Posted on

US Marshals says prisoners’ personal information taken in data breach

A data breach at the U.S. Marshals Service exposed the personal information of current and former prisoners, TechCrunch has learned.

A letter sent to those affected, and obtained by TechCrunch, said the Justice Department notified the U.S. Marshals on December 30, 2019 of a data breach affecting a public-facing server storing personal information on current and former prisoners in its custody. The letter said the breach may have included their address, date of birth and Social Security number, which can be used for identity fraud.

But the notice didn’t say how many current and former prisoners are affected by the breach.

As the law enforcement arm of the federal courts, U.S. Marshals are tasked with capturing fugitives and serving federal arrest warrants. Last year, U.S. Marshals arrested more than 90,000 fugitives and served over 105,000 warrants.

A spokesperson for the Justice Department did not respond to a request for comment by email or phone.

It’s the latest federal government security lapse in recent weeks.

The Defense Information Systems Agency, a Dept. of Defense division charged with providing technology and communications support to the U.S. government — including the president and other senior officials — said a data breach between May and July 2019 resulted in the theft of employees’ personal information.

Last month, the Small Business Administration admitted that 8,000 applicants, who applied for an emergency loan after facing financial difficulties because of the coronavirus pandemic, had their data exposed.

Read More

Posted on

Otonomo raises $46 million to expand its automotive data marketplace

New vehicles today can produce a treasure trove of data. Without the proper tools, that data will sit undisturbed, rendering it worthless.

A number of companies have sprung up to help automakers manage and use data generated from connected cars. Israeli startup Otonomo is one such player that jumped on the scene in 2015 with a cloud-based software platform that captures and anonymizes vehicle data so it can then be used to create apps to provide services such as electric vehicle management, subscription-based fueling, parking, mapping, usage-based insurance and emergency service.

The startup announced this week it has raised $46 million to take its automotive data platform further. The capital was raised in a Series C funding round that included investments from SK Holdings, Avis Budget Group and Alliance Ventures. Existing investors Bessemer Venture Partners also participated. Otonomo has raised $82 million, to date.

The funds will be used to help Otonomo scale its business, improve its products and help it remain competitive, according to the company. Otonomo is also aiming to expand into new markets, particularly South Korea and Japan.

“We now have the expanded resources needed to deliver on our vision of making car data as valuable as possible for the entire transportation ecosystem, while adhering to the strictest privacy and security standards,” Otonomo CEO and founder Ben Volkow said in a statement.

Otonomo’s pitch focuses on creating opportunities to monetize connected car data while keeping it safe from the moment it is captured. Once the data is securely collected, the platform modifies it so companies can use it to develop apps and services for fleets, smart cities and individual customers. The platform also enables GDPR, CCPA and other privacy regulation-compliant solutions using both personal and aggregate data.

Today, Otonomo’s platform takes in 2.6 billion data points a day from more than 20 million vehicles through partnerships with more than automakers, fleets and farm and construction manufacturers. Otonomo has more than 25 partnerships, a list that includes Daimler, BMW, Mitsubishi Motor Company and Avis Budget Group. The company said it’s preparing to bring on seven more customers.

That opportunity for Otonomo is growing based on forecasts, including one from SBD Automotive that predicts connected cars will account for more than 70% of cars sold in North American and European markets in 2020.

Read More

Posted on

Decrypted: Space hacking, iPhone vulnerability, Zoom’s security boom

Security startups to the rescue.

As we continue to ride out the pandemic, security experts are closely monitoring the surge of coronavirus-related cyber threats. Just this week, Google’s Threat Analysis Group, its elite threat hunting unit, says that while the overall number of threats remains largely the same, opportunistic hackers are retooling their efforts to piggyback on coronavirus.

Some startups are downsizing and laying off staff, but several cybersecurity startups are faring better, thanks to an uptick in demand for security protections. As the world continues to pivot toward working from home, it has blown up key cybersecurity verticals in ways we never expected. To wit, identity startups are needed more than ever to make sure only remote employees are getting access to corporate systems.

Can the startups take on the giants at their own game?


THE BIG PICTURE

Another payments processor drops the security ball

For the third time this year, a payments processor has admitted to a security lapse. First it was Cornerstone, then it was nCourt. This time it’s Paay, a New York-based card payment processor startup that left a database on the internet unprotected and without a password. Worse, the data was storing full, plaintext credit card numbers.

Anyone who knew where to look could have accessed the data. Luckily, a security researcher found it and reported it to TechCrunch. We alerted the company; it quickly took the data offline, but Paay denied that the data stored full credit card numbers. We even sent the co-founder a portion of the data showing card numbers stored in plaintext, but he did not respond to our follow-up.

Read More

Posted on

Decrypted: Post-coronavirus, Auth0’s close call, North Korea warning, Awake’s Series C

Welcome to a look back at the past week in security and what it means for you. Each week we’ll look at the big news of the week and why it matters.

What will the world look like after the coronavirus pandemic subsides?

Some of us are now in our fifth week of sheltering in place, but there’s no fixed end-date in sight. We’ve gone from a period of confusion and concern to testing and mitigation. Now we’re starting to look ahead at the world post-coronavirus. Things still have to get done. But how do we regain a semblance of normality in the middle of a pandemic?

Tech can be the answer but it’s not a panacea; Apple and Google have explained more about their contact tracing efforts to help better understand the spread of the virus seems promising. But privacy concerns and worries that the system could be abused have raised justified concerns. On the other hand, with a U.S. presidential election slated for later this year, many experts want tech out of the picture in favor of a secure solution that uses paper ballots.

Will tech save the day, or will it kick us while we’re down? Let’s dive in.


THE BIG PICTURE

Voting by mail should be having its moment. Will it?

This year’s U.S. presidential election will still go ahead — it’s in the constitution as an immutable fact — but a pandemic throws a wrench in the works.

But security experts say electronic voting isn’t secure or resilient enough to protect from foreign interference. Even the more established mobile voting offerings have been shown to be deeply flawed.

Read More

Posted on

Cognizant confirms Maze ransomware attack, says customers face disruption

Cognizant, one of the largest tech and consulting companies in the Fortune 500, has confirmed it was hit by a ransomware attack.

Details remain slim besides a brief statement on its site, confirming the incident.

“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” the statement read. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.”

The New Jersey-headquartered IT giant said it was engaging with the law enforcement.

The company, which offers a range of services including IT consultation to clients in more than 80 countries, posted $16.8 billion in revenue last year. The decades-old firm also maintains a business agreement with Facebook to help the social giant moderate content on its platform. Cognizant employs about 290,000 people, most of whom live in India.

When reached, Cognizant spokesperson Richard Lacroix declined to comment beyond the statement.

Maze is not like typical data-encrypting ransomware. Maze not only spreads across a network, infecting and encrypting every computer in its path, it also exfiltrates the data to the attackers’ servers where it is held for ransom. If a ransom isn’t paid, the attackers publish the files online. However, a website known to be associated with the Maze attackers, has not yet advertised or published data associated with Cognizant.

The FBI privately warned businesses in December of an increase in Maze-related ransomware incidents.

Since the warning, several major companies have been hit by Maze, including cyber insurer Chubb, accounting giant MNP, a law firm and an oil company.

According to Bleeping Computer, which first reported the attack, the Maze hackers denied responsibility for the attack.

“That does not mean Maze was not responsible,” said Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft. “At some point in the last three weeks, Maze also hit two Manitoba law firms, neither of which has been listed.”

“It’s possible the group is holding off naming the firms and publishing any data pending the outcome of negotiations, and that could be the case with Cognizant too,” said Callow.

Read More

Posted on

Zoom Rushes to Improve Privacy for Consumers Flooding Its Service

Over the last month, the Zoom videoconferencing service has emerged as the communication lifeline of the coronavirus pandemic. But the convenience fueling Zoom’s explosive popularity has come at a price.Originally a service meant for businesses, Zoom was designed to make it easy for company employees, sales representatives and clients to hop on meetings. When consumers flocked to the video platform for school and socializing, however, those conveniences also made it easy to hijack videoconferences and harass participants in online attacks known as Zoombombing.Now the company is scrambling to deal with privacy and security issues that keep popping …

Read More

Posted on

The Lesson We Are Learning From Zoom

Ever since many of us started working from home in the coronavirus pandemic, I’ve been invited to countless gatherings taking place on Zoom, the videoconferencing app. Virtual happy hours, work meetings, dinners, you name it.I’ve been a no-show, and it’s not just because my hair has grown embarrassingly long. It’s because I have a fundamental problem with Zoom.Let me first say I understand why Zoom has been so popular in the pandemic. The company designed its app to be free and extremely easy to use; in tech lingo, we call it “frictionless.” Even our …

Read More

Posted on

Estimote launches wearables for workplace-level contact tracing for COVID-19

Bluetooth location beacon startup Estimote has adapted its technological expertise to develop a new product designed specifically for curbing the spread of COVID-19. The company created a new range of wearable devices that co-founder Steve Cheney believes can enhance workplace safety for those who have to be co-located at a …

Read More

Posted on

A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles

For Americans sheltering at home during the coronavirus pandemic, the Zoom videoconferencing platform has become a lifeline, enabling millions of people to easily keep in touch with family members, friends, students, teachers and work colleagues.But what many people may not know is that, until Thursday, a data-mining feature on …

Read More

Posted on

Ex-NSA hacker drops new zero-day doom for Zoom

Zoom’s troubled year just got worse.
Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom’s popularity has rocketed, but also has led to an increased focus on the company’s security practices and privacy promises. Hot on the …

Read More