Security News

A New York fintech biz is set to pay $1 million in fines under a US Securities and Exchange Commission order that claims it advertised "Annualized" returns on Titan Crypto of up to 2,700 percent, a number based on a "Purely hypothetical account." Titan Global Capital Management provided investment strategies to clients and prospective clients solely through a mobile app, the SEC said.

ATMs always take your card right in, don't they? So the idea of these ATM skimming crooks is they're not just interested in your card details, like a web phisher would be.

The FBI has warned of a scam in which criminals lure people into installing what they think are pre-release beta-grade phone apps to try out - only for the software to be laced with malware. By dressing up these apps as beta tests, crooks can persuade curious netizens to download and install them from outside the normal app stores, bypassing whatever passes as a review process these days.

Sam Bankman-Fried, former chief executive of crypto-disaster FTX, who has been awaiting trial for his firm's failure while in home detention with his family, has been sent to jail for attempting to intimidate witnesses. On Friday, at a hearing in New York City, Judge Lewis Kaplan revoked SBF's bail based on American prosecutors' concern that SBF was trying to tamper with the pending trial by sharing personal writings stored in Google Docs from Caroline Ellison, former CEO of FTX-affiliated Alameda Research and a former romantic partner, with the New York Times.

Multiple zero-day vulnerabilities named 'BitForge' in the implementation of widely used cryptographic protocols like GG-18, GG-20, and Lindell 17 affected popular cryptocurrency wallet providers, including Coinbase, ZenGo, Binance, and many more. Today, the analysts publicly disclosed BitForge in the "Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets" BlackHat presentation, by which time Coinbase and ZenGo have applied fixes to address the problem.

Exposed Kubernetes clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset tied to bigger companies, spanning financial, aerospace, automotive, industrial, and security sectors.

In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "Exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off. "Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project," the FBI said in an advisory last week.

The FBI warned today of fraudsters posing as Non-Fungible Token developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets. In these attacks, the criminals gain unauthorized access to NFT developer social media accounts or create nearly identical accounts to promote "Exclusive" NFT releases.

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. NodeStealer was first exposed by Meta in May 2023, describing it as a stealer capable of harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts.

CoinsPaid is blaming the attack on the North Korean hacking group Lazarus, saying that the sophisticated financially-motivated state-backed actor was aiming for a higher cash-out. "We believe Lazarus expected the attack on CoinsPaid to be much more successful," reads the CoinsPaid press release.