infosec
FBI most-wanted Russian hacker reveals why he burned his passport
Russian hacker Mikhail Matveev, also known on the internet as “Wazawaka” and “Boriselcin,” is wanted by the FBI, which is offering a $10 million reward for information that could lead…
Russian zero-day seller offers $20M for hacking Android and iPhones
A company that acquires and sells zero-day exploits — flaws in software that are unknown to the affected developer — is now offering to pay researchers $20 million for hacking…
LogicMonitor customers hit by hackers, because of default passwords
Some customers of the network security company LogicMonitor have been hacked due to the use of default passwords, TechCrunch has learned. A LogicMonitor spokesperson confirmed to TechCrunch that there’s “a…
Researchers jailbreak a Tesla to get free in-car feature upgrades
A group of researchers said they have found a way to hack the hardware underpinning Tesla’s infotainment system, allowing them to get what normally would be paid upgrades — such…
Call of Duty worm malware used to hack players exploits years-old bug
For around a month, hackers have been infecting players of Call of Duty: Modern Warfare 2 with a self-spreading malware, also known as a worm. To do that, the hackers…
Hackers are infecting Call of Duty players with a self-spreading malware
Hackers are infecting players of an old Call of Duty game with a worm that spreads automatically in online lobbies, according to two analyses of the malware. On June 26,…
Google says Apple employee found a zero-day but did not report it
Google fixed a zero-day in Chrome that was found by an Apple employee, according to comments in the official bug report. While the bug itself is not newsworthy, the circumstances…
A Bangladeshi government website leaked the personal information of citizens, including full names, phone numbers, email addresses and national ID numbers. Viktor Markopoulos, a researcher who works for Bitcrack Cyber…
Researchers say they found spyware used in war for the first time
Security researchers and digital rights organizations believe the government of Azerbaijan used spyware produced by NSO Group to target a government worker, journalists, activists and the human rights ombudsperson in…
US government targets North Korea’s illicit IT workforce with new sanctions
The U.S. government announced new sanctions against North Korea related to its army of illicit IT workers that have fraudulently gained employment to finance the regime’s weapons of mass destruction…
A consulting firm founded and run by two well-known cybersecurity veterans laid off six people last week, TechCrunch has learned. Krebs Stamos Group was founded in 2021 by former Facebook…
Bishop Fox lays off employees days after throwing conference party
Cybersecurity firm Bishop Fox laid off around 50 employees — or 13% of its workforce — on Tuesday, the company told TechCrunch. The layoffs come just a few days after…
Featured Article
Hackers claim vast access to Western Digital systems
The hackers who breached data storage giant Western Digital claim to have stolen around 10 terabytes of data from the company, including reams of customer information. The extortionists are pushing the company to negotiate a ransom — of a “minimum 8 figures” — in exchange for not publishing the stolen data. On April 3, Western…
Featured Article
How the FBI caught the BreachForums admin
On Friday, the U.S. Justice Department announced that the now-arrested alleged administrator of the infamous hacking forum BreachForums facilitated the sale and purchase of private information that belonged to “millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies.” In a statement, prosecutors confirmed the arrest of Conor Fitzpatrick, 20,…
Featured Article
Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41
Kelly Lum, better known in hacking circles as Aloria, passed away on Sunday. Aloria was a veteran of the cybersecurity community, especially the one in New York, her home for many years. The Twitter account of the New York City security conference SummerCon announced her death on Monday, prompting a seemingly endless list of people…
Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned. The breach exposed reams of sensitive personal data for…
Activision did not notify employees of data breach for months
On December 4, hackers successfully phished an employee at the games giant Activision, gaining access to some internal employee and game data. This data breach was not disclosed until last…
Unknown hackers stole internal data from the games giant Activision. On Sunday, the cybersecurity and malware research group vx-underground published screenshots of data purportedly stolen from Activision, including the schedule…
Featured Article
Digital rights defenders infiltrate alleged mercenary hacking group
Cooper Quintin has been tracking the activities of a cyber mercenary group called Dark Caracal for years. On July 28, 2022, he said he discovered traces of a new ongoing hacking campaign by the group in the Dominican Republic and Venezuela. While he was analyzing the domains that the hackers were using as command and…
A bug in a new centralized system that Meta created for users to manage their logins for Facebook and Instagram could have allowed malicious hackers to switch off an account’s…
Behavioral cybersecurity platform CybSafe raises $28M Series B led by Evolution Equity Partners
Last year, U.K. cybersecurity startup CybSafe, a “behavioral security” platform, raised a $7.9 million Series A. This SaaS product with a per-user-based, subscription licensing model has a “behavior-led” platform that…
“Zero trust” is certainly a buzzword that gets freely thrown around in cybersecurity. But what does it actually mean?
Jeff Bezos’ phone was hacked. And if the richest person in the world is vulnerable, chances are good that your startup could get hacked, too. The good news is that,…
Featured Article
How I made my own WireGuard VPN server
Some of you may have heard about VPN protocols that let you establish a connection between your device and a server, such as OpenVPN and IPsec. But there’s a brand new shiny protocol that promises to be faster and more secure at the same time — WireGuard. But WTF is a VPN anyway? A VPN…
CryptoMove protects sensitive data by fragmenting it and moving it around
CryptoMove thinks that data encryption is not enough. If you want to protect your data against hackers, the startup is using a new strategy by fragmenting your data, encrypting it…
Didi Chuxing makes information security push with new U.S. research lab and hires
Didi Chuxing, China’s largest ride-hailing company, has hired two distinguished security experts to lead a new U.S.-based research center as part of a major push to increase its data security…
iMessage encryption isn’t perfect as researchers find a security hole
Encryption is a cat-and-mouse game, and Johns Hopkins University researchers have found a great way to prove it. In a new research that they shared with the Washington Post, the…