Security News
Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. Although it is unclear how many MetaMask users fell for the scam, some say they ended up with empty wallets after clicking on a fraudulent search ad being promoted as the MetaMask site.
Cybercriminals were able to change the DNS settings of some cryptocurrency websites after tricking GoDaddy employees into providing them with access to customer accounts. On November 18, both services announced that threat actors were able to breach their internal systems after GoDaddy incorrectly handed over control of their accounts.
A recent social-engineering "Vishing" attack on domain registrar GoDaddy temporarily handed over control of cryptocurrency service sites NiceHash and Liquid to fraudsters, exposing personal information of users. "A routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information," the statement read. "Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees."
The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.
UPDATE. Hackers took over President Trump's 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. "While the hacked page claimed that the threat actors responsible compromised"multiple devices" that gave them "full access" to internal and secret conversations" of "Trump and relatives," there is no evidence that these statements are true, according to the Trump campaign.
Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims' computer resources to mine the Monero virtual currency. Researchers warn that Lemon Duck is "One of the more complex" mining botnets, with several interesting tricks up its sleeve.
In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.
The United States Department of Justice on Wednesday unsealed an indictment against two Russian nationals allegedly engaged in cryptocurrency fraud schemes. The two, Danil Potekhin and Dmitrii Karasavidi, allegedly targeted three cryptocurrency exchanges - two in the United States and one abroad - and their customers to defraud them of at least $16.8 million in virtual currency.
U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. Prosecutors say the men then laundered the stolen funds through an array of intermediary cryptocurrency accounts - including compromised and fictitiously created accounts - on the targeted cryptocurrency exchange platforms.
Another month, another cryptocurrency exchange hacked and 'millions of dollars' stolen by miscreants
"We want to reassure everyone that this event won't stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible." If you're running Multi-Factor Authentication or Palo Alto's Captive Portal interface, an attacker can exploit a buffer overflow to ultimately gain code execution as root.