Security News > 2023 > August

Two founders of Tornado Cash were formally accused by US prosecutors today of laundering more than $1 billion in criminal proceeds through their cryptocurrency mixer. As a cryptocurrency mixer, Tornado Cash is appealing to cybercriminals as it offers to provide them a degree of anonymity.

Believed to be one of the leaders of the group, Arion Kurtaj, from Oxford, England, was arrested twice in 2022, first in January and then again in March, in connection with Lapsus$ hacking activity. Kurtaj used more than a dozen online names, White and Breachbase among them, and is believed to have made more than 300 BTC from his hacking activity, SIM-swapping included.

Microsoft has released the optional KB5029331 Preview cumulative update for Windows 10 22H2 with sixteen improvements or fixes, including the introduction of a new Backup app. While recent Windows 10 updates have been acting primarily as bug fixes, this update includes several new features, demonstrating that Microsoft is not completely ignoring Windows 10 in favor of Windows 11.

WinRAR could start a wrong file after a user double- clicked an item in a specially crafted archive. That's a bit like receiving an email containing a safe-looking attachment along with a risky-looking one, deciding to start by investigating only the safe-looking one, but unknowingly firing up the risky file instead. From what we can tell, and in another irony, this bug existed in WinRAR's code for unpacking ZIP files, not in the code for processing its very own RAR file format.

Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts. Still, in June, it was reported [1, 2] that the flaw was actively exploited to create admin users and upload malicious plugins on unpatched servers.

Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry. The problem is so widespread that GitHub launched a system that would alert repository owners of misconfigurations leading to the exposure of secrets, and independent security researchers wrote open-source tools dedicated to scanning for secrets in publicly exposed AWS S3 storage buckets.

Starting on Monday, Discord has been reaching out to users affected by a data breach disclosed earlier this year to let them know what Personal Identifying Information was exposed in the incident. The breach stemmed from a security breach at a third-party service provider detected on March 29, involving the compromise of an account belonging to a customer support agent.

Lazarus Group, the infamous cryptocurrency thieves backed by North Korea, may try to liquidate a stash of stolen Bitcoin worth more than $40 million, according to the FBI. In an alert issued on Tuesday, agents said they tracked the purloined cryptocurrency over the past 24 hours. Most recently, on June 22 Lazarus Group stole $60 million in virtual currency from Alphapo, which processes payments for gambling services.

Security researchers have released NoFilter, a tool that abuses the Windows Filtering Platform to elevate a user's privileges to increases privileges to SYSTEM, the highest permission level on Windows. Microsoft defines the Windows Filtering Platform as "a set of API and system services that provide a platform for creating network filtering applications."

The U.S. Justice Department charged two Tornado Cash founders with helping criminals, including the notorious North Korean Lazarus hacking group, launder over $1 billion worth of stolen cryptocurrency through their decentralized crypto mixing service. Tornado Cash was also used to launder more than $96 million after the June Harmony Bridge hack and at least $7.8 million following the August Nomad Heist.