Security News

Jordan Persad, of Orlando, was also ordered to pay $945,833 in restitution. According to a plea agreement reached with US prosecutors [PDF], between at least March 2021 and September 2022, Persad and his co-conspirators, some he only knew by their online handles, used SIM swapping to siphon funds from their marks.

Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. According to a tweet by ZachXBT on X, the threat actors stole $4.4 million from 25+ victims due to a LastPass breach in 2022.

As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. These accounts, primarily listing crypto wallet addresses, have dubious origins, are not endorsed by an official charity, and are very likely to be scams.

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation. She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn't the solution.

A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments....

The first of two US government prosecutions of former FTX CEO Sam Bankman-Fried commenced in New York on Monday, only a day after the cryptocurrency tycoon sued his own insurance company for failing to cover his legal costs. Who is SBF... Sam Bankman-Fried co-founded cryptocurrency exchange FTX and served as its CEO. He also co-founded Alameda Research, a hedge fund intertwined with FTX. SBF stepped down late last year and has been charged with fraud over allegations FTX and Alameda, among other things, siphoned billions in people's deposits to fund luxury lifestyles, invest in a whole range of businesses, and gamble on digital assets.

Asia in brief Zhu Su, co-founder of fallen crypto business Three Arrows Capital, was arrested last Friday at Changi Airport in Singapore as he attempted to leave the country. Zhu is expected to spend four months in jail for failing to comply with investigations into his ill-fated company, according to the 3AC's liquidators, consultancy firm Teneo.

Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Why, you ask? All because his IP address landed in the logs of a crypto wallet associated with a phishing scam that Curry had earlier helped investigate as a part of his job-a scam that the feds were now investigating.

In a paper titled, "Everlasting ROBOT: the Marvin Attack," Hubert Kario, senior quality engineer on the QE BaseOS Security team at Red Hat, shows that many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were previously deemed immune to Daniel Bleichenbacher's widely known attack are vulnerable. "For TLS hosts that use forward secure ciphersuites, the attacker would have to perform a massively parallel attack to forge a server signature before a client would time out during the connection attempt. That makes the attack hard, but not impossible."

Security researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. In December 2022, the same analysts reported about a new malware distribution platform dubbed "Zombinder," which embedded the threat into legitimate Android apps' APK file.