Tag: cybersecurity

Impersonators are targeting companies with fake TechCrunch outreach

Posted on by faz_business


Hi, thanks as always for reading TechCrunch. We want to talk with you quickly about something important.

We’ve discovered that scammers are impersonating TechCrunch reporters and event leads and reaching out to companies, pretending to be our staff when they absolutely are not. These bad actors are using our name and reputation to try to dupe unsuspecting businesses. It drives us crazy and infuriates us on your behalf.

Anecdotally, this isn’t just happening to us; fraudsters are exploiting the trust that comes with established news brands to get their foot in the door with companies across the media industry.

Here’s an example of the most common scheme we’ve been tracking: Impostors impersonating our reporters to extract sensitive business information from unsuspecting targets. In several cases we know about, scammers have adopted the identity of actual staff members, crafting what looks like a standard media inquiry about a company’s products and requesting an introductory call.

Sharp-eyed recipients sometimes catch discrepancies in email addresses that don’t match our real employees’ credentials. But these schemes evolve quickly; bad actors keep refining their tactics, mimicking reporters’ writing styles and referencing startup trends to make their pitches increasingly convincing. Equally troubling, victims who agree to phone interviews tell us the fraudsters use those exchanges to dig for even more proprietary details. (A PR rep told Axios that someone posing as a TechCrunch reporter raised suspicions when they shared a scheduling link.)

Why are they doing this? We don’t know, though a reasonable guess is that these are groups looking for initial access to a network or other sensitive information.

As for what to do about it, if someone reaches out claiming to be from TechCrunch and you have even the slightest doubt about whether they’re legitimate, please don’t just take their word for it. We’ve made it easy for you to verify.

Start by checking our TechCrunch staff page. It’s the quickest way to see if the person contacting you actually works here. If the individual’s name isn’t on our roster, you’ve got your answer right there.

If you do see someone’s name on our staff page, but our employee’s job description doesn’t square with the request you are receiving (i.e., a TechCrunch copy editor is suddenly very interested in learning about your business!), a bad actor may be trying to con you.

If it sounds like a legitimate request but you want to make doubly certain, you should also feel free to contact us directly and just ask. You can learn how to reach each writer, editor, sales executive, marketing guru, and events team member in our bios.

We know it’s frustrating to have to double-check media inquiries, but these groups are counting on you not taking that extra step. By being vigilant about verification, you’re not just protecting your own company — you’re helping preserve the trust that legitimate journalists depend on to do their jobs.

Thank you.

US Army soldier pleads guilty to hacking telcos and extortion

Posted on by faz_business


Former U.S. Army soldier Cameron John Wagenius pleaded guilty to hacking telecommunication companies and attempting to extort them by threatening to release stolen files, the Department of Justice announced on Tuesday.

According to the DOJ, Wagenius, who went online with the nickname “kiberphant0m,” conspired to defraud 10 victim companies by stealing their login credentials, using brute force attacks and other techniques, and then used Telegram group chats to transfer the stolen credentials and discusses hacks. 

Wagenius and his conspirators also attempted to extort their victims in private and in public, including on hacking forums such as the notorious BreachForums. They sold some of the stolen data and also used the stolen credentials to commit other frauds, including SIM swapping victims. 

Earlier this year, Wagenius had already pleaded guilty to hacking AT&T and Verizon, a breach that led to him stealing a massive amount of call records.  

Wagenius’ sentencing is scheduled for October 6, and he faces 20 years in prison, according to the press release. 

The hacker has been linked to a series of hacks that originated from the breach of could computing services giant Snowflake.

If you’re using Microsoft Authenticator to store your passwords, don’t

Posted on by faz_business


Microsoft Authenticator is sunsetting its ability to store your passwords. This month, the service stopped allowing users to add or import new passwords. Beginning in July 2025, users will no longer be able to use autofill with Authenticator, and in August 2025, passwords will no longer be available at all. Payment information stored in Authenticator will be deleted after July, and after the following month, all unsaved generated passwords will be deleted. Passkeys will still be supported in Authenticator.

People who want to stay within the Microsoft ecosystem do have the option to use access their saved passwords when using the Edge browser. But if you’re not interested in Edge, that means Authenticator users may want to peruse their options for a different password manager. Fortunately, there are several excellent choices for that aren’t tied to a particular hardware provider.

Now’s a good time to check in on your Steam account security

Posted on by faz_business


Update May 14, 6:38PM ET: Valve has confirmed that Steam systems were not breached and identifying user data has not been stolen or accessed by hackers. The company provided clarification in a Steam blog post:

“We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone. The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account.”

Our original story follows.

Steam has allegedly suffered a data breach in the past week. Details are scant and difficult to confirm, but a known hacker has claimed to be selling a database of more than 89 million user records for the gaming platform with one-time access codes obtained from a third-party vendor used by Steam. If accurate, that would include information about more than two-thirds of Steam’s audience.

The original LinkedIn post identifying a breach suggested that the leaked information came from cloud communication company Twilio. However, a Steam rep said the platform doesn’t use Twilio, so if there has been a breach, it may be through a different vendor providing SMS codes for access.

While we’re genuinely not sure what’s happening at this stage, the whole kerfuffle is a timely reminder to check in on your online security practices. In the case of Steam, Valve has a mobile authentication program called Steam Guard that can help keep your account secure. It’s also a good practice to make sure you’re regularly changing your pass codes, especially when it’s possible that some component of Steam Guard was at the root of this week’s security drama. A password manager can streamline that process. Since phone numbers appear to have been compromised, be extra alert to possible phishing attempts via text.

If you buy something through a link in this article, we may earn commission.

Cybersecurity Professor Faced China-Funding Inquiry Before Disappearing, Sources Say

Posted on by faz_business


Jason Covert, one of attorneys representing Xiaofeng Wang and his wife, Nianli Ma, a library systems analyst whose employee profile was also removed by Indiana University, tells WIRED that Wang and Ma are both “safe” and that neither of them have been arrested. Their legal team is not currently aware of any pending criminal charges against them, and while the couple’s attorneys have viewed a search warrant from the Department of Justice, Covert says they have not received a copy of the affidavit establishing probable cause.

Wang is considered among the top researchers in the field of privacy, data security, and biometric privacy, and his sudden disappearance came as a shock to many of his academic peers. Wang joined IU in 2004 and is the lead principal investigator of the multidisciplinary Center for Distributed Confidential Computing, which he established in 2022 with an almost $3 million grant from the National Science Foundation (NSF), according to a since-deleted bio on IU’s website. As part of his application for the NSF funding and other US federal research grants, Wang would have been required to disclose other grants he already received or were currently pending review.

On March 28, the FBI searched two home addresses associated with Wang. The same day, IU also reportedly terminated Wang’s job via an email sent by provost Rahul Shrivastav, which WIRED obtained and was first reported by The Indiana Daily Student. The email also said it was understood that Wang had recently accepted a position with a university in Singapore, a detail also repeated in the statement attributed to Li.

The statement says Wang planned to start at the unnamed Singaporean university on June 1, 2025 and requested a leave of absence from Indiana University in early March. But IU responded by “putting him on administrative leave, removing his IU homepage, and disabling his IU email address,” it claims.

Wang’s new job offer “would be irrelevant in any event because it is for [the] next academic year and would not justify firing him,” Tanford says. Terminating his employment via an email was a violation of university policy, Tanford claims, which prohibits firing a tenured professor without cause, and requires a 10-day notice and a hearing before a faculty board of review, if requested by the staff member. “The faculty is deeply concerned. If the administration can fire a tenured professor without due process and in violation of a policy approved by our trustees, none of us is safe,” he says.

Reached for comment, an IU spokesperson declined to answer detailed questions from WIRED about prior communications between the university and Wang and the school’s decision to fire him.

“Indiana University was recently made aware of a federal investigation of an Indiana University faculty member,” university spokesperson Mark Bode tells WIRED in an emailed statement. “At the direction of the FBI, Indiana University will not make any public comments regarding this investigation. In accordance with Indiana University practices, Indiana University will also not make any public comments regarding the status of this individual.”

National Security Council adds Gmail to its list of bad decisions

Posted on by faz_business


The Washington Post that members of the White House’s National Security Council have used personal Gmail accounts to conduct government business. National security advisor Michael Waltz and a senior aide of his both used their own accounts to discuss sensitive information with colleagues, according to the Post‘s review and interviews with government officials who spoke to the newspaper anonymously.

Email is not the best approach for sharing information meant to be kept private. That covers sensitive data for individuals such as social security numbers or passwords, much less confidential or classified government documents. It simply has too many potential paths for a bad actor to access information they shouldn’t. Government departments typically use business-grade email services, rather than relying on consumer email services. The federal government also has its own internal communications systems with additional layers of security, making it all the more baffling that current officials are being so cavalier with how they handle important information.

“Unless you are using GPG, email is not end-to-end encrypted, and the contents of a message can be intercepted and read at many points, including on Google’s email servers,” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation told the Post.

Additionally, there are regulations requiring that certain official government communications be preserved and archived. Using a personal account could allow some messages to slip through the cracks, accidentally or intentionally.

This latest instance of dubious software use from the executive branch follows the discovery that several high-ranking national security leaders used Signal to discuss planned military actions in Yemen, then added a journalist from The Atlantic to the group chat. And while Signal is a more secure option than a public email client, even the encrypted messaging platform can be exploited, as its own team last week.

As with last week’s Signal debacle, there have been no repercussions thus far for any federal employees taking risky data privacy actions. NSC spokesman Brian Hughes told the Post he hasn’t seen evidence of Waltz using a personal account for government correspondence.

CFPB drops Zelle lawsuit in latest reversal under Trump administration

Posted on by faz_business


The Consumer Financial Protection Bureau has dropped its lawsuit over peer-to-peer payment system Zelle, the latest in a series of dismissals from this department under President Donald Trump’s administration. The agency had only just announced the suit — filed against Zelle’s operating entity Early Warning Services and partner banks JPMorgan Chase, Bank of America and Wells Fargo – in December. According to the initial action, the CFPB said that customers of the three banks had lost more than $870 million during the seven years Zelle has been active.

A spokesperson for Zelle said the company welcomed the CFPB’s decision, and reiterated that it believes the lawsuit was “without merit, and legally and factually flawed.” A JPMorgan Chase representative called scam prevention and consumer education “a national security problem” and stated the bank’s commitment to working “across the public and private sectors” toward solutions.

The CFPB made several moves to increase oversight on the financial products offered by tech companies under its previous director, Rohit Chopra. However, the agency is now overseen by Acting Director Russell Vought, who ordered the CFPB to cease all “supervision and examination activity” last month. While employees of the bureau have sued to try to keep the CFPB alive, there have been conflicting messages from government leadership about the agency’s status.

Since taking office, Trump and ally Elon Musk have taken sweeping actions to control and close federal government departments. Agencies that have historically regulated Musk’s business activities have been among those with reduced powers, as have federal operations for cybersecurity, digital services and personnel management.

Update, March 5, 2025, 4:41PM ET: Added official statements from Zelle and JPMorgan Chase.

US indicts five individuals in crackdown on North Korea’s illicit IT workforce

Posted on by faz_business


U.S. authorities have indicted five people over their alleged involvement in a multi-year scheme that saw them obtain remote IT employment with dozens of American companies.

The Department of Justice on Thursday announced the indictment of North Korean citizens Jin Sung-Il and Pak Jin-Song; Pedro Ernesto Alonso De Los Reyes of Mexico, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor.

The DOJ said the FBI arrested Ntekereze and Ashtor, and a search of Ashtor’s home in North Carolina found evidence of a “laptop farm” that hosted company-provided laptops to deceive organizations into thinking they had hired workers based in the U.S.

Alonso was also arrested in the Netherlands after a U.S. warrant was issued.

According to the indictment, Ntekereze and Ashtor allegedly installed remote access software, including Anydesk and TeamViewer, on the company-provided devices, allowing the North Koreans to conceal their locations. The two Americans also provided Jin and Pak with forged identity documents, including U.S. passports and U.S. bank accounts.

The indictment alleges that the defendants gained employment from at least 64 American organizations over the course of the multi-year scheme, which ran from April 2018 through August 2024. These included a U.S. financial institution, a San Francisco-based technology company, and a Palo Alto-headquartered IT organization.

According to the Justice Department, payments from ten of those companies generated at least $866,255 in revenue, most of which was laundered through a Chinese bank account. 

“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick U.S. companies into funding the North Korean regime’s priorities, including its weapons programs,” Devin DeBacker, supervisory official with the Justice Department’s National Security Division, said in a statement. 

Alongside Thursday’s indictments, which come just days after the Treasury Department sanctioned two individuals and four entities for allegedly engaging in similar behavior, the FBI released an advisory warning that North Korean IT workers are increasingly engaging in malicious activity, including data extortion.

The agency said it has observed North Korean IT workers leveraging unlawful access to company networks to “exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.”

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More

Posted on by faz_business


Four days before he leaves office, US president Joe Biden has issued a sweeping cybersecurity directive ordering improvements to the way the government monitors its networks, buys software, uses artificial intelligence, and punishes foreign hackers.

The 40-page executive order unveiled on Thursday is the Biden White House’s final attempt to kickstart efforts to harness the security benefits of AI, roll out digital identities for US citizens, and close gaps that have helped China, Russia, and other adversaries repeatedly penetrate US government systems.

The order “is designed to strengthen America’s digital foundations and also put the new administration and the country on a path to continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, told reporters on Wednesday.

Looming over Biden’s directive is the question of whether president-elect Donald Trump will continue any of these initiatives after he takes the oath of office on Monday. None of the highly technical projects decreed in the order are partisan, but Trump’s advisers may prefer different approaches (or timetables) to solving the problems that the order identifies.

Trump hasn’t named any of his top cyber officials, and Neuberger said the White House didn’t discuss the order with his transition staff, “but we are very happy to, as soon as the incoming cyber team is named, have any discussions during this final transition period.”

The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.

The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency would be tasked with double-checking these security attestations and working with vendors to fix any problems. To put some teeth behind the requirement, the White House’s Office of the National Cyber Director is “encouraged to refer attestations that fail validation to the Attorney General” for potential investigation and prosecution.

The order gives the Department of Commerce eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Shortly thereafter, those practices would become mandatory for companies seeking to do business with the government. The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.

Another part of the directive focuses on the protection of cloud platforms’ authentication keys, the compromise of which opened the door for China’s theft of government emails from Microsoft’s servers and its recent supply-chain hack of the Treasury Department. Commerce and the General Services Administration have 270 days to develop guidelines for key protection, which would then have to become requirements for cloud vendors within 60 days.

To protect federal agencies from attacks that rely on flaws in internet-of-things gadgets, the order sets a January 4, 2027, deadline for agencies to purchase only consumer IoT devices that carry the newly launched US Cyber Trust Mark label.

Hackers injected malicious code into several Chrome extensions in recent attack

Posted on by faz_business


Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven shared in a this weekend that its Chrome extension was compromised on December 24 in an attack that appeared to be “targeting logins to specific social media advertising and AI platforms.” A few other extensions were hit as well, going back to mid-December, reported. According to Nudge Security’s , that includes ParrotTalks, Uvoice and VPNCity.

Cyberhaven notified its customers on December 26 in an email seen by , which advised them to revoke and rotate their passwords and other credentials. The company’s initial investigation of the incident found that the malicious extension targeted Facebook Ads users, with a goal of stealing data such as access tokens, user IDs and other account information, along with cookies. The code also added a mouse click listener. “After successfully sending all the data to the [Command & Control] server, the Facebook user ID is saved to browser storage,” Cyberhaven said in its analysis. “That user ID is then used in mouse click events to help attackers with 2FA on their side if that was needed.”

Cyberhaven said it first detected the breach on December 25 and was able to remove the malicious version of the extension within an hour. It’s since pushed out a clean version.