notorious LockBit
Why are ransomware gangs making so much money?
For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, h
BMW security lapse exposed sensitive company information, researcher finds
A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security r
UK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customers
U.K.-based water utility Southern Water has confirmed that hackers stole the personal data of as many as 470,000 customers in a recent data breach. Southern Water, which provides water and wastewater
Researchers say attackers are mass-exploiting new Ivanti VPN flaw
Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security fla
China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’
China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.
HopSkipDrive says personal data of 155,000 drivers stolen in data breach
Student rideshare startup HopSkipDrive has confirmed a data breach involving the personal data of more than 155,000 drivers. Los Angeles-based HopSkipDrive offers an Uber-style rideshare service for c
Remote access giant AnyDesk resets passwords and revokes certificates after hack
Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a wee
FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach
Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a
US gives federal agencies 48 hours to disconnect flawed Ivanti VPN tech
U.S. cybersecurity agency CISA has ordered federal agencies to urgently disconnect Ivanti VPN appliances given the risk of malicious exploitation due to multiple software flaws. In an update to an eme
Okta lays off 400 employees — almost exactly a year after last staff cuts
U.S. access and identity management giant Okta has said it is laying off approximately 400 employees, or 7% of its global workforce. The layoffs come almost exactly a year to the day after Okta announ
US disrupts China-backed hacking operation amid warning of threat to American infrastructure
The U.S. government announced Wednesday it had disrupted a China-backed hacking operation targeting U.S. critical infrastructure, amid warnings that Beijing is preparing to cause “real-world har