Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned.
Somehow, the hackers are getting malware on the victim’s computers and then stealing passwords for their gaming accounts and crypto wallets, among others, according to sources.
Zeebler described the effort as an “infostealer malware campaign,” where malware designed as legitimate-looking software unknowingly installed by the victim surreptitiously steals their usernames and passwords.
Zeebler told TechCrunch that he found out about the hacking campaign when a PhantomOverlay customer had their account for the cheat software stolen.
After that, Zeebler said he contacted Activision Blizzard as well as other cheat makers, whose users appear to be affected.
Now, Coro — one of the startups building tools specifically for smaller businesses — is announcing a big round of funding after seeing its recurring revenues shoot up 300% in the last year.
Sources close to the deal tell TechCrunch that its valuation is over $750 million post-money.
And among SMBs responding to a survey from Digital Ocean, 74% named data privacy a top concern.
The opportunity in the security market for SMBs that Coro has identified is that these businesses typically lack the teams and internal IT budgets to dedicate to building and managing their defenses.
Its round last year, in April 2023, was $75 million at a $575 million valuation (also post-money).
StealthMole, an AI-powered dark web intelligence startup that specializes in monitoring cyber threats and detecting cybercrime, announced Thursday that it has raised a $7 million Series A funding round.
The startup serves over 50 clients across 17 countries in Asia, Europe, and the Middle East.
One differentiator from its competitors in the cybersecurity industry is its unique expertise in Asia-related threats, Kevin Yoo, chief operating officer (COO) at StealthMole, told TechCrunch.
“The high demand for Asia-oriented threat information underscores the uniqueness and value of our dataset for customers worldwide, within and beyond Asia,” Yoo said.
Korea Investment Partners led the Series A round with participation from Hibiscus Fund (a joint venture between RHL Ventures, Penjana Kapital and KB Investment) and Smilegate Investment.
Investors’ pledge to fight spyware undercut by past investments in US malware maker Cyber investors announced commitments to fighting spyware, but at least one firm previously invested in an exploit maker.
Now, some investors have announced that they too are committed to fighting spyware.
More recently, the government has imposed economic sanctions not only on companies, but also directly on the executive who founded Intellexa.
To hear some of these investors talk, you’d think that spyware has no place in a free and open society.
Gula Tech and Paladin’s investment in Boldend — effectively a U.S.-based exploit and hacking software maker — and the two investment firms’ commitment to not invest in spyware companies might seem at odds.
I’m getting hacked, I’m getting hacked bro, I’m getting hacked,” said one of the players allegedly compromised during a live stream of the gameplay.
On Tuesday, Respawn, the studio that develops Apex Legends posted a statement on X (formerly Twitter), addressing the incidents.
Conor Ford, who works on Apex Legends security team, wrote on X that he and his colleagues are working to address the issues.
Or other video game hacking incidents?
Or other video game hacking incidents?
The Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords.
A spokesperson for the company said there was no breach, just a series of hacking attempts against some users.
To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a Pokemon Company spokesperson.
The description of the Pokemon account breaches sounds like credential stuffing, where malicious hackers use usernames and passwords stolen from other breaches and reuse them on other sites.
For its part, the Pokemon Company does not allow its users to enable two-factor on their accounts, when TechCrunch checked.
Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information.
Fujitsu also did not say what kind of personal information may have been stolen, or who the personal information pertains to — such as its employees, corporate customers, or citizens whose governments use the company’s technologies.
Headquartered in Japan, Fujitsu has about 124,000 employees and serves government and private sector customers globally.
Fujitsu said it reported the incident to Japan’s data protection authority, Personal Information Protection Commission, “in anticipation” that personal information may have been stolen.
The company has not said whether it has filed required data breach notices with any other government or authority, including in the United States.
Zscaler, a cloud security company with headquarters in San Jose, California, has acquired cybersecurity startup Avalor 26 months after its founding, reportedly for $310 million in cash and equity.
But what sets Avalor apart is the ability to handle data from virtually any source in any format, and its unique set of vulnerability risk management and prioritization tools.
Prior to the Zscaler acquisition, Avalor managed to secure $30 million from investors including TCV, Salesforce Ventures, Jibe Ventures and Cyberstarts.
And Raz sees Zscaler taking the business — and its ~80-person team spread across the U.S. and Israel — further.
As Crunchbase’s Chris Metinko noted earlier today, Zscaler’s acquisition — along with others in the cybersecurity space — could help spark activity in a slow-to-stagnant cyber M&A market.
On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year.
This time, the Russian hackers dubbed Midnight Blizzard have targeted Microsoft’s source code and other internal systems, the company said.
This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in a blog post.
This new intrusion comes after Microsoft revealed in January that Russian government hackers had broken into the company’s systems last November.
Midnight Blizzard is believed to be a hacking group working for Russia’s Foreign Intelligence Service, known by its Russian initials, SVR.
Well, if you ask Garrett Hamilton, they should give Reach Security a whirl.
Instead of serving as just another layer in a company’s cybersecurity stack, Reach connects to a company’s existing IT and security products, collecting data on attacks and recommending ways to combat them using security tools that the company already owns.
They’re wrong.”Prior to Reach, Hamilton worked at Palo Alto Networks, where he was director of product management.
A survey from security posture management vendor Panaseer found that organizations manage on average between 64 to 76 security tools (as of 2022).
Reach also auto-tunes security tool configurations to try to prevent attacks, prioritizing actions based on how the attacks are being carried out.
