Cybersecurity experts say the California Department of Justice apparently failed to follow basic security procedures on its website, exposing the personal information of potentially hundreds of thousands of gun owners.The website was designed to only show general data about the number and location of concealed carry gun permits, broken down by year and count

Post-Quantum company awarded SBIR III contract to combat ‘harvest now, decrypt later’ threat from quantum computingQuSecure, a provider of post-quantum, or quantum-proof, cryptography, has been awarded a small business innovation research (SBIR) Phase III contract by the federal government. If funding is like last year’s phase III awards, QuSecure will gain

Chicago-based Infrastructure-as-Code (IaC) startup oak9 has attracted new interest from venture capitalists with Cisco Investments and Morgan Stanley’s Next Level Fund joining a new $8 million funding round.The latest financing, led by existing investor Menlo Ventures, brings the total raised by oak9 to $14 million following a $5.9 million seed round the com

Cyolo, an Israeli startup building technology for zero trust networking, on Monday announced a new $60 million investment led by the venture investing arm of National Grid.In addition to National Grid Partners, Cyolo said it scored investments from Glilot Capital Partners, Flint Capital, Differential Ventures, and Merlin Ventures. The Series B financing

Bay Area startup Normalyze on Monday announced a $22 million in Series A funding as venture capital investors rush to place bets on the newly coined Data Security Posture Management (DSPM) space.Normalyze, based in San Francisco, said the funding round was co-led by Lightspeed Venture Partners and Battery Ventures and brings the total raised to $26.6 million

Every tweet, text, bank transaction, Google search and DoorDash order is part of your digital shadow. We all have one, and the contents of your shadow aren’t always private. For example, in April 2021 attackers leaked data containing the personal information of over 533 million Facebook users from 106 countries.  Sure, you might want your tw

Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.The discovery is added confirmation that ransomware criminals are increasingly investing in zero-day exploits for use in data-extortion attacks and that poorly configured network devices present a

Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of user data in the MEGA cloud.”The ETH Zurich team documented the security defects in a research paper 

Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark.The open-source tool, called Chain-Bench, is described an open source tool for auditing an organization’s so

RevealSecurity, an Israeli data security startup building technology to thwart malicious insider threats, on Tuesday announced the closing of a $23 million funding round led by SYN Ventures.In addition to SYN Ventures, Hanaco Ventures, SilverTech Ventures and World Trade Ventures also joined as RevealSecurity investors.The Series A financing provides capital

French deep tech firm Cosmian on Monday announced that it has raised €4.2 million ($4.4 million) in a venture funding round that brings the total raised by the company to €5.6 million ($5.9 million).The new investment round was led by La Banque Postale – via its new 115K innovation fund – and previous investor Elaia Partners.Founded in 2018, Cosmian provides

Divergent goals often result in data protection laws that are fundamentally flawedPrivacy and data protection regulations can be viewed as just another cybersecurity threat. The risk delivered is financial loss (through imposed fines) and reputational damage (caused by the inevitable conclusion that the company doesn’t care about its users). Regulatory compl

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.The Sophos firewall vulnerability -- tracked as CVE-2022-1040 -- was patched in March this year but only after Volexity intercepted a sophisticated zero-day

Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.Dubbed MaliBot, the malware poses as a cryptocurrency mining application, but may also pretend to be a Chrome browser or another app. On nfected devices, the threat focuses on harvesting financial

Before leaving on an extended (and expensive) vacation, I bought travel insurance. I wanted to protect myself in case I or my traveling partner tested positive for COVID-19. I had to answer a number of questions about my eligibility for such insurance before they would approve me. Nor did the insurance come cheap, but I wanted to protect myself and recover