🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

How Google Authenticator made one company’s network breach much, much worse

Arstechnica

Arstechnica · 2y ago

How Google Authenticator made one company’s network breach much, much worse

Security company Retool criticized Google's authenticator app for making a recent internal network breach worse. The breach resulted in attackers gaining access to the accounts of 27 customers in the cryptocurrency industry. The attack started when a Retool employee clicked on a text message link claiming to be from the company's IT team. The employee logged into the linked site and provided a password and a temporary one-time password (TOTP) from Google authenticator. The attackers then called the employee, claiming to be an IT team member, and obtained an additional multi-factor code. Retool argues that Google's recent synchronization feature for authenticator codes is highly insecure, as it allowed the attackers to compromise multiple company accounts.

Related News

Microsoft ditches Android for Apple iPhones in China, citing security and authentication issues | Mint

Livemint

Livemint · 1y ago

Microsoft ditches Android for Apple iPhones in China, citing security and authentication issues | Mint

Starting in September, Microsoft will provide Apple iPhones to its employees in China who currently use Android devices. This move aims to improve security and gain access to necessary authentication apps. Microsoft employees in China using Android devices from manufacturers like Huawei and Xiaomi will have the option to purchase an Apple iPhone 15 as a one-time replacement. This decision was made due to Google's unavailability of mobile services in China, preventing users from downloading critical security apps like Microsoft Authenticator and Identity Pass.

Android 15 might soon be able to protect your two-factor authentication codes

Techradar

Techradar · 1y ago

Android 15 might soon be able to protect your two-factor authentication codes

Google is reportedly working on enhancing Two-Factor Authentication (2FA) security in Android 15. A new permission called RECEIVE_SENSITIVE_NOTIFICATIONS has been discovered in the Android 14 QPR3 Beta 1, with indications that it may be limited to Google's own apps or OEM-signed applications. Another flag called OTP_REDACTION has also been found, suggesting that future updates might prevent sensitive notifications, such as One Time Passcodes (OTP) used for 2FA, from being displayed on the lock screen. These measures aim to protect 2FA codes from unauthorized access by untrusted apps or individuals. Using authenticator apps or physical security keys is recommended as more secure alternatives to SMS-based 2FA.

Indian-origin CEO defends 84-hour work week, says 'It's like a rocket launch'

Inshorts · 1y ago

Indian-origin CEO defends 84-hour work week, says 'It's like a rocket launch'

US-based AI startup Greptile's 23-year-old CEO Daksh Gupta defended 84-hour work week by comparing work to a "rocket launch". "When you have two groups of smart people trying to solve the same problem, one that works harder and is luckier wins," he said. "You can't control luck, but you can control how much time you put in," he added.

Top global network service provider apparently leaks hundreds of millions of user accounts

Techradar

Techradar · 1y ago

Top global network service provider apparently leaks hundreds of millions of user accounts

A global network service provider, Zenlayer, left a database with sensitive internal and customer information exposed on the internet without password protection. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who alerted the company. The database contained 380 million records, including server logs, customer data, and files labeled with various categories. The information leak exposed details about Zenlayer's operations and customer records, potentially putting them at risk. It is unclear how long the database was unprotected or if any malicious actors accessed it.

Microsoft Exposes How Hackers Stole Email Signing Key

Robots · 2y ago

Microsoft Exposes How Hackers Stole Email Signing Key

Microsoft has detailed how a China-backed hacking group stole an email signing key, granting unauthorized access to U.S. government email accounts. The breach was due to multiple issues, including a system crash, undetected key exposure, and compromised user credentials. This highlights cybersecurity challenges even for large organizations. Emphasis should be on enhancing network security policies to prevent future breaches. Microsoft faced an espionage campaign in July, where hackers accessed unclassified emails of U.S. government officials, including high-profile figures. The exact method used by the intruders to hack into Microsoft remains unknown.

Instamart pilots physical experiential store in Gurugram

Entrackr

Entrackr · 1m ago

Instamart pilots physical experiential store in Gurugram

News All Stories Instamart pilots physical experiential store in Gurugram The outlet, located at M3M 65th Avenue, operates as an Instamart branded experiential store and is separate from the company’s dark store network. Harsh Upadhyay 21 Dec 2025 Swiggy's quick commerce arm Instamart has piloted a physical experiential store in Gurugram, as the company tests a limited offline format alongside its dark store led delivery operations, according to media reports and people aware of the development. The outlet, located at M3M 65th Avenue, operates as an Instamart branded experiential store and is separate from the company’s dark store network. Consumers can visit the store to see select products, with purchases being made through walk-in transactions at the outlet rather than via the Instamart app. As reported earlier, the store carries a narrow assortment of around 100 to 200 SKUs, compared to the much wider catalogue available at Instamart dark stores. Sources said these experiential formats are being opened in and around residential societies by sellers on the Instamart platform. The stores are not positioned as retail outlets but as small format experiential spaces with a limited SKU range. The focus is largely on categories where consumers prefer physical inspection before purchase, including fresh fruits and vegetables, pulses, new product launches and offerings from some direct to consumer brands. The initiative is expected to be primarily centred on fresh categories. The transaction structure at these stores also differs from Instamart’s standard model. As per sources, payments made at the outlet are routed directly to sellers, rather than being collected by Swiggy and settled later after commission deductions. Sellers are understood to be experimenting with the format under Instamart’s branding and service support. Instamart continues to operate through a network of dark stores across multiple cities for rapid delivery of groceries and daily essentials, with the experiential outlet functioning alongside this infrastructure. Swiggy has not made an official announcement on the initiative and has not indicated whether it plans to expand the format to other locations. Swiggy did not respond to queries till publication.

Generative AI moving tech outside IT departments: Google Cloud CEO Thomas Kurian

Economic Times

Economic Times · 2y ago

Generative AI moving tech outside IT departments: Google Cloud CEO Thomas Kurian

Generative AI is expanding beyond IT departments to various functions like marketing, HR, and procurement, says Google Cloud CEO Thomas Kurian. The technology's versatility is attracting non-engineer professionals to explore its applications. Kurian likens this trend to how Google made the internet accessible through its search engine. AI adoption is broadening across industries, enhancing productivity. At the Google Cloud Next 2023 event, new capabilities were unveiled for AI application development, including Duet AI features for writing assistance, which significantly boosts user productivity.

Exclusive: Cloud telephony platform Exotel suffers data breach

Entrackr

Entrackr · 1y ago

Exclusive: Cloud telephony platform Exotel suffers data breach

Cloud telephony platform Exotel has suffered a data breach that may have compromised details of its clients, sources familiar with the matter told Entrackr. “A massive data breach was reported on Friday which happened last week. Exotel works with many large companies, including financial institutions and their data have been breached,” said one of the sources requesting anonymity. The company’s chief executive Shivakumar Ganesan also did a town hall or emergency meeting on Friday, the person said. Confirming the data breach, an Exotel spokesperson said, “We recently identified unauthorized access to one of our cloud Infrastructure stamps in Singapore and acted swiftly to contain the issue. Importantly, no sensitive personal or financial information was compromised.” “The breach was limited and majority customers were not affected. We have already notified those impacted, providing them with detailed information and recommended steps to mitigate any potential risks,” the spokesperson added. The 13-year-old firm offers voice and SMS contact center capabilities for businesses to manage their customer engagement over the cloud. Besides India, it operates in the UAE, Indonesia, Africa, and the US. Another source said that Exotel stores call recordings and SMS of its clients on the cloud. “AWS private keys got breached from some developer. The hackers got access to the database and source code. Zomato, Khatabook and others became victims of the breach,” added the source. In a response to this, Exotel’s spokesperson clarified, “While we store call recordings and SMS of clients on the cloud none of these have been accessed or impacted in this incident.” Confirming the data breach to Entrackr, a Zomato spokesperson said, “We have been made aware of the data breach at Exotel. So far, from what we know, our merchant and customer data is fully secure and no payment related sensitive information has been compromised. Our teams are actively working with Exotel to ascertain more details on the ongoing investigation.” Entrackr has reached out to Khatabook to verify this. The Steadview Capital and A91 Partners-backed company reported a 32.1% spike in its collection to Rs 420 crore whereas its losses jumped 2.5 fold to Rs 109 crore. It is yet to file its annual report for FY24 but the firm projected a 50% revenue growth for the last fiscal year (FY25). Exotel directly competes with Knowlarity, MyOperator, Ozonotel, and Tata Communications, and a few others. Peak XV-backed Knowlarity was acquired by conversational messaging unicorn Gupshup in a $100 million deal in February 2022.

SEC ramps up hack probe with focus on tech, telecom companies

Economic Times

Economic Times · 1y ago

SEC ramps up hack probe with focus on tech, telecom companies

The U.S. Securities and Exchange Commission (SEC) has reached out to tech and telecom companies to understand how they responded to the SolarWinds cyber attack last year. The attack, which compromised SolarWinds' network management software Orion, allowed hackers access to thousands of companies and government offices. The SEC is scrutinizing the impact of the attack and looking for any gaps in corporate security. Last year, the SEC filed a lawsuit against SolarWinds and its top information security executive, alleging that they deceived investors by concealing cybersecurity vulnerabilities during the breach. The SEC has not yet commented on the recent inquiry.

This Exec Is Forcing Google Into Its First Trial Over Sexist Pay Discrimination

Wired · 2y ago

This Exec Is Forcing Google Into Its First Trial Over Sexist Pay Discrimination

A pay discrimination trial against Google is set to begin in New York this week. Ulku Rowe, an executive at Google's cloud unit, alleges that she was hired at a lower level and salary than equally or less qualified men. She also claims that Google retaliated against her when she complained. This trial will provide a rare insight into how pay and promotion decisions are made within the tech giant. Pay equity data remains scarce even after the widespread walkout by Google employees in 2018.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

Sept 2025

Your Health, Simplified with Smart Care

An ecosystem for curated creative partnerships

Your Health our Priority.

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

House-help startup Pync shuts dow ...

ChatGPT maker OpenAI partners wit ...

IKEA Starts Online Delivery Servi ...

Download the medial app to read full posts, comements and news.