Security News

As you probably know, the server side of a TLS connection usually submits a so-called digital certificate right at the start of proceedings. If the signature checks out and the CA checks out, then the TLS connection is considered verified; if not, you will see one of those "Certificate warning" pages that fraudulent or misconfigured sites provoke.

The findings of a Bolster report, along with real life examples, clearly correlate the rise in crypto scams to the value and popularity of cryptocurrencies as well as the increase in individuals seeking financial assistance during the COVID-19 pandemic. With more than 400,000 crypto scams created in 2020, there was a 40 percent increase compared to 2019.

The CEO of Sky Global - which sold encryption chat software with customized smartphones - has come out fighting after Uncle Sam charged him with knowingly assisting the international drug smuggling trade. "There is no question that I have been targeted, as Sky Global has been targeted, only because we build tools to protect the fundamental right to privacy. The unfounded allegations of involvement in criminal activity by me and our company are entirely false."

UPDATE. Owners of popular QNAP Systems network attached storage devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched. QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360's Network Security Research Lab report a widening campaign targeting over 100 models used by 4.3 million of the company's NAS devices.

Three suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday. Court documents, filed in the District Court in Los Angeles in December last year and now made public [PDF], claim Park Jin Hyok, 36, Jon Chang Hyok, 31, and Kim Il, 27, were hackers employed by the Reconnaissance General Bureau, a North Korean intelligence agency.

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was jointly conducted by law enforcement authorities from the U.K., U.S., Belgium, Malta, and Canada. The sweep comes almost a year after Europol led an operation to dismantle two SIM swap criminal groups that stole €3.5 million by orchestrating a wave of more than 100 attacks targeting victims in Austria, emptying their bank accounts through their phone numbers.

North Korean attacks on crypto exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan's Nikkei. The outlet says it saw that figure in a draft of a United Nations report destined for the desk of the Security Council's North Korea Sanctions Committee.

Apple pushed out an iOS update in something of a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted.

Hundreds of investors in a fake cryptocurrency scam were bilked out of $11 million by John DeMarr, who advised them to invest in fake cryptocurrency "Bitcoiin," took their money and spent it on a Porsche, jewelry and upgrades to his home, a criminal complaint from the Department of Justice alleges. Actor Steven Seagal was hired to promote the company, also known as "Bitcoiin2Gen" or "B2G," and was ordered last year by the Securities and Exchange Commission to pay a $157,000 penalty, without admitting to any crimes.

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code.