Security News

The Lazarus Group, as the threat actor is typically referred to, has laundered about $100 million in stolen Bitcoin since October 2022 through a single crypto-mixing service called Sinbad. Lazarus behind major crypto heists. Last year, the U.S. Treasury's Office of Foreign Assets Control announced sanctions against the cryptocurrency mixing services Blender and Tornado Cash, which Lazarus had used to launder close to $500 million in illicitly obtained cryptocurrency.

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena video game that could have been exploited to establish backdoor access to players' systems. Following responsible disclosure to Valve, the game publisher shipped fixes on January 12, 2023, by upgrading the version of V8. Game modes are essentially custom capabilities that can either augment an existing title or offer completely new gameplay in a manner that deviates from the standard rules.

The advanced persistent threat actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees.

A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. The attachments range from macro-laced Microsoft Publisher files to PDFs with URLs pointing to JavaScript files.

Tuesday was the official publication date of A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list.

The How to Hack from Beginner to Ethical Hacking Certification helps you pick up that essential knowhow and earn the certificates to prove it. For any business owner, these statistics are pretty terrifying.

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. This includes "Cyber operations targeting the United States and South Korea governments - specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the authorities said.

Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site.

A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma. The attacks start with an email pretending to be a job offer with fake cryptocurrency interviews to lure their targets.

A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems. The threat actor targets victims using phishing emails that include Microsoft Publisher attachments with malicious macros, URLs linking to.