ICANN warns of “ongoing and significant” attacks against internet’s DNS infrastructure


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




The internet’s address book keeper has warned of an “ongoing and significant risk” to key parts of the domain name system infrastructure, following months of increased attacks.

The Internet Corporation for Assigned Names and Numbers, or ICANN, issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of “multifaceted attacks utilizing different methodologies.”

It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.

In January, security company FireEye revealed that hackers likely associated with Iran were hijacking DNS records on a massive scale, by rerouting users from a legitimate web address to a malicious server to steal passwords. This so-called “DNSpionage” campaign, dubbed by Cisco’s Talos intelligence team, was targeting governments in Lebanon and the United Arab Emirates. Homeland Security’s newly founded Cybersecurity Infrastructure

Continue reading “ICANN warns of “ongoing and significant” attacks against internet’s DNS infrastructure”

When surveillance meets incompetence


This post is by Devin Coldewey from TechCrunch


Click here to view on the original site: Original Post




Last week brought an extraordinary demonstration of the dangers of operating a surveillance state — especially a shabby one, as China’s apparently is. An unsecured database exposed millions of records of Chinese Muslims being tracked via facial recognition — an ugly trifecta of prejudice, bureaucracy, and incompetence.

The security lapse was discovered by Victor Gevers at the GDI Foundation, a security organization working in the public’s interest. Using the infamous but useful Shodan search engine, he found a MongoDB instance owned by the Chinese company SenseNets that stored an ever-increasing number of data points from a facial recognition system apparently at least partially operated by the Chinese government.

Many of the targets of this system were Uyghur Muslims, an ethnic and religious minority in China that the country has persecuted in what it considers secrecy, isolating them in remote provinces in what amount to religious gulags.

This database was

🤗

Continue reading “When surveillance meets incompetence”

Palo Alto Networks to acquire Demisto for $560M


This post is by Ron Miller from TechCrunch


Click here to view on the original site: Original Post




Palo Alto Networks announced today that it intends to acquire security startup, Demisto, for $560 million.

The company sees a tool that can help enhance the Palo Alto security portfolio by adding a higher level of automation. “The addition of Demisto’s orchestration and automation technologies will accelerate Palo Alto Networks Application Framework strategy and serve as a critical step forward in the company’s aim to deliver immediate threat prevention and response for security teams,” the company explained in a statement.

Palo Alto also hopes that Demisto’s automated solutions will help accelerate its AI and machine learning capabilities to bring intelligent automation across the platform. The company brings more than technology, of course. It also brings its 150 customers to Palo Alto, a quarter of which are in the Fortune 500.

Prior to being acquired, Demisto had raised $69 million from Accel, Greylock, Stewart McClure and others. We covered the

Continue reading “Palo Alto Networks to acquire Demisto for $560M”

Senseon raises $6.4M to tackle cybersecurity threats with an AI ‘triangulation’ approach


This post is by Ingrid Lunden from TechCrunch


Click here to view on the original site: Original Post




Darktrace helped pave the way for using artificial intelligence to combat malicious hacking and enterprise security breaches. Now a new UK startup founded by an ex-Darktrace executive has raised some funding to take the use of AI in cybersecurity to the next level.

Senseon, which has pioneered a new model that it calls “AI triangulation” — simultaneously applying artificial intelligence algorithms to oversee, monitor and defend an organization’s network appliances, endpoints, and ‘investigator bots’ covering multiple microservices — has raised $6.4 million in seed funding.

David Atkinson — the startup’s CEO and founder who had previously been the commercial director for Darktrace and before that helped pioneer new cybersecurity techniques as an operative at the UK’s Ministry of Defense — said that Senseon will use the funding to continue to expand its business both in Europe and the US. 

The deal was co-led by MMC Ventures and Mark

Continue reading “Senseon raises $6.4M to tackle cybersecurity threats with an AI ‘triangulation’ approach”

India’s state gas company leaks millions of Aadhaar numbers


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Another security lapse has exposed millions of Aadhaar numbers.

This time, India’s state-owned gas company Indane left exposed a part of its website for dealers and distributors, even though it’s only supposed to be accessible with a valid username and password. But the part of the site was indexed in Google, allowing anyone to bypass the login page altogether and gain unfettered access to the dealer database.

The data was found by a security researcher who asked to remain anonymous for fear of retribution from the Indian authorities. Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), is known to quickly dismiss reports of data breaches or exposures, calling critical news articles “fake news,” and threatening legal action and filing police complaints against journalists.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson and has prior experience investigating Aadhaar exposures, investigated the exposure and provided

Continue reading “India’s state gas company leaks millions of Aadhaar numbers”

VPN protocol WireGuard now has an official macOS app


This post is by Romain Dillet from TechCrunch


Click here to view on the original site: Original Post




WireGuard could be the most promising VPN protocol in years. It lets you establish a connection with a VPN server that is supposed to be faster, more secure and more flexible at the same time. The developers launched a brand new app in the Mac App Store today.

WireGuard isn’t a VPN service, it’s a VPN protocol, just like OpenVPN or IPsec. The best thing about it is that it can maintain a VPN connection even if you change your Wi-Fi network, plug in an Ethernet cable or your laptop goes to sleep.

But if you want to use WireGuard for your VPN connection you need to have a VPN server that supports it, and a device that supports connecting to it. You can already download the WireGuard app on Android and iOS, but today’s release is all about macOS.

The team behind WireGuard has been working

Continue reading “VPN protocol WireGuard now has an official macOS app”

Trick Your Friends Into Installing Smartphone Updates


This post is by David Murphy from Lifehacker


Click here to view on the original site: Original Post




Even though Apple can sometimes mess up iOS updates pretty good, the updates that fix these issues are important. So much so, that you really should install them the day they come out. However, most people probably aren’t scanning the web, nor their Settings app, to see when a new iOS update is available.

Read more…

Daily Crunch: Stop repeating this privacy lie


This post is by Anthony Ha from TechCrunch


Click here to view on the original site: Original Post




The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Stop saying, ‘We take your privacy and security seriously’

Zack Whittaker says that in his years covering cybersecurity, there’s one variation of the same lie that floats above the rest: “We take your privacy and security seriously.”

The truth is, most companies don’t care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen. And when they use this line, it shows that they don’t know what to do next.

2. SeaBubbles shows off its ‘flying’ all-electric boat in Miami

We were promised flying cars but, as it turns out, “flying” boats were easier to build. And by “flying,” I mean “raising the

Jeff Bezos - WIRED25 Summit: WIRED Celebrates 25th Anniversary With Tech Icons Of The Past & Future

Continue reading “Daily Crunch: Stop repeating this privacy lie”

Stop saying, “We take your privacy and security seriously”


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




In my years covering cybersecurity, there’s one variation of the same lie that floats above the rest. “We take your privacy and security seriously.”

You might have heard the phrase here and there. It’s a common trope used by companies in the wake of a data breach — either in a “mea culpa” email to their customers or a statement on their website to tell you that they care about your data, even though in the next sentence they all too often admit to misusing or losing it.

The truth is, most companies don’t care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.

I’ve never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you

Continue reading “Stop saying, “We take your privacy and security seriously””

UK parliament calls for antitrust, data abuse probe of Facebook


This post is by Natasha Lomas from TechCrunch


Click here to view on the original site: Original Post




A final report by a British parliamentary committee which spent months last year investigating online political disinformation makes very uncomfortable reading for Facebook — with the company singled out for “disingenuous” and “bad faith” responses to democratic concerns about the misuse of people’s data.

In the report, published today, the committee has also called for Facebook’s use of user data to be investigated by the UK’s data watchdog.

In an evidence session to the committee late last year, the Information Commissioner’s Office (ICO) suggested Facebook needs to change its business model — warning the company risks burning user trust for good.

Last summer the ICO also called for an ethical pause of social media ads for election campaigning, warning of the risk of developing “a system of voter surveillance by default”.

Interrogating the distribution of ‘fake news’

The UK parliamentary enquiry looked into both Facebook’s own use of personal

Continue reading “UK parliament calls for antitrust, data abuse probe of Facebook”

OpenAI built a text generator so good, it’s considered too dangerous to release


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




A storm is brewing over a new language model, built by non-profit artificial intelligence research company OpenAI, which it says is so good at generating convincing, well-written text that it’s worried about potential abuse.

That’s angered some in the community, who have accused the company of reneging on a promise not to close off its research.

OpenAI said its new natural language model, GPT-2, was trained to predict the next word in a sample of 40 gigabytes of internet text. The end result was the system generating text that “adapts to the style and content of the conditioning text,” allowing the user to “generate realistic and coherent continuations about a topic of their choosing.” The model is a vast improvement on the first version by producing longer text with greater coherence.

But with every good application of the system, such as bots capable of better dialog and better speech

Continue reading “OpenAI built a text generator so good, it’s considered too dangerous to release”

ClassPass, Gfycat, StreetEasy hit in latest round of mass site hacks


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




In just a week, a single seller put close to 750 million records from 24 hacked sites up for sale. Now, the hacker has struck again.

The hacker, whose identity isn’t known, began listing user data from several major websites — including MyFitnessPal, 500px and Coffee Meets Bagel, and more recently Houzz and Roll20 — earlier this week. This weekend, the hacker added a third round of data breaches — another eight sites, amounting to another 91 million user records — to their dark web marketplace.

To date, the hacker has revealed breaches at 30 companies, totaling about 841 million records.

According to the latest listings, the sites include 20 million accounts from Legendas.tv, OneBip, Storybird, and Jobandtalent, as well as eight million accounts at Gfycat, 1.5 million ClassPass accounts, 60 million Pizap accounts, and another one million StreetEasy property searching accounts.

The hacker is selling

Continue reading “ClassPass, Gfycat, StreetEasy hit in latest round of mass site hacks”

Marriott now lets you check if you’re a victim of the Starwood hack


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack.

The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement last month from the company confirming that five million unencrypted passport numbers were stolen in the data breach last year.

The checker, hosted by security firm OneTrust, will ask for some personal information, like your name, email address, as well as the last six-digits of your passport number.

Marriott says data on “fewer than 383 million unique guests” was stolen in the data breach, revealed in September, including guest names, postal addresses, phone numbers, dates of birth, genders, email addresses and reservation information. Later it transpired that more than 20 million encrypted passport

Continue reading “Marriott now lets you check if you’re a victim of the Starwood hack”

Even years later, Twitter doesn’t delete your direct messages


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




When does “delete” really mean delete? Not always or even at all if you’re Twitter .

Twitter retains direct messages for years, including messages you and others have deleted, but also data sent to and from accounts that have been deactivated and suspended, according to security researcher Karan Saini.

Saini found years-old messages found in a file from an archive of his data obtained through the website from accounts that were no longer on Twitter. He also filed a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient — though, the bug wasn’t able to retrieve messages from suspended accounts.

Saini told TechCrunch that he had “concerns” that the data was retained by Twitter for so long.

Direct messages once let users to “unsend”

Continue reading “Even years later, Twitter doesn’t delete your direct messages”

Hacker who stole 620 million records strikes again, stealing 127 million more


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned.

The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites — some that had already been disclosed, like more than 151 million records from MyFitnessPal and 25 million records from Animoto. But several other hacked sites on the marketplace listing didn’t know or hadn’t disclosed yet — such as 500px and Coffee Meets Bagel.

The Register, which first reported the story, said the data included names, email addresses and scrambled passwords, and in some cases other login and account data — though no financial data was included.

Now the same hacker has eight additional marketplace entries after their original listings were pulled offline, including:

The infosec reckoning has arrived


This post is by Danny Crichton from TechCrunch


Click here to view on the original site: Original Post




2018 represented a record year for venture capital investment into information security, but this isn’t a positive trend – and it definitely doesn’t mean we’re more secure.

An unwarranted percentage of solutions being funded are not solving the problems defenders face the most. And with high numbers of lackluster information security startups failing to meet the needs of their customers, you might expect downward pressure on valuations. 

Instead, 2018 also saw record valuations, both because venture capital firms benefit from them, as will be explained in this article, and because so many investors are unfamiliar with the information security space and simply don’t know better. Defenders are beginning to be fed up, and there has to be a reckoning if we want progress in securing our digital systems.

In March 2019, tens of thousands of security professionals will descend upon San Francisco, making their way through a labyrinth of

Continue reading “The infosec reckoning has arrived”

Reddit says government data requests more than doubled in 2018


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Reddit has said the number of government requests for user data has more than doubled in 2018 than on the previous year.

The news and content sharing site said in its latest transparency report, posted Wednesday, it received a 752 requests from governments during the year, up from 310 requests a year earlier.

Broken down, that’s 171 requests to preserve account data — up from 79 requests in 2017; and 581 requests to produce user data — up from 231 requests.

Reddit said it complied with 77 percent of requests to turn over user data, and 91 percent of preservation requests. However, the company says it “only processes preservation requests” that originate in the U.S.

For the year, the company said it was asked by the U.S. government to remove “an image and a large volume of comments made underneath it for potential breach of a federal

Continue reading “Reddit says government data requests more than doubled in 2018”

DOJ charges former US Air Force officer with spying for Iran


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Prosecutors have brought charges against a former Air Force officer for allegedly spying for Iran, the Justice Department confirmed Wednesday.

Monica Witt, a former Air Force counter-intelligence officer, is accused of defecting to Iran in 2013, after leaving the military in 2008 after more than a decade’s service and later working as a defense contractor.

Prosecutors said the officer, who according to the unsealed indictment had the highest level of top secret clearance, disclosed the details of a highly classified intelligence-gathering program that involved an intelligence operation against “a specific target.” Witt is also accused of disclosing the true identity of a U.S. intelligence officer to the Iranian Revolutionary Guard, which conducts the country’s cyber-operation, after she stopped working for the U.S. government.

Witt, a former Texas resident, first traveled to Iran in 2012 to attend a conference, which is where prosecutors allege she was recruited.

FBI executive assistant director

Continue reading “DOJ charges former US Air Force officer with spying for Iran”

Elevate Security announces $8M Series A to alter employee security behavior


This post is by Ron Miller from TechCrunch


Click here to view on the original site: Original Post




It’s well understood that many network breaches begin with phishing emails designed to trick users into giving hackers their credentials. They don’t even have to work to find a vulnerability, they can just waltz in the front door. Elevate Security, a San Francisco startup, wants to change that by helping employees understand phishing attacks better using behavioral techniques. Today, the company announced an $8 million Series A round to build on this idea.

The investment was led by Defy Partners. Existing investor Costanoa Ventures also participated. Today’s round brings the total raised to $10 million, according to the company.

What has the company created to warrant this investment? “We have a solution that motivates, measures and rewards employees to change their security habits, while at the same time giving security teams unprecedented visibility into the security habits and actions of their employees,” co-founder Masha Sedova told TechCrunch.

Specifically, the

Continue reading “Elevate Security announces $8M Series A to alter employee security behavior”

A new Congress means a new opportunity for consumer privacy protections


This post is by Jonathan Shieber from TechCrunch


Click here to view on the original site: Original Post




The 2018 mid-term elections, for the first time in U.S. history, resulted in a Congress that has the look and feel of America…our very diverse America. There are now 102 women serving in Congress and a record number of Members representing all Americans. Our Members now represent the African American, Hispanic, LGBTQ, and interfaith communities.

Thirteen new members are under the age of 35. This evolution of the legislative branch provides an opportunity to represent the best interests of all consumers. In our digital world, what is it that consumers, from each and every community represented by this new diverse Congress, have asked for? Online privacy protections.

Continue reading “A new Congress means a new opportunity for consumer privacy protections”