Odds and Ends 

Axonius, a cybersecurity asset management startup, raises $20M in Series B

Cybersecurity asset management startup Axonius has raised $20 million in its second round of funding this year. Venture capital firm OpenView led the Series B, joining existing investors in bringing $37 million to date following the startup’s $13 million Series A in February. The security startup, founded in 2017, helps companies keep track of their enterprise assets, such as how many clouds, computers and devices are on their network. The logic goes that if you know what you have — including devices plugged into your network by employees or guests…

Read More
Odds and Ends 

Police hijack a botnet and remotely kill 850,000 malware infections

In a rare feat, French police have hijacked and neutralized a massive cryptocurrency mining botnet controlling close to a million infected computers. The notorious Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. Although the malware was used to generate money, the malware operators easily could have run other malicious code, like spyware or ransomware. The malware also has wormable properties, allowing it to spread from computer to computer. Since its first appearance, the cryptocurrency mining malware has spread across the world, including the…

Read More
Headlines 

‘Exodus’ Spyware Posed as a Legit iOS App

Private companies around the world have evolved a gray industry supplying digital surveillance and hacking tools to governments and local law enforcement. As the once little-known practice has grown, so too has the resulting malware. Researchers have now found that one of these spyware products, which had previously been found on the Google Play Store, also targeted iOS. At the Kaspersky Security Analyst Summit in Singapore this week, researchers from the mobile security firm Lookout will present findings on the iOS version of the spyware known as Exodus. The nonprofit…

Read More
Headlines 

Huawei’s Problem Isn’t Chinese Backdoors. It’s Buggy Software

A report on Thursday from a British government oversight group found that Chinese telecom-equipment maker Huawei has basic but deeply problematic flaws in its product code that create security risks. The shortcomings, many of which Huawei had previously promised to improve, stem from issues with its software development processes, according to the report. The findings come amid a concerted Trump administration effort to ban Huawei products around the world (particularly in 5G wireless networks), because of concerns that Huawei devices are controlled by the Chinese government or that Huawei would…

Read More
Headlines 

Hack Brief: FEMA Leaked the Data of 2.3 Million Disaster Survivors

After being displaced by a natural disaster, survivors have a lot of pressing concerns. They may be dealing with health impacts, displacement, loss of property, and even grieving the deaths of loved ones. Through all of this, though, one worry that is probably not in their minds is the question of whether their personal data is safe with the Federal Emergency Management Agency. Unfortunately, what should be a given is apparently another burden to add to an already painfully long list. On Friday, FEMA publicly acknowledged a Homeland Security Department…

Read More
Headlines 

Your Facebook Password Isnt Safe. Neither Is Your Android Phone

Tech news you can use, in two minutes or less: Change your Facebook password Facebook acknowledged a bug that caused hundreds of millions of user passwords (dating back to 2012) for both Facebook and Instagram to be stored as readable text internally. This basically means that thousands of Facebook employees could have searched for and found them. Facebook says they weren't accessible outside of the company, and that there's no evidence employees did in fact abuse or improperly access them. We say, change it anyway. Airbnb may be beloved by…

Read More
Headlines 

Facebook Stored Millions of Passwords in PlaintextChange Yours Now

By now, it’s difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description. It just got even harder: On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. This means that thousands of Facebook employees could have searched for and found them. Krebs reports that the passwords stretched back to those created in 2012.…

Read More
Headlines 

An Android Vulnerability Went Unfixed for Over Five Years

With more than 2 billion users, Android has a staggering number of devices to protect. But a "high-severity" bug that went undetected for more than five years—that attackers could exploit to spy on a user and gain access to their accounts—serves as a reminder that Android's impressive open source reach also creates challenges for defending a decentralized ecosystem. Discovered by Sergey Toshin, a mobile security researcher at the threat detection firm Positive Technologies, the bug originated in Chromium, the open-source project that underlies Chrome and many other browsers. As a…

Read More
Headlines 

Here’s What It’s Like to Accidentally Expose the Data of 230M People

Steve Hardigree hadn't even gotten to the office yet and his day was already a waking nightmare. As he Googled his company's name that morning last June, Hardigree found a growing list of headlines pointing to the 10-person marketing firm he'd founded three years earlier, Exactis, as the source of a leak of the personal records of nearly everyone in the United States. A friend in an office adjacent to the one he rented as the company's headquarters in Palm Coast, Florida, had warned him that TV news reporters were…

Read More
Headlines 

Most Android Antivirus Apps Are Garbage

The world of antivirus is already fraught. You’re basically inviting all-seeing, all-knowing software onto your device, trusting that it’ll keep the bad guys out and not abuse its own access in the process. On Android, that problem is compounded by dozens of apps that aren’t just ineffective—they’re outright phony. That’s the finding of newly published research from AV-Comparatives, a European company that, as its name suggests, tests antivirus products. In a survey of 250 antivirus apps found in the Google Play Store, only 80 demonstrated basic competence at their jobs…

Read More
Headlines 

New Film Shows How Bellingcat Cracks the Web’s Toughest Cases

Aric Toler’s face is illuminated only by the glow of the video playing on his laptop. It’s dashcam footage, supposedly captured by a driver in the town of Makiivka in eastern Ukraine, showing a Russian military convoy on its way to shoot down Malaysia Airlines flight 17 on July 17, 2014. At least, that’s the theory. Toler just has to prove it. To the untrained eye, the video is awfully dull. But to Toler, who’s part of a global team of digital detectives known as Bellingcat, it’s a goldmine. He…

Read More
Odds and Ends 

Today in brighter crypto news: SEC says tokens are securities

Crypto news got a little boost last week after a dark month of crashes, stablecoins and birthdays. The SEC ruled that two ICO issuers, CarrierEQ Inc. and Paragon Coin Inc., were in fact selling securities instead of so-called utility tokens. “Both companies have agreed to return funds to harmed investors, register the tokens as securities, file periodic reports with the Commission, and pay penalties,” wrote Pamela Sawhney of the SEC. “These are the Commission’s first cases imposing civil penalties solely for ICO securities offering registration violations.” From the release: Airfox,…

Read More
Headlines 

Trump’s New Executive Order Slaps a Bandaid on Election Interference Problems

On Wednesday, President Donald Trump signed an executive order that would automatically impose sanctions against any person or group attempting to interfere in United States elections. "The proliferation of digital devices and internet-based communications has created significant vulnerabilities and magnified the scope and intensity of the threat of foreign interference [to elections]," Trump writes in the order. "I hereby declare a national emergency to deal with this threat." The order covers attacks not just on vote integrity and election infrastructure, but also disinformation campaigns, information leaking, propaganda, and other types…

Read More
Headlines 

Phone Numbers Were Never Meant as ID. Now Were All At Risk

On Thursday, T-Mobile confirmed that some of its customer data was breached in an attack the company discovered on Monday. It's a snappy disclosure timeframe, and the carrier said that no financial data or Social Security numbers were compromised in the breach. A relief, right? The problem is the customer data that was potentially exposed: name, billing zip code, email address, some hashed passwords, account number, account type, and phone number. Pay close attention to that last one. The cumulative danger of all of these data points becoming exposed—not just…

Read More