Security News

Twitter has officially rolled out its Twitter Blue program for an $8 monthly fee that confers upon the Tweeter multiple benefits, including the much-sought blue badge. A stark distinction so far that separates Twitter Blue accounts with the blue badge from 'notable' accounts verified prior to the new policy rollout is the wording contained within the blue badge.

The theft of billions of dollars in cryptocurrency over recent months could have been prevented, and confidential computing is a key to the security fix. Fireblocks uses confidential computing for multi-party computation for private key security.

The White House's second International Counter Ransomware Initiative summit has concluded, and this year the 36-nation group has made clear it intends to crack down on how cryptocurrencies are used to finance ransomware operations. Last year's summit ended with far fewer actionable, concrete steps in this direction, concluding with a joint statement indicating "Countering illicit finance" was a priority without stating in specific terms that the Countering Ransomware Initiative was focused on cryptocurrencies.

A new clipboard stealer called Laplas Clipper spotted in the wild is using cryptocurrency wallet addresses that look like the address of the victim's intended recipient. Standard clipboard stealers, also called clippers, monitor the Windows clipboard and activate when they detect a cryptocurrency wallet address that users typically copy as the destination for a payment.

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report.

Even as cryptocurrencies lose value - and some crypto companies file for bankruptcy - cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use of an unwitting party's compute and/or server power by a malicious actor to mine cryptocurrencies.

According to court documents [PDF] filed Friday in federal New York City court, Ellis Pinsky agreed to pay Michael Terpin $22 million for his starring role in the SIM swap and Bitcoin heist. In a Rolling Stone interview over the summer, Pinsky - dubbed Baby Al Capone by the media - admitted he swiped millions in crypto-coins from Terpin via a SIM swap.

Feds also said the biz sucked at policing transactions for suspicious activity – as if! Bittrex will cough up $53 million after being accused of flouting US sanctions and breaking federal money...

MasterCard has named its effort Crypto Secure and says it "Allows to better assess the risk profile of crypto exchanges or other providers." Kelly told The Register that crypto exchanges are currently rated as similar risks to purveyors of gambling and prostitution - sectors known as "Risky and frisky" in the payments industry.

Hackers are airdropping NFTs to Solana cryptocurrency owners pretending to be alerts for a new Phantom security update that lead to the installation of password-stealing malware and the theft of cryptocurrency wallets. When visiting these sites from any device, the site automatically downloads a Windows batch file named Phantom Update 2022-10-08.bat [VirusTotal] from DropBox.