zackwhittaker

zackwhittaker, 8 months ago to random

Hotel and casino giant MGM Resorts is blaming a "cybersecurity issue" on a massive outage affecting multiple properties. Its websites are down, guest access and room keys are affected. Even ATMs and slot machines are down.

More by @carlypage: https://techcrunch.com/2023/09/11/mgm-resorts-cybersecurity-issue-outage/

zackwhittaker, 8 months ago to random

Last week, we debuted the Security Stage at TechCrunch Disrupt. Extremely grateful to the security experts, internet defenders, hackers, researchers and founders who joined us to discuss encryption, commercial spyware, ransomware, smart device security, learning from cyber incidents, and more.

Here are some snippets from the day.

First up, Window Snyder spoke with TechCrunch Found podcast hosts Dominic-Madori Davis and Rebecca Szkutak about founding her company, Thistle Technologies.

Window Snyder: I'd say there's a lot of trust involved. We're all very senior folks. There's a lot of autonomy and there has to be because we're a really small team, that making sure that folks have what they need in order to be successful, and then letting them be successful. Like, I'm trying to remove obstacles for them. I'm trying to give them the resources that they need. But they're all very senior folks, so they operate with a lot of autonomy. And and I trust that they are able to do what they need to do that they have ownership over certain components, that they make technical decisions within their within their sphere and you know, it's working well for us. I feel like we've got an amazing team. Some of the folks that that I get to work with I'm just so amazed that they decided to get in the boat with me on this journey. And it's it's been an amazing experience. [...] I would describe this as respect. We don't send mail after work hours. We don't have meetings late or early. Someone says I need this time blocked out because I do pick up we respect it. And I think I've been in especially startups where it's been kind of grind all the time, like, you know, 50, 60, or 70 hours. It's it's soul crushing and it's not sustainable. And I know that this is a long road. So making sure that I was building a company that was going to be able to sustain the work that we needed meant that we were creating a culture where we we we weekends or weekends and evenings are not for work.

zackwhittaker, 3 months ago to random

Just my totally normal cat sleeping like he's been violently assassinated. Why, why sleep like this?

zackwhittaker, 4 months ago to random

SEC spokesperson Cory Jarvis told me by email:

"The SEC's @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff."

Here is the false tweet that was posted.

zackwhittaker, 1 month ago to random

Wow, Elon Musk must be desperate if he's re-adding blue checks to people like me who have long left the hellsite formerly known as Twitter. No, I'm not going back. Instead, I will continue my lifelong streak of not giving Musk a single penny of my money.

zackwhittaker, 2 months ago to random

New, by me: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts.

The SMS routing company's database was connected to the internet with no password.

More: https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/

zackwhittaker, 7 months ago to random

23andMe's security incident involving the theft of users' genetic information was likely caused by credential stuffing.

Some folks have said that users share some responsibility by not using 2FA on their accounts. I think the company with hundreds of millions in revenue has more responsibility (and far greater resources) to protect users' data than the users themselves.

zackwhittaker, 1 year ago to random

New: @lorenzofb spoke with one of the hackers behind the Western Digital hack.

As proof, the hacker provided a file signed with Western Digital's code-signing certificate (below), non-public phone numbers of company executives, and a screenshot of a video call featuring the company's CISO.

More here: https://techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/

zackwhittaker, 8 months ago to random

Here's another photo of how we used a Flipper Zero to broadcast spammy Bluetooth signals spoofing an AirTag to nearby devices. Using custom code from a researcher, we compiled the Flipper Zero firmware, and switched on Bluetooth to broadcast the signal.

The researcher said these popups can be used to bombard and flood nearby iPhones with junk and spoof popups, and potentially over a wide area.

More: https://techcrunch.com/2023/09/05/flipper-zero-hacking-iphone-flood-popups/

zackwhittaker, 5 months ago to random

New, by me: Hackers stole the personal information of more than 14 million Mr. Cooper customers, the mortgage and loan giant has confirmed.

Mr. Cooper previously said that it believed that customer banking data was unaffected. But now the company says hackers stole customer names, addresses, Social Security numbers, and bank account numbers.

More: https://techcrunch.com/2023/12/18/mr-cooper-hackers-stole-personal-data-on-14-million-customers/

zackwhittaker, 1 month ago (edited 1 month ago) to random

NEW, by me: Hackers are threatening to publish a confidential database containing millions of records used by companies for screening prospective customers for links to financial crimes.

The financially motivated hacking group says it took 5.3 million records from the World-Check database.

TechCrunch was provided a sample of the records. The London Stock Exchange Group, which maintains the database, confirmed a third-party breach.

More: https://techcrunch.com/2024/04/18/world-check-database-leaked-sanctions-financial-crimes-watchlist/

zackwhittaker, 5 months ago to random

New, by @carlypage: Comcast says hackers stole data of close to 36 million Xfinity customers.

Hackers exploited a known vulnerability called CitrixBleed, found in Citrix devices run by big corporations, but Comcast hadn't patched its own systems.

Comcast says customer names, usernames, dates of birth, hashed passwords, and some partial Social Security numbers were exposed.

More: https://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/

zackwhittaker, 4 months ago to random

Don't forget to update your keyboards, folks.

zackwhittaker, 2 months ago (edited 2 months ago) to random

Watching founders and investors who pay $8/month for blue checks on X complain that they can't read a deeply reported story by one of the finest tech reporters because it's behind a paywall that costs $7/month is really fucking gross, and sadly just the latest example why media is crumbling.

zackwhittaker, 1 month ago (edited 1 month ago) to random

UPDATED, by me: U.S. health conglomerate Kaiser disclosed a data breach affecting 13.4 million members.

Kaiser confirmed it was sharing patients’ information with third-party advertisers, including Google, Microsoft, and X (formerly Twitter).

In a statement, Kaiser blamed "certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”

More: https://techcrunch.com/2024/04/25/kaiser-permanente-health-plan-millions-data-breach

zackwhittaker, 8 days ago (edited 8 days ago) to random

New, by me: Two university students have uncovered a security bug that lets millions do their laundry for free.

CSC ServiceWorks provides internet-connected laundry machines to thousands of residential homes and universities around the U.S., Canada and Europe.

The students found that any security checks are done by the app on the user’s device and automatically trusted by CSC’s servers,

But CSC still hasn't fixed the isue — or acknowledged their findings.

More: https://techcrunch.com/2024/05/17/csc-serviceworks-free-laundry-million-machines

zackwhittaker, 3 months ago to random

Absolutely gutted to see talented journalists laid off from TechCrunch today. I deeply appreciate all the folks who reached out to me; the security desk is unaffected. But my friends are incredible editorial minds and helped to build a brilliant place on the internet, and you should hire them. (1/4)

zackwhittaker, 2 months ago to random

I have to admit, this CAPTCHA stumped me.

zackwhittaker, 10 months ago to random

Looks like there's a new WebKit zero-day under active exploitation targeting iOS, iPadOS, and macOS. Apple rolled out a Rapid Security Response patch today.

CVE: https://support.apple.com/en-us/HT213823

I also wrote about these real-time rapid security updates last year, in case you want a backgrounder: https://techcrunch.com/2022/06/07/apple-introduces-real-time-security-updates-for-ios-and-macos/

zackwhittaker, 29 days ago to random

Once in awhile, and it's becoming more frequent, someone emails me to ask why some very bad privacy practice — like sharing someone's sensitive search terms on a medical provider's website with third-party advertisers — is allowed to happen or isn't illegal.

Elect better lawmakers, and demand better from them. That's it. Nothing will change until lawmakers start serving the interests of their electorate and not the big tech giants that fund their political campaigns.

zackwhittaker, 2 months ago to random

My haiku on the proposed TikTok ban.

TikTok ban is dumb,
A data protection law
is the solution.

zackwhittaker, 2 months ago to random

As of today, I block just one account on Mastodon.

zackwhittaker, 6 months ago to random

"Notice me."

zackwhittaker, 4 months ago to random

Currently at Newark Penn Station. Amtrak service suspended between New York and Pennsylvania due to unspecified communication issues. Trains cancelled, kiosks down.

zackwhittaker, 11 days ago to random

Found a power-up box in the wild.