ACLU sues Homeland Security over ‘stingray’ cell phone surveillance

11 Dec

One of the largest civil liberties groups in the U.S. is suing two Homeland Security agencies for failing to turn over documents it requested as part of a public records request about a controversial cell phone surveillance technology. The American Civil Liberties Union filed suit against Customs & Border Protection (CBP) and Immigration & Customs […]

Is your startup protected against insider threats?

10 Dec

We’ve talked about securing your startup, the need to understand phishing risks and how not to handle a data breach. But we haven’t yet discussed one of the more damaging threats that all businesses large and small face: the insider threat. The insider threat is exactly as it sounds — someone within your organization who has […]

Over 750,000 applications for US birth certificate copies exposed online

9 Dec

An online company that allows users to obtain a copy of their birth and death certificates from U.S. state governments has exposed a massive cache of applications — including their personal information. More than 752,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. (The bucket also had […]

RaySecur, a mailroom security startup, raises $3M in seed funding

8 Dec

Raysecur says at least ten times a day someone sends a suspicious package containing powder, liquid, or some other kind of hazard. The Boston, Mass.-based startup says its desktop-sized 3D real-time scanning technology, dubbed MailSecur, can intercept and detect threats in the mailroom before they ever make it onto the office floor. Mailroom security may […]

After criticism, Homeland Security drops plans to expand airport face recognition scans to US citizens

5 Dec

Homeland Security has confirmed it will not expand face recognition scans to U.S. citizens arriving and departing the country, days after it emerged the agency proposed making the scans for citizens mandatory. The department, whose responsibility is border protection and immigration checks, said in a government filing that it it wanted to “amend the regulations to […]

Justice Dept. charges Russian hacker behind the Dridex malware

5 Dec

U.S. prosecutors have brought computer hacking and fraud charges against a Russian citizen, Maksim Yakubets, who is accused of developing and distributing Dridex, a notorious banking malware used to allegedly steal more than $100 million from hundreds of banks over a multi-year operation. Per the unsealed 10-count indictment, Yakubets is accused of leading and overseeing […]

DHS wants to expand airport face recognition scans to include US citizens

2 Dec

Homeland Security wants to expand facial recognition checks for travelers arriving and departing the U.S. to also include citizens, which had previously been exempt from the mandatory checks. In a filing, the department has proposed that all travelers, and not just foreign nationals or visitors, will have to complete a facial recognition check before they […]

Tuft & Needle exposed thousands of customer shipping labels

2 Dec

Mattress and bedding giant Tuft & Needle left hundreds of thousands of FedEx shipping labels containing customer names, addresses, and phone numbers on an unprotected cloud server. More than 236,400 shipping labels were found on an Amazon Web Services (AWS) storage bucket without a password, allowing anyone who knew the easy-to-guess web address access to […]

A bug in Microsoft’s login system put users at risk of account hijacks

2 Dec

Microsoft has fixed a vulnerability in its login system, which security researchers say could have been used to trick unsuspecting victims into giving over complete access to their online accounts. The bug allowed attackers to quietly steal account tokens, which websites and apps use to grant users access to their accounts without having them to […]

Now even the FBI is warning about your smart TV’s security

1 Dec

If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things. Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected […]

Millions of SMS messages exposed in database security lapse

1 Dec

A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online. The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and […]

Mixcloud data breach exposes over 20 million user records

29 Nov

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web. The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to […]

Hulu is down, and nobody’s sure why

24 Nov

Hulu is currently down. We’re not sure why, and neither does Hulu. A stream of tweets complaining about the outage surfaced Sunday morning on the U.S. east coast, but it seems like a global outage. In response, Hulu’s Twitter support didn’t seem to know either, instead telling frustrated users that it’s looking into it. Fantastic. […]

Startups face the same phishing risks as big corporations

22 Nov

This week, we reported on TechCrunch how thousands of remote employees with health and workplace benefits through human resources giant TriNet received emails that looked like a near-perfect phishing attempt. One recipient was so skeptical, they shared the email with TechCrunch so we could verify its authenticity. The message checked every suspicious box. In fact, […]

Another US court says police cannot force suspects to turn over their passwords

22 Nov

The highest court in Pennsylvania has ruled that the state’s law enforcement cannot force suspects to turn over their password that would unlock their devices. The state’s Supreme Court said compelling a password from a suspect is a violation of the Fifth Amendment, a constitutional protection that protects suspects from self-incrimination. It’s not an surprising […]

Congress extends NSA call records collection powers to March

21 Nov

In passing a short-term funding bill to avoid a U.S. government shutdown, Congress has also extended the government’s legal powers allowing it to collect daily millions of Americans’ call records. Buried in a funding bill passed by the House this week was a clause that extended the government’s so-called Section 215 powers, which allow the […]

Jeanette Manfra, senior DHS cybersecurity official, to leave government

21 Nov

Jeanette Manfra, one of the most senior and experienced U.S. cybersecurity officials, is leaving government after more than a decade in the public sector. Manfra, who served as assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), will join the private sector in the New Year. CISA is Homeland Security’s dedicated civilian […]

Uber reports a sharp rise in government demands for user data

20 Nov

Uber says the number of legal demands for riders’ data made by U.S. and Canadian authorities has risen sharply in the past year. The ride-hailing company said the number of law enforcement demands for user data during 2018 are up 27% on the year earlier, according to its annual transparency report published Wednesday. Uber said […]

Macy’s said hackers stole customer credit cards — again

19 Nov

For the second time in as many years, Macy’s customers have been hit by a data breach involving countless numbers of credit cards. In a filing with the California attorney general, the retail giant said hackers siphoned off customers’ names, addresses, and phone numbers, but also credit card numbers, card verification codes, and expiration dates […]