Security News
The U.S. Treasury Department's Office of Foreign Assets Control has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. The first, Bitpapa IC FZC LLC, is a peer-to-peer virtual currency exchange that caters to Russian nationals and has facilitated millions of dollars in transactions with two OFAC-designated Russian entities, Hydra Market and Garantex.
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. The attack targets constant-time cryptographic implementations using data memory-dependent prefetchers found in modern Apple CPUs.
The FBI warned of increases in crypto scams in March last year, saying most begin with some sort of social engineering, like a romance or confidence scam, which then evolve into crypto investment fraud. The total losses from investment fraud also beat those incurred by ransomware across the country, according to the latest report [PDF] from the FBI's Internet Crime Complaint Center.
Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Check Point specifically cites the growth of attacks that abuse Ethereum's CREATE2 opcode, dubbing it a "Critical issue in the blockchain community" that's seeing millions of dollars worth of assets being drained from victims' wallets.
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a...
The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. Last week, the genuine Leather wallet warned its community about a fake version of its wallet on the Apple App Store, making it clear that the company does not yet offer an iOS app.
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to...
A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.
The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. Some of the largest cryptocurrency theft operations Lazarus conducted in recent years include the March 2022 Ronin Network hack that yielded $625 million, the Harmony Horizon hack in June 2022 that resulted in losses of $100 million, and the July 2023 Alphapo heist from where the hackers pocketed $60 million worth of crypto.