Security News

Y is the author of a book I can very greatly recommend, with the fascinating title Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. DUCK. Andy, do you think, perhaps that there's nothing wrong with Satoshi Nakamoto saying, "You *can* be anonymous when you use Bitcoin?".

Researchers at IT security company Check Point security have flagged Dingo Token as a potential scam after finding a function that allows the project's owner to manipulate trading fees up to 99% of the transaction value. Dingo Token is currently ranked #619 in CoinMarketCap with a market capitalization of over $20 million.

The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions in cryptocurrency. Avraham Eisenberg was arrested in late December in Puerto Rico in relation to charges [PDF] filed by the US Securities and Exchange Commission, which allege he made off with more than $110 million in crypto "By artificially manipulating the price of certain perpetual futures contracts."

This is not a breach of the GitHub systems or the GitHub infrastructure or how GitHub stores files - it's just that GitHub's code on GitHub some of the stuff that was supposed to be private got downloaded. In the end, GitHub found, I think, that there are only three stolen certificates that were actually still valid, in other words, that crooks could actually use for signing anything.

Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. After gaining the victims' trust, the scammers say that they have an uncle working for a financial analysis firm and launch an invitation to trade cryptocurrency via an app on Play Store or App Store.

South Korea's Ministry of Justice will create a "Virtual Currency Tracking System" to crack down on money laundering facilitated by cryptocurrencies, and rated the establishment of the facility among its priorities for the year. In third place were a raft of measures aimed at addressing various unlawful actions such as tackling organized crime, repatriating accused criminals who abscond before facing local courts, improvements to criminal justice systems - and the aforementioned crypto-tracker.

Astonishingly, the CVE-2022-38023 vulnerability existed in the first place because both Windows and Samba still supported a style of integrity protection based on the long-deprecated hashing algorithm MD5. Simply put, network authentication using Microsoft's version of the Kerberos protocol still allowed data to be integrity-protected using flawed cryptography. Assuming a reliable algorithm, with no exploitable weaknesses, you'd expect that a hash with X bits of output would need about 2X-1 tries to find a second input that collided with the hash of an existing file.

The FBI has confirmed what cybersecurity researchers have been saying for months: the North Korean-sponsored Lazarus Group was behind the theft last year of $100 million in crypto assets from blockchain startup Harmony. In its January 23 statement on the matter, the FBI said the attack on Harmony was part of a North Korean malware campaign named "TraderTraitor."

The FBI has confirmed that the North Korean state-sponsored 'Lazarus' and APT38 hacking groups were behind the theft of $100 million worth of Ethereum stolen from Harmony Horizon in June 2022. Yesterday, the FBI confirmed that two North Korean hacking groups, Lazarus and APT38, were behind the attack.

The U.S. Federal Bureau of Investigation on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations.