Security News
The FBI has warned of a scam in which criminals lure people into installing what they think are pre-release beta-grade phone apps to try out - only for the software to be laced with malware. By dressing up these apps as beta tests, crooks can persuade curious netizens to download and install them from outside the normal app stores, bypassing whatever passes as a review process these days.
Sam Bankman-Fried, former chief executive of crypto-disaster FTX, who has been awaiting trial for his firm's failure while in home detention with his family, has been sent to jail for attempting to intimidate witnesses. On Friday, at a hearing in New York City, Judge Lewis Kaplan revoked SBF's bail based on American prosecutors' concern that SBF was trying to tamper with the pending trial by sharing personal writings stored in Google Docs from Caroline Ellison, former CEO of FTX-affiliated Alameda Research and a former romantic partner, with the New York Times.
Multiple zero-day vulnerabilities named 'BitForge' in the implementation of widely used cryptographic protocols like GG-18, GG-20, and Lindell 17 affected popular cryptocurrency wallet providers, including Coinbase, ZenGo, Binance, and many more. Today, the analysts publicly disclosed BitForge in the "Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets" BlackHat presentation, by which time Coinbase and ZenGo have applied fixes to address the problem.
Exposed Kubernetes clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset tied to bigger companies, spanning financial, aerospace, automotive, industrial, and security sectors.
In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "Exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off. "Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project," the FBI said in an advisory last week.
The FBI warned today of fraudsters posing as Non-Fungible Token developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets. In these attacks, the criminals gain unauthorized access to NFT developer social media accounts or create nearly identical accounts to promote "Exclusive" NFT releases.
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. NodeStealer was first exposed by Meta in May 2023, describing it as a stealer capable of harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts.
CoinsPaid is blaming the attack on the North Korean hacking group Lazarus, saying that the sophisticated financially-motivated state-backed actor was aiming for a higher cash-out. "We believe Lazarus expected the attack on CoinsPaid to be much more successful," reads the CoinsPaid press release.
Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come...
Secondly, the underlying encryption algorithms are proprietary, guarded as trade secrets under strict non-disclosure agreements, so it simply hasn't had the levels of global, objective mathematical scrutiny that unpatented, open source encryption systems have. Simply put, if you need to keep the algorithm secret, as well as the decryption key for each message, you're in deep trouble, because your enemies will ultimately, and inevitably, get hold of that algorithm.