Security News

The Cloud Security Alliance has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange security. Drafted by CSA's Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersecurity professionals on the pros and cons of further securing cryptocurrency exchanges, including both Decentralized Exchanges and hosted wallets at cloud-based exchanges, OTC desks, and cryptocurrency swap services.

Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned. As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed.

Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks.

Available at millions of global online businesses and continuing to expand over the coming months, PayPal customers with cryptocurrency holdings in the U.S. will be able to choose to check out with crypto seamlessly within PayPal at checkout. "As the use of digital payments and digital currencies accelerates, the introduction of Checkout with Crypto continues our focus on driving mainstream adoption of cryptocurrencies, while continuing to offer PayPal customers choice and flexibility in the ways they can pay using the PayPal wallet," said Dan Schulman, president and CEO, PayPal.

As you probably know, the server side of a TLS connection usually submits a so-called digital certificate right at the start of proceedings. If the signature checks out and the CA checks out, then the TLS connection is considered verified; if not, you will see one of those "Certificate warning" pages that fraudulent or misconfigured sites provoke.

The findings of a Bolster report, along with real life examples, clearly correlate the rise in crypto scams to the value and popularity of cryptocurrencies as well as the increase in individuals seeking financial assistance during the COVID-19 pandemic. With more than 400,000 crypto scams created in 2020, there was a 40 percent increase compared to 2019.

The CEO of Sky Global - which sold encryption chat software with customized smartphones - has come out fighting after Uncle Sam charged him with knowingly assisting the international drug smuggling trade. "There is no question that I have been targeted, as Sky Global has been targeted, only because we build tools to protect the fundamental right to privacy. The unfounded allegations of involvement in criminal activity by me and our company are entirely false."

UPDATE. Owners of popular QNAP Systems network attached storage devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched. QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360's Network Security Research Lab report a widening campaign targeting over 100 models used by 4.3 million of the company's NAS devices.

Three suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday. Court documents, filed in the District Court in Los Angeles in December last year and now made public [PDF], claim Park Jin Hyok, 36, Jon Chang Hyok, 31, and Kim Il, 27, were hackers employed by the Reconnaissance General Bureau, a North Korean intelligence agency.

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was jointly conducted by law enforcement authorities from the U.K., U.S., Belgium, Malta, and Canada. The sweep comes almost a year after Europol led an operation to dismantle two SIM swap criminal groups that stole €3.5 million by orchestrating a wave of more than 100 attacks targeting victims in Austria, emptying their bank accounts through their phone numbers.