Security News
According to researchers at cyber-intelligence outfit Cyble, the Eternity site's operators also have a channel on Telegram, where they provide videos detailing features and functions of the Windows malware. Once someone decides to purchase of one or more of Eternity's malware components, they have the option to customize the final binary executable for whatever crimes they want to commit.
A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories. Binance mystery boxes are sets of random non-fungible token items that people buy, hoping they'll receive a unique or rare item at a bargain price.
Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. The fraudsters made more than $1.3 million after re-streaming an edited version of an old live panel discussion on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest's "The Word" conference.
Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. At a quick search, BleepingComputer found that close to 10 YouTube channels have published the discussion, albeit in a smaller format edited to include additional elements that promoted the scam, including the link to the fraudulent crypto giveaway website.
The U.S. Securities and Exchange Commission on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse 20 additional positions with the goal of investigating wrongdoing in the crypto markets.
At 15.3 million requests-per-second, the DDoS bombardment was one of the largest that the internet infrastructure company has seen, and the largest HTTPS attack on record. Other countries generating the most traffic included Russia, Brazil, India, Colombia and the US. Cloudflare researchers didn't name the botnet but said it was one that they've been watching and had seen attacks as large as 10 million rps that matched the same fingerprint.
A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research. "Despite the fact that Surf uses reliable cryptographic libraries for the key derivation and the encryption, the sensitive data in the web version of Surf doesn't appear to have adequate protection."
Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations. Java 15-18 ECDSA doesn't sanity check that the random x coordinate and signature proof are nonzero; a signature validates any message.
In this video for Help Net Security, Michael Aminov, Chief Architect at Perception Point, talks about a recent Binance impersonation attack and, more broadly, the ongoing threat landscape impacting the cryptocurrency industry. Cryptocurrencies aren't new, but they have become more mainstream: their use has increased significantly thanks to DeFi, gaming, NFTs, etc.
The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group in the theft of $540 million from video game Axie Infinity's Ronin Network last month. The cryptocurrency heist, the second-largest cryptocurrency theft to date, involved the siphoning of 173,600 Ether and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer their digital assets from one crypto network to another, on March 23, 2022.