Phone unlocking firm Cellebrite to acquire mobile testing startup Corellium for $170M
Cellebrite, a company that makes forensic equipment for unlocking smartphones, said it is acquiring mobile testing startup Corellium for $170 million in cash, with $20 million converted to equity at closing.
The Israel-headquartered Cellebrite said the deal would help with the 'accelerated identification of mobile vulnerabilities and exploits.' Much of Cellebrite's technology relies on using unknown vulnerabilities, such as zero-day exploits, to unlock encrypted data stored on phones.
For its part, Corellium provides its customers access to virtual, cloud-based Android and iOS devices for app and security testing, an offering that Apple for a time sought to block.
A Cellebrite spokesperson told TechCrunch that the deal is expected to close later this year, subject to a review from CFIUS, the U.S. government committee tasked with handling corporate deals that could affect national security.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fast Company
11 minutes ago
- Fast Company
The real problem with ransomware isn't encryption—it's the data that walks out the door
When ransomware strikes, most organizations spring into action as if they're responding to a classic crime scene: Tape off the perimeter, start the restoration process, and try to regain access to what was lost. The assumption is that this is a temporary disruption, that once systems are decrypted and restored from backup, the business can move on. But that's the wrong script. Today, encryption is no longer the main event, it's just the distraction. The real damage comes from what's quietly exfiltrated before the ransom note even appears on your screen. Sensitive documents, financial data, proprietary designs, employee records, and customer PII all walk out the door while you're still patting yourself on the back for having a solid backup strategy. And the consequences? They don't end when the systems come back online. A DANGEROUS EVOLUTION IN RANSOMWARE The shift in ransomware tactics isn't theoretical, it's happening right now. Today's attacks are highly coordinated, patient, and financially motivated. Attackers no longer need to simply lock files and demand payment for a key. They're realizing that stealing data is far more profitable, and more painful for the victim. Encryption is reversible. You pay the ransom (or don't), restore the backups (if you can), and carry on. But data theft is permanent. Once it leaves your network, there's no clawing it back. It can be sold, leaked, or weaponized, sometimes all three. Even worse, these breaches aren't just about stolen data. They're about stolen trust. Public companies face shareholder scrutiny. Regulated industries face government fines. And everyone faces the wrath of their customers when private information is posted online. WHAT BACKUPS CAN'T PROTECT YOU FROM There's a common misconception in cybersecurity circles: As long as your backup and recovery processes are solid, you're protected. That might've been true a decade ago. But today, it's dangerously naïve. Backups don't stop reputational damage. They don't prevent lawsuits or limit your liability. They won't answer tough questions from regulators, and they certainly won't reassure customers whose personal data just showed up on a dark web forum. What often follows a modern ransomware attack is a period of long, painful discovery. Months may pass before you fully understand what data was taken—if you ever do. Was it encrypted or plaintext? Were customer records compromised? Were you in compliance with HIPAA, GDPR, or other data privacy laws? And perhaps most haunting of all: Could this have been prevented? If your security strategy treats data protection as an afterthought, these are the questions that will keep you up at night. In most boardrooms, ransomware is still talked about in terms of uptime and recovery. But here's the hard truth: Your mean time to recovery won't matter much when the damage is already done. No one's impressed that your servers are back online in 48 hours if, during that time, attackers walked away with terabytes of sensitive information. Regulators certainly won't be. Neither will your customers. This is where many organizations fall into a dangerous trap. They invest heavily in detection and recovery technologies, endpoint protection, backup appliances, and failover solutions, while leaving gaping holes in data governance and access control. They prepare for the encryption event, but not the silent theft that comes first. And make no mistake, attackers know it. They exploit those blind spots with chilling precision. IT'S TIME TO CHANGE THE CONVERSATION If you're only measuring success by how fast you can bounce back, you're missing the bigger picture. Cyber resilience isn't just about recovery, it's about containment, prevention, and visibility. It's about understanding that the real cost of an attack isn't server downtime. It's the legal fees, the customer churn, the fines, and the headlines. Organizations must start thinking in terms of data-first security. That means tightening controls on who can access sensitive files, and under what conditions. It means monitoring for unusual outbound data flows, not just scanning for known malware signatures. And perhaps most importantly, it means treating your data like the crown jewels it is, not just another asset. In this new paradigm, the most important question isn't, 'How fast can we recover?' but, 'Can we prove what was taken, and are we legally, ethically, and operationally prepared for what happens next?' THE STAKES ARE HIGHER THAN EVER The uncomfortable truth is that many companies will do everything 'right' and still get hit. But when the dust settles, your customers won't care how good your endpoint detection software was. They'll want to know why their names, addresses, and credit card numbers were posted online. They'll want to know why their trust in you was misplaced. That's why now is the time to re-evaluate your ransomware posture, not just from a technical lens, but from a business one. Who owns your data protection strategy? Is it siloed in IT, or is it an enterprise-wide priority? Do your vendors understand the sensitivity of the data they touch? Does your response plan include legal, PR, and compliance, not just tech recovery? In a world where ransomware has morphed into data extortion, encryption is just the bait. The real threat is what's already gone by the time you realize anything's wrong.
Gizmodo
11 minutes ago
- Gizmodo
Nancy Mace Hitches Her Wagon to the Hertz AI-Scanner Controversy
Car rental giant Hertz is in the hot seat, after customers have come out of the woodwork to complain that the company's newly instituted AI scanners are charging them outrageous fees over minor issues. Now the system reportedly has the attention of one of Congress's most artificially intelligent members. The company recently rolled out the scanners as part of a partnership with Israeli firm UVeye, whose products were originally developed as a homeland security device—designed to detect guns and bombs. Its executives ultimately decided to make money by scanning cars. UVeye's product is described as an 'AI-driven inspection technology,' and is designed to assess returned cars for damages. According to The New York Post, 'dozens' of Hertz customers have complained about the company's AI scanners, with many claiming they're being sent huge bills for minor scuffs and scrapes. On Reddit, the scanners have also gotten a lot of hate. The Drive recently interviewed a Hertz customer who said he was charged $440 over a minor scuff on the tire's hub. When the customer attempted to reach a human, he says he was faced with a complicated, not altogether clear system for filing a complaint. The outlet writes, of the customer's ordeal: When he returned the car, he did so with a 1-inch scuff on the driver's side rear wheel. Patrick says he was alerted to the damage 'minutes' after dropping the VW off, and with it, charges for the blemish: $250 for the repair, $125 for processing, and another $65 administrative fee. That's $440 all told, for curb rash on one wheel. Now, so much animosity has built up against the rental giant's automated system that congressional curiosity has settled on the company in the unlikely form of U.S. Rep. Nancy Mace (R-South Carolina). The Post writes that Mace, who is mostly known for her unhinged opinions about immigrants, liberals, and the LGBTQ community, sent a letter to Hertz CEO Gil West this week, asking for clarification about the company's use of AI. The exact contents of the letter aren't clear, although the Post writes the following of Mace's inquiry: Rep. Nancy Mace, who chairs the House Subcommittee on Cybersecurity, Information Technology and Government Innovation, asked Hertz CEO Gil West to provide her office with a 'better understanding' of the company's 'experience as an early adopter of AI scanning technology,' according to the letter obtained by The Post. The South Carolina congresswoman questioned how the AI scanners 'may impact' Hertz's 'work as a vendor to the Federal government.' Gizmodo reached out to Mace's office and Hertz for comment. In a statement previously shared with the Post, Hertz vaguely defended the new system: 'The vast majority of rentals are incident-free. When damage does occur, our goal is to enhance the rental experience by bringing greater transparency, precision, and speed to the process.' Mace is clearly an imperfect vector to probe this issue. She recently bragged about securing infrastructure funding that she voted against in 2021, so don't expect much from the congresswoman. But now that Hertz's practices have received such high-level notice, maybe a lawmaker who is a serious person will step in and review the situation.
Yahoo
35 minutes ago
- Yahoo
Hackers who exposed North Korean government hacker explain why they did it
Earlier this year, two hackers broke into a computer and soon realized the significance of what this machine was. As it turned out, they had landed on the computer of a hacker who allegedly works for the North Korean government. The two hackers decided to keep digging and found evidence that they say linked the hacker to cyberespionage operations carried out by North Korea, exploits and hacking tools, and infrastructure used in those operations. Saber, one of the hackers involved, told TechCrunch that they had access to the North Korean government worker's computer for around four months, but as soon as they understood what data they got access to, they realized they eventually had to leak it and expose what they had discovered. 'These nation state hackers are hacking for all the wrong reasons, I hope more of them will get exposed, they deserve to be,' said Saber, who spoke to TechCrunch after he and cyb0rg published an article in the legendary hacking e-zine Phrack, disclosing details of their findings. There are countless cybersecurity companies and researchers who closely track anything the North Korean government, and its many hacking groups are up to, which includes espionage operation but also increasingly large crypto heists, as well as wide-ranging operations where North Koreans pose as remote IT workers to fund the regime's nuclear weapons program. In this case, Saber and cyb0rg went one step further and actually hacked the hackers, an operation that can give more, or at least different, insights into how these government-backed groups work, as well las 'what they are doing on a daily basis and so on,' as Saber put it. The hackers want to be known only by their handles, Saber and cyb0rg, because they may face retaliation from the North Korean government, and possibly others. Saber said that they consider themselves hacktivists, and he namedropped legendary hacktivist Phineas Fisher, responsible for hacking spyware makers FinFisher and Hacking Team, as an inspiration. At the same time, the hackers also understand that what they did is illegal, but they thought it was nonetheless important to publicize it. 'Keeping it for us wouldn't have been really helpful,' said Saber. 'By leaking it all to the public hopefully we can give researchers some more ways to detect them.' 'Hopefully this will also lead to many of their current victims being discovered and so to [the North Korean hackers] losing access,' he said. 'Illegal or not, this action has brought concrete artifacts to the community, this is more important,' said cyb0rg, in a message sent through Saber. Saber said they are convinced that while the hacker — whom they call 'Kim' — works for North Korea's regime, they may actually be Chinese and work for both governments, based on their findings that Kim did not work during holidays in China, suggesting that the hacker may be based there. Also, according to Saber, at times Kim translated some Korean documents into simplified Chinese using Google Translate. Saber said that he never tried to contact Kim. 'I don't think he would even listen, all he does is empower his leaders, the same leaders who enslave his own people,' he said. 'I'd probably tell him to use his knowledge in a way that helps people, not hurt them. But he lives in constant propaganda and likely since birth so this is all meaningless to him,' referring to the strict information vacuum that North Koreans live in, as they are largely cut off from the outside world. Saber declined to disclose how he and cyb0rg got access to Kim's computer, given that the two believe they can use the same techniques to 'obtain more access to some other of their systems the same way.' During their operation, Saber and cyb0rg found evidence of active hacks carried out by Kim, against South Korean and Taiwanese companies, which they say they contacted and alerted. North Korean hackers have a history of targeting people who work in the cybersecurity industry as well. That's why Saber said he is aware of that risk, but 'not really worried.' 'Not much can be done about this, definitely being more careful though :),' said Saber. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
