Security News
"The rise and proliferation of cryptocurrency has also provided attackers with a new method of financial extraction." The targeting of sensitive cryptocurrency data by threat actors was recently echoed by the Microsoft 365 Defender Research Team, which warned about the emerging threat of cryware wherein private keys, seed phrases, and wallet addresses are plundered with the goal of siphoning virtual currencies by means of fraudulent transfers.
The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.
US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country. It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US. Under the United States' International Emergency Economic Powers Act, it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia.
A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research. "Despite the fact that Surf uses reliable cryptographic libraries for the key derivation and the encryption, the sensitive data in the web version of Surf doesn't appear to have adequate protection."
The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team. While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents - exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.
In the past, cybercriminals didn't focus so much on the left side of the attack kill chain-let's call it "The pre-attack framework." But now, we are starting to see more and more cases of cybercriminal empires focusing on that pre-attack framework and hopping on fresh zero-day vulnerabilities. It hasn't been the typical behavior of cybercriminals to use sophisticated attack methods.
Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020. Data held on the archive server had not been encrypted, Tuckers admitted to the ICO. This wouldn't have prevented the attack but may have mitigated the risk to data subjects.
The United States Department of Justice has revealed new policies that may see it undertake pre-emptive action against cyber threats. Revealed last week by deputy attorney general Lisa O. Monaco, in a speech at the Munich Cyber Security Conference, the policy will see prosecutors, agents and analysts assess "Whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges and arrests."
The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. Security pro Dave Cartwright is our first contributor arguing AGAINST the motion.
FBI: Criminals escalating SIM swap attacks to steal millions of dollars. The FBI says criminals have escalated SIM card swap attacks to hijack victims' phone numbers and steal millions of dollars from fiat and virtual currency accounts.