News

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source of leaks to the media, the company admitted Friday. TikTok has gone to great lengths to convince customers and governments of major markets like the United States that users’ data privacy is protected and that it poses no threat to national security. But parent company ByteDance told AFP on Friday that…

Read More

CyberCube, a provider of cyber risk analytics for insurance companies, this week announced that it has raised $50 million in a new funding round that brings the total raised by the firm to $105 million. The new investment round was led by Morgan Stanley, with participation from Forgepoint Capital, Hudson Structured Capital Management (Bermuda) Ltd., MTech Capital, and angel investors. Founded in 2015, the San Francisco-based CyberCube helps insurers and brokers understand their portfolios’ exposure…

Read More

Sports betting firm DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach. The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings’ systems, the company says. Credential stuffing involves the use of leaked credentials (usernames, email addresses, and passwords) obtained from a third-party source to access an account on a different service. Such attacks are successful only because…

Read More

Google on Friday announced the beta availability of client-side encryption in Gmail for some of its Google Workspace customers. The feature is meant to improve the confidentiality of emails when they rest on Google’s servers, by applying encryption to the email body and attachments while providing Workspace customers with control over the encryption keys and the identity service used to access the keys. “Google Workspace already uses the latest cryptographic standards to encrypt all data…

Read More

The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones. The first widely used method of securing electronic information and in use since 1995, SHA-1 is a slightly modified version of SHA, or ‘secure hash algorithm’, the very first standardized hash function. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities…

Read More

Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, it helped identify 1.7 million potential secrets exposed in public repositories. “Secret scanning alerts notify you directly about leaked secrets in your code. We’ll still notify our…

Read More

API security startup FireTail this week announced that it has raised $5 million in an early-stage financing round led by Paladin Capital Group, with participation from General Advance, Secure Octane, Zscaler, and angel investors. Founded in 2021, the Mclean, Virginia-based firm proposes a new approach to securing Application Programming Interfaces (APIs), helping organizations build API inventories and eliminate security issues associated with them. Already seeing early adopters across North America, Asia-Pacific, and Europe, FireTail says…

Read More

Google this week announced a Chrome update that resolves eight vulnerabilities in the popular browser, including five reported by external researchers. All five security defects are use-after-free flaws, a type of memory safety bug that has been prevalent in Chrome over the past years, and which Google has long-battled to eliminate. According to Google’s advisory, four of these issues are high-severity bugs, impacting components such as Blink Media, Mojo IPC, Blink Frames, and Aura. The…

Read More