The Latest from Zack Whittaker
Supreme Court revives LinkedIn case to protect user data from web scrapers
The Supreme Court has given LinkedIn another chance to stop a rival company from scraping personal information from users’ public profiles, a practice LinkedIn says should be illegal but one tha
Google will let enterprises store their Google Workspace encryption keys
As ubiquitous as Google Docs has become in the last year alone, a major criticism often overlooked by the countless workplaces that use it is that it isn’t end-to-end encrypted, allowing Google
Volkswagen says a vendor’s security lapse exposed 3.3 million drivers’ details
Volkswagen says more than 3.3 million customers had their information exposed after one of its vendors left a cache of customer data unsecured on the internet. The car maker said in a letter that the
Security flaws found in Samsung’s stock mobile apps
A mobile security startup has found seven security flaws in Samsung’s pre-installed mobile apps, which it says if abused could have allowed attackers broad access to a victim’s personal da
Ring refuses to say how many users had video footage obtained by police
Ring gets a lot of criticism, not just for its massive surveillance network of home video doorbells and its problematic privacy and security practices, but also for giving that doorbell footage to law
CISA launches platform to let hackers report security bugs to US federal agencies
The Cybersecurity and Infrastructure Security Agency has launched a vulnerability disclosure program allowing ethical hackers to report security flaws to federal agencies. The platform, launched with
Apple unveils new iOS 15 privacy features at WWDC
Apple kicked off its global annual developer conference, WWDC, with a ton of new features and technologies. TechCrunch has all the coverage here from the keynote. As with previous years, Apple has dro
Supreme Court limits US hacking law in landmark CFAA ruling
The Supreme Court has ruled that a police officer who searched a license plate database for an acquaintance in exchange for cash did not violate U.S. hacking laws. The landmark ruling concludes a long
FireEye to sell products unit to Symphony-led group for $1.2B
Cybersecurity giant FireEye has agreed to sell its products business to a consortium led by private equity firm Symphony Technology Group for $1.2 billion. The all-cash deal will split FireEye, the ma
Peloton and Echelon profile photo metadata exposed riders’ real-world locations
Security researchers say at-home exercise giant Peloton and its closest rival Echelon were not stripping user-uploaded profile photos of their metadata, in some cases exposing users’ real-world
Skiff, an end-to-end encrypted alternative to Google Docs, raises $3.7M seed
Imagine if Google Docs was end-to-end encrypted so that not even Google could access your documents. That’s Skiff, in a nutshell. Skiff is a document editor with a similar look and feel to Googl
Zocdoc says ‘programming errors’ exposed access to patients’ data
Zocdoc says it has fixed a bug that allowed current and former staff at doctor’s offices and dental practices to access patient data because their user accounts weren’t properly decommissi
Malware caught using a macOS zero-day to secretly take screenshots
Almost exactly a month ago, researchers revealed a notorious malware family was exploiting a never-before-seen vulnerability that let it bypass macOS security defenses and run unimpeded. Now, some of
US towns are buying Chinese surveillance tech tied to Uighur abuses
This story was reported in partnership with video surveillance news site IPVM. At least a hundred U.S. counties, towns and cities have bought China-made surveillance systems that the U.S. government h
So long, Internet Explorer, and your decades of security bugs
Pour one out for Internet Explorer, the long-enduring internet browser that’s been the butt of countless jokes about its speed, reliability and, probably most notable of all, security, which wil
Echelon exposed riders’ account data, thanks to a leaky API
Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information.
Short seller says Lemonade website bug exposed insurance customers’ account data
An activist short seller has written a letter to the chief executive of insurance giant Lemonade with details of an “accidentally discovered” security flaw that exposes customers’ ac
Peloton’s leaky API let anyone grab riders’ private account data
Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’
What3Words sent a legal threat to a security researcher for sharing an open-source alternative
A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Wor
Click Studios asks customers to stop tweeting about its Passwordstate data breach
Australian security software house Click Studios has told customers not to post emails sent by the company about its data breach, which allowed malicious hackers to push a malicious update to its fla