Posted on

Distributed Ledger Technology’s Role in the Future of IoT

Illustration: © IoT For AllThe Internet of Things (IoT) is growing exponentially. Connected devices, systems, and gadgets bring the full power of the internet to consumers and businesses. There’s always room for improvement, though — and distributed ledger technology (DLT) is the natural next IoT evolution.IoT devices are here to stay — for a very long time. International Data Corp. (IDC) predicts that, in 2025, 75% of the 55.7 billion devices will link to an IoT platform of some sort. Though it’s ever-expanding and innovative, it’s not all-powerful. These billions of devices will need more security and efficiency.The decentralized nature …

Read More

Posted on

Making sense of the $6.5B Okta-Auth0 deal

When Okta announced that it was acquiring Auth0 yesterday for $6.5 billion, the deal raised eyebrows. After all, it’s a substantial amount of money for one identity and access management (IAM) company to pay to buy another, similar entity. But the deal ultimately brings together two companies that come at identity from different sides of the market — and as such could be the beginning of a beautiful identity friendship.

The deal ultimately brings together two companies that come at identity from different sides of the market — and as such could be the beginning of a beautiful identity friendship.

On a …

Read More

Posted on

Indian state government website exposed COVID-19 lab test results

A security flaw in a website run by the government of West Bengal in India exposed the lab results of at least hundreds of thousands of residents, though likely millions, who took a COVID-19 test.
The website is part of the West Bengal government’s mass coronavirus testing program. Once a COVID-19 test result is ready, the government sends a text message to the patient with a link to its website containing their test results.
But security researcher Sourajeet Majumder found that the link containing the patient’s unique test identification number was scrambled with base64 encoding, which can be …

Read More

Posted on

Jamaica’s JamCOVID pulled offline after third security lapse exposed travelers’ data

Jamaica’s JamCOVID app and website were taken offline late on Thursday following a third security lapse, which exposed quarantine orders on more than half a million travelers to the island.
JamCOVID was set up last year to help the government process travelers arriving on the island. Quarantine orders are issued by the Jamaican Ministry of Health and instruct travelers to stay in their accommodation for two weeks to prevent the spread of COVID-19.
These orders contain the traveler’s name and the address of where they are ordered to stay.
But a security researcher told TechCrunch that the quarantine …

Read More

Posted on

Online workspace startup Notion hit by outage, citing DNS issues

Notion, the online workspace startup that was last year valued at over $2 billion, was knocked offline after a DNS outage.
The collaborative online office and document service was not loading as of around 9am ET on Friday, preventing anyone who relies on the service from accessing their cloud-stored data.
In a since-deleted tweet, Notion asked if “any users have a contact at Name.com,” the web host that Notion relies on for its domain name. In a reply, Name.com said it was “working with the owners of this domain to address this issue as quickly as possible.” Notion replied: “ …

Read More

Posted on

Ancestry says it fought two police requests to search its DNA database

DNA profiling company Ancestry has confirmed it fought two U.S. law enforcement requests to access its DNA database in the past six months, but that neither request resulted in turning over customer or DNA data.
The Utah-based company disclosed the two requests in its latest transparency report covering the latter half of 2020. The report said Ancestry “challenged both of these requests, which were withdrawn,” and that the company “provided no data” at the time of the report, published Tuesday.
Ancestry did not say which agencies or police departments requested the DNA data or for what reason the company challenged …

Read More

Posted on

Minneapolis police used geofence warrant at George Floyd protests

Police in Minneapolis obtained a search warrant ordering Google to turn over sets of account data on vandals accused of sparking violence in the wake of the police killing of George Floyd last year, TechCrunch has learned.
The death of Floyd, a Black man killed by a white police officer in May 2020, prompted thousands to peacefully protest across the city. But violence soon erupted, which police say began with a masked man seen in a viral video using an umbrella to smash windows of an auto-parts store in south Minneapolis. The AutoZone store was the first among dozens of buildings …

Read More

Posted on

MetroMile says a website bug let a hacker obtain driver’s license numbers

Car insurance startup MetroMile said it has fixed a security flaw on its website that allowed a hacker to obtain driver’s license numbers.
The San Francisco-based insurance startup disclosed the security breach in its latest 8-K filing with the U.S. Securities and Exchange Commission.
MetroMile said a bug in the quote form and application process on the company’s website allowed the hacker to “obtain personal information of certain individuals, including individuals’ driver’s license numbers.” It’s not clear exactly how the form allowed the hacker to obtain driver’s license numbers or how many individuals had …

Read More

Posted on

Google’s BeyondCorp Enterprise security platform is now generally available

Google today announced that BeyondCorp Enterprise, the zero trust security platform modeled after how Google itself keeps its network safe without relying on a VPN, is now generally available. BeyondCorp Enterprise builds out Google’s existing BeyondCorp Remote Access offering with additional enterprise features. Google describes it as “a zero trust solution that enables secure access with integrated threat and data protection.”
Over the course of the last few years, Google — and especially its Cloud unit — has evangelized the zero trust model and built a large partner network around this idea. Those partners include the likes of Check Point, Citrix, …

Read More

Posted on

Cybersecurity startup SpiderSilk raises $2.25M to help prevent data breaches

Dubai-based cybersecurity startup SpiderSilk has raised $2.25 million in a pre-Series A round, led by venture firms Global Ventures and STV.
In the past two years, SpiderSilk has discovered some of the biggest data breaches: Blind, the allegedly anonymous social network that exposed private complaints by Silicon Valley employees; a lab leaked highly sensitive Samsung source code; an inadvertently public code repository revealed apps, code, and apartment building camera footage belonging to controversial facial recognition startup Clearview AI; and a massive spill of unencrypted customer card numbers at now-defunct MoviePass may have been the final nail in the already-beleaguered subscription service’ …

Read More