Security News

The decentralized music platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million. Audius is a decentralized streaming platform hosted on the Ethereum blockchain where artists can earn AUDIO tokens by sharing their music, and users can earn tokens by curating and listening to content.

"If you have information on any individuals associated with the North Korean government-linked malicious cyber groups and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the Department revealed Tuesday. One month later, the FBI linked the largest crypto hack ever to two North Korean hacking groups, Lazarus and BlueNorOff, saying they were responsible for the theft of $620 million in Ethereum from Axie Infinity's Ronin network bridge.

The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups' members to $10 million. These increased bounties add to rewards of up to $5 million announced by the State Department in March for info on DPRK-backed threat actors targeting crypto exchanges and financial institutions worldwide to support the North Korean regime's illicit activities.

The U.S. Department of Justice has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. The DoJ did not disclose where the rest of the payments originated from.

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22.

FileWave's mobile device management system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe said in a Monday report.

An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today.

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems.

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were discovered targeting the platform.