Security News

Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Why, you ask? All because his IP address landed in the logs of a crypto wallet associated with a phishing scam that Curry had earlier helped investigate as a part of his job-a scam that the feds were now investigating.

In a paper titled, "Everlasting ROBOT: the Marvin Attack," Hubert Kario, senior quality engineer on the QE BaseOS Security team at Red Hat, shows that many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were previously deemed immune to Daniel Bleichenbacher's widely known attack are vulnerable. "For TLS hosts that use forward secure ciphersuites, the attacker would have to perform a massively parallel attack to forge a server signature before a client would time out during the connection attempt. That makes the attack hard, but not impossible."

Security researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. In December 2022, the same analysts reported about a new malware distribution platform dubbed "Zombinder," which embedded the threat into legitimate Android apps' APK file.

Ethereum blockchain analytics firm Nansen asks a subset of its users to reset passwords following a recent data breach at its authentication provider. Nansen is a popular entity in the cryptocurrency space, offering users insights into Ethereum wallet activity, helping identify emerging projects, and generally helping people make informed investment decisions.

Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets. Over the past few days, people have reported receiving phishing emails pretending to be from Stretto, the Claims Agent for the Celsius bankruptcy proceeding.

Telegram, the widely used messaging app, has unveiled an integrated crypto wallet feature, allowing users to effortlessly access their cryptocurrency holdings. The revelation came amidst the TOKEN2049 conference, where the TON Foundation and Telegram publicly announced their partnership.

Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to a CoinDesk report, one the known victims is Fortress Trust, i.e., four of its customers who accessed their crypto funds via a portal built by Retool.

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses Advanced Installer's Custom Actions feature to make the software installers execute the malicious scripts," Cisco Talos researcher Chetan Raghuprasad said in a technical report.

Online cryptocurrency casino Stake.com announced that its ETH/BSC hot wallets had been compromised to perform unauthorized transactions, with over $40 million in crypto reportedly stolen. The threat group was linked to the theft of $35 million from Atomic Wallet in June, $60 million from Alphapo in July, and another $37.3 million from CoinsPaid also in July.

The U.S. Justice Department on Wednesday unsealed an indictment against two founders of the now-sanctioned Tornado Cash cryptocurrency mixer service, charging them with laundering more than $1 billion in criminal proceeds. Tornado Cash is estimated to have processed upwards of $7 billion worth of crypto assets over a period of three years.