The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens.
At fault was the Indian government’s cloud service, dubbed S3WaaS, which is billed as a “secure and scalable” system for building and hosting Indian government websites.
With evidence of ongoing exposures of private data, Majumder asked TechCrunch for help getting the remaining data secured.
Majumder said that some citizens’ sensitive data began spilling online long after he first disclosed the misconfiguration in 2022.
The exposed data, Majumder said, potentially puts citizens at risk of identity thefts and scams.
Seven open source foundations are coming together to create common specifications and standards for Europe’s Cyber Resilience Act (CRA), regulation adopted by the European Parliament last month.
And this is what the seven open source foundations are coming together for now.
By coming together as one, this should go some way toward treating open source software development as a single “thing” bound by the same standards and processes.
Throw into the mix other proposed regulation, including the Securing Open Source Software Act in the U.S., and it’s clear that the various foundations and “open source stewards” will come under greater scrutiny for their role in the software supply chain.
“The open source community and the broader software industry now share a common challenge: legislation has introduced an urgent need for cybersecurity process standards.
AT&T resets account passcodes after millions of customer records leak online US telco giant takes action after 2019 data breachPhone giant AT&T is reseting customer account passcodes after a huge cache of data containing millions of customer records was dumped online earlier this month, TechCrunch has exclusively learned.
A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher.
TechCrunch held the publication of this story until AT&T could begin reseting customer account passcodes.
The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth and Social Security numbers.
The researcher double-checked their findings by looking up records in the leaked data against AT&T account passcodes known only to them.
The complaint accuses Apple of moulding its privacy and security practices in ways that benefits the company financially.
One quote particularly jumps out where the DOJ calls Apple’s privacy and security justification an “elastic shield”:“Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple’s financial and business interests,” it says.
“Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive conduct.
It also said that at the moment developers can’t offer a separate app store for children.
Essentially, the DOJ argues that Apple’s privacy and security practices are pretextual in nature and the company chooses “alternative courses” to protect its monopoly.
The U.S. Department of Transportation announced its first industry-wide review of data security and privacy policies across the largest U.S. airlines.
Those airlines include Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit, and United.
Wyden has raised alarms about the sharing and sale of sensitive U.S. consumer data to data brokers — companies that collect and resell people’s personal data, like precise location data, often derived from their phones and computers.
In recent months, Wyden has warned that data brokers sell access to Americans’ personal information, which can identify which websites they visit and the places they travel to.
In remarks, Wyden said: “Because consumers will often never know that their personal data was misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses.”
Earlier today, Sentry announced its AI Autofix feature for debugging production code and now, a few hours later, GitHub is launching the first beta of its code scanning autofix feature for finding and fixing security vulnerabilities during the coding process.
This new feature combines the real-time capabilities of GitHub’s Copilot with CodeQL, the company’s semantic code analysis engine.
The company also promises that code scanning autofix will cover more than 90% of alert types in the languages it supports, which are currently JavaScript, Typescript, Java, and Python.
“Just as GitHub Copilot relieves developers of tedious and repetitive tasks, code scanning autofix will help development teams reclaim time formerly spent on remediation,” GitHub writes in today’s announcement.
To generate the fixes and their explanations, GitHub uses OpenAI’s GPT-4 model.
Zscaler, a cloud security company with headquarters in San Jose, California, has acquired cybersecurity startup Avalor 26 months after its founding, reportedly for $310 million in cash and equity.
But what sets Avalor apart is the ability to handle data from virtually any source in any format, and its unique set of vulnerability risk management and prioritization tools.
Prior to the Zscaler acquisition, Avalor managed to secure $30 million from investors including TCV, Salesforce Ventures, Jibe Ventures and Cyberstarts.
And Raz sees Zscaler taking the business — and its ~80-person team spread across the U.S. and Israel — further.
As Crunchbase’s Chris Metinko noted earlier today, Zscaler’s acquisition — along with others in the cybersecurity space — could help spark activity in a slow-to-stagnant cyber M&A market.
The eight platforms are designated as very large online platforms (VLOPs) under the regulation — meaning they’re required to assess and mitigate systemic risks, in addition to complying with the bulk of the rules.
These will test platforms’ readiness to deal with generative AI risks such as the possibility of a flood of political deepfakes ahead of the June European Parliament elections.
It’s recently been consulting on election security rules for VLOPs, as it works on producing formal guidance.
Which is why it’s dialling up attention on major platforms with the scale to disseminate political deepfakes widely.
The Commission’s RFIs today also aim to address a broader spectrum of generative AI risks than voter manipulation — such as harms related to deepfake porn or other types of malicious synthetic content generation, whether the content produced is imagery/video or audio.
A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly discloseThe Irish government fixed a vulnerability two years ago in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents.
But details of the vulnerability weren’t revealed until this week after attempts to coordinate public disclosure with the government agency stalled and ended.
Security researcher Aaron Costello said he discovered the vulnerability in the COVID-19 vaccination portal run by the Irish Health Service Executive (HSE) in December 2021, a year after mass vaccinations against COVID-19 began in Ireland.
Costello’s public disclosure marks more than two years since first reporting the vulnerability.
His blog post included a multi-year timeline revealing a back and forth between various government departments that were unwilling to take claim to public disclosure.
Airbnb is banning the use of indoor security cameras in all of its listings, the company announced on Monday.
In a blog post, the company said it is now banning indoor security cameras “regardless of their location, purpose or prior disclosure.” Airbnb says majority of the listings on its platform don’t report having an indoor security camera, and that the update will only impact “a smaller subset of listings.” The change comes after numerous reports of guests finding hidden cameras in their rentals.
Airbnb is also introducing new rules for outdoor security cameras and noise decibel monitors.
Hosts will be required to disclose the presence and location of outdoor cameras before guests book.
Hosts can’t use outdoor cameras to monitor indoor spaces and aren’t allowed to place them in private outdoor areas like an enclosed outdoor shower or sauna.
