Security News

The FBI warned today of fraudsters posing as Non-Fungible Token developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets. In these attacks, the criminals gain unauthorized access to NFT developer social media accounts or create nearly identical accounts to promote "Exclusive" NFT releases.

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. NodeStealer was first exposed by Meta in May 2023, describing it as a stealer capable of harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts.

CoinsPaid is blaming the attack on the North Korean hacking group Lazarus, saying that the sophisticated financially-motivated state-backed actor was aiming for a higher cash-out. "We believe Lazarus expected the attack on CoinsPaid to be much more successful," reads the CoinsPaid press release.

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come...

Secondly, the underlying encryption algorithms are proprietary, guarded as trade secrets under strict non-disclosure agreements, so it simply hasn't had the levels of global, objective mathematical scrutiny that unpatented, open source encryption systems have. Simply put, if you need to keep the algorithm secret, as well as the decryption key for each message, you're in deep trouble, because your enemies will ultimately, and inevitably, get hold of that algorithm.

Exec faces fraud charges, one regulator wants $5 billion fine Alex Mashinsky, the now-former CEO of collapsed cryptocurrency concern Celsius, today faces charges of fraud as prosecutors and...

A new fileless malware named PyLoose has been targeting cloud workloads to hijack their computational resources for Monero cryptocurrency mining. Wiz's security researchers first detected PyLoose attacks in the wild on June 22nd, 2023, and have since confirmed at least 200 cases of compromise by the novel malware.

Learn how the Meduza Stealer malware works, what it targets and how to protect your company from this cybersecurity threat. New malware dubbed Meduza Stealer can steal information from a large number of browsers, password managers and cryptocurrency wallets, according to a report from cybersecurity company Uptycs.

In measures floated in October 2022 and to be enacted by the end of 2023, Singapore's Monetary Authority will require operators to hold customer assets under a statutory trust segregated from their own assets. Crypto outfits are also barred from facilitating retail customer lending and staking - the term for locking up crypto assets for a set time to support blockchain validation.

In yet another sign of a lucrative crimeware-as-a-service ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a singular objective: comprehensive data theft," Uptycs said in a new report.