Security News
The SQUID cryptocurrency peaked at a price of $2,861 before plummeting to $0 around 5:40 a.m. ET., according to the website CoinMarketCap. This kind of theft, commonly called a "Rug pull" by crypto investors, happens when the creators of the crypto quickly cash out their coins for real money, draining the liquidity pool from the exchange.
The Federal Bureau of Investigation warns that victims of various fraud schemes are increasingly asked by criminals to use cryptocurrency ATMs and Quick Response codes, making it harder to recover their financial losses. "The FBI has seen an increase in scammers directing victims to use physical cryptocurrency ATMs and digital QR codes to complete payment transactions," the federal law enforcement agency said.
In what maybe peak hype, Squid Game has its own cryptocurrency. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Sadly, a lot of the cryptocurrency news that we write about on Naked Security involves cybercriminals getting mixed up in things, often with depressing results. Well, we're delighted to bring you much happier news today of a cryptocurrency "Venture" with a lighter side, this time under the "Leadership" of a certain Mr. Goxx.
"Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering." As incident after incident of ransomware infection requires payments in cryptocurrency, there is little reason to doubt this is a crytpocurrency crackdown.
All those dubious excuses needed by traditional romance scammers to talk you into using wire transfer services to send money, or into buying them gift cards and sending through the redemption codes, are replaced by a sense of structure: there's a genuine app for this investment! The cryptorom scammers will even offer you an app if you have an iPhone, where Apple's "Walled garden" approach of requiring all consumer app downloads to come from the Apple App Store almost certainly persuades many victims that the cryptorom app must indeed have some sort of official authorisation or approval.
A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following public reports of stolen cryptocurrency wallets triggered by free airdropped NFTs. The issues were fixed in less than one hour of responsible disclosure on September 26, 2021.
Ukrainian police have reportedly arrested two members of a ransomware gang - and while some have fingered REvil, no firm details have been published by cops from multiple countries. A round of speculation was triggered when inter-EU law enforcement body Europol declared this morning that Ukrainian fuzz had arrested "Two prolific ransomware operators known for their extortionate demands," claimed to be up to €70m. One of the two suspects arrested on 28 September, according to the National Police of Ukraine, was a "Hacker".
The Security Service of Ukraine has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency investors worldwide. Fraudsters behind these illegal call centers used VoIP phone numbers to hide their locations while scamming thousands of foreign investors.
A malicious Firefox add-on named "Safepal Wallet" scammed users by emptying out their wallets and lived on the Mozilla add-ons site for seven months. Safepal is a cryptocurrency wallet application capable of securely holding more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin.