Carly Page

Sr. Reporter, Cybersecurity, TechCrunch

Carly Page is a Senior Reporter at TechCrunch, where she covers the cybersecurity beat. She has spent more than a decade in the technology industry, writing for titles including Forbes, TechRadar and WIRED.

You can contact Carly securely on Signal at +441536 853956 or via email at carly.page@techcrunch.com.

Carly Page

Latest from Carly Page

The tech giant secured a cloud storage server that was inadvertently spilling Microsoft internal data and credentials to the open internet.

Microsoft employees exposed internal passwords in security lapse

Featured Article

Should we ban ransom payments?

As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. U.S. officials have long urged against paying ransom demands. But while several U.S. states — including North Carolina and Florida — have made it illegal for local government…

8:00 am PST • March 4, 2024
Should we ban ransom payments?

The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesperson Edward Bennett…

NSA says it’s tracking Ivanti cyberattacks as hackers hit US defense sector

Featured Article

Feds hack LockBit, LockBit springs back. Now what?

Days after it was knocked offline by a sweeping, years-in-the-making law enforcement operation, the notorious Russia-based LockBit ransomware group has returned to the dark web with a new leak site complete with a number of new victims. In a verbose, borderline-rambling statement published Saturday, the remaining LockBit administrator blamed its…

12:15 pm PST • February 26, 2024
Feds hack LockBit, LockBit springs back. Now what?

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers…

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced…

Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn

Featured Article

Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit

Security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw. The maximum severity-rated vulnerability affects ConnectWise ScreenConnect (formerly ConnectWise Control), a popular remote access software that…

9:31 am PST • February 21, 2024
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit

A sweeping law enforcement operation led by the U.K.’s National Crime Agency (NCA) this week took down LockBit, the notorious Russia-linked ransomware gang that for years has wreaked havoc on…

Six things we learned from the LockBit takedown

Featured Article

Authorities disrupt operations of notorious LockBit ransomware gang

A coalition of international law enforcement agencies, including the U.S. Federal Bureau of Investigation and the U.K.’s National Crime Agency, have disrupted the operations of the notorious LockBit ransomware gang. LockBit’s dark web leak site — where the group publicly lists its victims and threatens to leak their stolen data…

12:49 am PST • February 20, 2024
Authorities disrupt operations of notorious LockBit ransomware gang

Featured Article

Why are ransomware gangs making so much money?

For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It’s hardly surprising when you…

5:00 am PST • February 17, 2024
Why are ransomware gangs making so much money?

A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat…

BMW security lapse exposed sensitive company information, researcher finds

U.K.-based water utility Southern Water has confirmed that hackers stole the personal data of as many as 470,000 customers in a recent data breach. Southern Water, which provides water and…

UK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customers

Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws…

Researchers say attackers are mass-exploiting new Ivanti VPN flaw

China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.S. intelligence agencies warned on…

China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’

Student rideshare startup HopSkipDrive has confirmed a data breach involving the personal data of more than 155,000 drivers. Los Angeles-based HopSkipDrive offers an Uber-style rideshare service for children and teenagers.…

HopSkipDrive says personal data of 155,000 drivers stolen in data breach

Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a week.…

Remote access giant AnyDesk resets passwords and revokes certificates after hack

Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud,…

FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach

U.S. cybersecurity agency CISA has ordered federal agencies to urgently disconnect Ivanti VPN appliances given the risk of malicious exploitation due to multiple software flaws. In an update to an…

US gives federal agencies 48 hours to disconnect flawed Ivanti VPN tech

U.S. access and identity management giant Okta has said it is laying off approximately 400 employees, or 7% of its global workforce. The layoffs come almost exactly a year to…

Okta lays off 400 employees — almost exactly a year after last staff cuts

Featured Article

US disrupts China-backed hacking operation amid warning of threat to American infrastructure

The U.S. government announced Wednesday it had disrupted a China-backed hacking operation targeting U.S. critical infrastructure, amid warnings that Beijing is preparing to cause “real-world harm” to Americans in the event of a future conflict. Speaking during a U.S. House of Representatives committee hearing on cyber threats posed by China,…

10:00 am PST • January 31, 2024
US disrupts China-backed hacking operation amid warning of threat to American infrastructure

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, ​​Chinese state-backed hackers have been exploiting Ivanti…

Ivanti patches two zero-days under attack, but finds another

Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline. The councils for Canterbury,…

ICO confirms data breach probe as UK councils remain downed by cyberattack

Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that…

How a mistakenly published password exposed Mercedes-Benz source code

Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network. In a filing…

HPE says it was hacked by Russian group behind Microsoft email breach

The U.S. government sanctioned a Russian national for allegedly playing a “pivotal role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of almost…

US sanctions Russian citizen accused of playing key role in Medibank ransomware attack

Three councils in the United Kingdom have taken some of their public-facing systems offline due to an ongoing cybersecurity issue. Canterbury City Council, Dover District Council, and Thanet District Council,…

Cyberattack targeting UK councils causes online disruption

The U.S. Federal Trade Commission has continued its crackdown on data brokers with a settlement banning data aggregation company InMarket from selling consumers’ precise location data. Texas-based InMarket, which debuted…

FTC bans another data broker from selling consumers’ location data

Google researchers say they have evidence that a notorious Russian-linked hacking group — tracked as “Cold River” — is evolving its tactics beyond phishing to target victims with data-stealing malware.…

Google says Russian espionage crew behind new malware campaign

Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance. That’s according to cybersecurity company Volexity, which first reported last week that China state-backed…

Hackers begin mass-exploiting Ivanti VPN zero-day flaws

U.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider. In an email sent to affected customers, Framework…

Framework says hackers accessed customer data after phishing attack on accounting partner