Security news aggregator

Latest coverage for Startup

Startup cybersecurity covers protecting early-stage systems, customer data, and funding from breaches, fraud, and resource-driven weaknesses.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A startup is a young company developing a product or service, usually while its team, technology, and business processes are still changing rapidly. In information security, that pace and limited staffing can leave security ownership unclear or controls behind the product. Startups may also hold valuable intellectual property, customer information, credentials, and access to cloud services, making protection of those assets material even before the company is large.

Security coverage for startups commonly concerns exposed cloud resources, leaked secrets, excessive access privileges, vulnerable open-source dependencies, and incidents involving suppliers or hosted platforms. Useful safeguards include an inventory of systems and data, multi-factor authentication, least-privilege access, managed secrets, dependency and vulnerability management, centralized logging, and a tested process for reporting and responding to incidents. Customers and investors may also assess whether stated privacy or security commitments match the startup’s actual controls and operating practices.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.

Krebs on Security 2 years, 11 months ago

Diligere, Equity-Invest Are New Firms of U.K. Con Man

John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch, and Diligere[.]co.uk, a scam due diligence company that Equity-Invest insists all investment partners use. A native of the United Kingdom, Mr. Davies absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared on suspicion of murdering his third wife on their honeymoon in India.

Krebs on Security 3 years, 3 months ago

A Serial Tech Investment Scammer Takes Up Coding?

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies' newest invention appears to be "CodesToYou," which purports to be a "full cycle software development company" based in the U.K.

Krebs on Security 4 years, 2 months ago

Fighting Fake EDRs With ‘Credit Ratings’ for Police

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don't tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests -- in part by assigning trustworthiness or "credit ratings" to law enforcement authorities worldwide.