Security News

It's said that the pair promoted the idea at a conference in 2018 and a few news outlets picked up on that plan and suggested Rongelap could become "The new Hong Kong.". In a May 2021 publication [PDF] the IMF noted the proposal to create a digital economic zone on Rongelap and characterized it as "Envisioned to focus on virtual means of exchange, including virtual assets."

The National Police of Ukraine took down a network of call centers used by a cybercrime group focused on financial scams and targeting victims of cryptocurrency scams under the guise of helping them recover their stolen funds. The fraudsters behind these illegal call centers were also allegedly involved in scamming citizens of Ukraine and European Union countries interested in cryptocurrency, securities, gold, and oil investments.

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches. "The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.

The campaign entails serving malware through free software hosted on popular sites such as Softpedia and Uptodown. In an interesting tactic, the malware puts off its execution for weeks and separates its malicious activity from the downloaded fake software to avoid detection.

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format artifact that functions as a bot and can run scripts on the compromised host using the Tox protocol.

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "This vulnerability has been present in CAS software since version 2020-12-08.".

Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies.

If we turn back the clock to five years ago, that's when Slack started leaking hashed passwords. If you're a Slack user, I would assume that if they didn't realise they were leaking hashed passwords for five years, maybe they didn't quite enumerate the list of people affected completely either.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains. The hackers targeted deBridge Finance employees on Thursday with an email purporting to be from the company co-founder, Alex Smirnov, allegedly sharing new information about salary changes.