Security News

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format artifact that functions as a bot and can run scripts on the compromised host using the Tox protocol.

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "This vulnerability has been present in CAS software since version 2020-12-08.".

Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies.

If we turn back the clock to five years ago, that's when Slack started leaking hashed passwords. If you're a Slack user, I would assume that if they didn't realise they were leaking hashed passwords for five years, maybe they didn't quite enumerate the list of people affected completely either.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains. The hackers targeted deBridge Finance employees on Thursday with an email purporting to be from the company co-founder, Alex Smirnov, allegedly sharing new information about salary changes.

The US Treasury Department is levying sanctions against Tornado Cash, a notorious cryptocurrency mixer that it says has been used by threat groups like ransomware gang Lazarus to launder stolen digital assets. According to the government agency, Tornado Cash has been used to launder more than $455 million stolen by the North Korean-supported Lazarus Group, including more than $96 million in Wrapped Bitcoin, Ethereum and other digital assets from blockchain startup Harmony's Horizon Bridge service in June.

Email marketing firm Klaviyo suffered a data breach on August 3rd. Hackers gained access to internal systems after stealing an employee's credentials via a phishing attack. Hacker downloaded marketing lists used by cryptocurrency-related accounts, and for Klaviyo product and marketing updates.

The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Tornado Cash today, a decentralized cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019. The North Korean-backed APT Lazarus Group also used the crypto mixer to launder approximately $455 million stolen in the largest known cryptocurrency heist ever.

A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry. A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack.