Security News
China's Ministry of Industry and Information Technology has warned local netizens that fake wallet apps for the nation's central bank digital currency are already circulating and being abused by scammers. Using the digital currency requires an app - here's the iOS version - and a link to a bank account.
The Reserve Bank of India announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline. Indian media report that governor Shaktikanta Das outlined scenarios for the programmable digital rupee, including allowing government agencies to ensure payments to citizens are only used for defined benefits.
The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. "Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks," Brian E. Nelson, under secretary of the Treasury for terrorism and financial intelligence, said.
The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity. The U.S. Department of the Treasury's Office of Foreign Assets Control unveiled the action-which basically freezes all of the assets and business of Tornado Cash and prohibits anyone from doing business with the service-on Monday, citing a number of occasions that the service laundered crypto for hackers.
DOUG. A critical Samba bug, yet another crypto theft, and Happy SysAdmin Day. Moving on to something not so great: a memory mismanagement bug in GnuTLS. DUCK. Yes, I thought this was worth writing up on Naked Security, because when people think of open-source cryptography, they tend to think of OpenSSL. Because that's the one that everybody's heard of, and it's the one that's probably had the most publicity in recent years over bugs, because of Heartbleed.
Myanmar's military junta has floated a cyber security law that would ban the use of virtual private networks, under penalty of imprisonment and/or fines, leaving digital rights organisations concerned about the effects of further closing the country off digitally to the outside world. As the country faced a military coup in February 2021, the newly installed Tatmadaw banned Facebook, Instagram, and Twitter, prompting users in the country to rely on VPNs to retain access to their preferred online communication services.
There are significant privacy challenges that could make eNaira a lot less attractive. Identification and authentication can pose additional privacy risks because of their central role in onboarding users to the eNaira wallet and ensuring equal access for all users to meet the financial inclusion aspiration of the CBN. Under the CBN's Circular and Guideline [PDF] on the eNaira issued on 25 October, the national identity number and/or biometric verification number are the unique identifiers for users to "Self-onboard" to the eNaira speed wallet.
A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin allows e-tailers to set pricing for international shoppers; the plugin automatically detects a customer's geolocation and displays pricing in the customer country's currency, with the exchange rate set manually or automatically using current exchange rates.
Kaspersky experts analyzed Olympic-related phishing attacks and found fake pages offering streaming services, tickets to events that won't have spectators, and even a fake Olympic Games virtual currency. Security experts found a website selling a virtual currency that is supposed to be a support fund for Olympic athletes.
North Korean hackers stole millions of dollars from virtual currency accounts and then laundered the stolen funds in hopes of making the crime untraceable, according to a Justice Department civil forfeiture complaint filed Thursday. It comes months after Justice Department officials accused hackers from North Korea of stealing nearly $250 million worth of virtual currency and charged two Chinese hackers with laundering more than $100 million from the hack.