Security News

Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything's fine. CEO Evgeny Gaevoy admitted on Twitter that Wintermute was suffering from an "Ongoing hack" affecting its decentralized finance operations, while its centralized finance and over-the-counter trading operations were unaffected.

Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen. The biz said work on Grand Theft Auto 6 will continue as planned and that the game's development and release schedule should not be affected.

Threat actors are making their way around two-factor authentication and using other clever evasion tactics in a recently observed phishing campaign aimed at taking over Coinbase accounts to defraud users of their crypto balances. Attackers employ a range of tactics to avoid detection, including one researchers call "Short lived domains"-in which the domains used in the attack "Stay alive for extremely short periods of time"-that deviates from typical phishing practices, researchers wrote.

In this video for Help Net Security, Tom Kellermann, Head of Cybersecurity Strategy at VMware, talks about threats against financial institutions and the findings of the Modern Bank Heists 5.0 report. There has been a dramatic uptick of attacks, not just specific to spearphishing, but attacks against APIs, attacks where ransomware was distributed inside infrastructure because of the presence of remote access trojans, island hopping, etc.

Crooks stole non-fungible tokens said to be worth about $3 million after breaking into the Bored Ape Yacht Club's Instagram account and posting a link to a copycat website that sought to harvest marks' assets. "It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything," Bored Ape Yacht Club tweeted Monday morning in a warning that came too late for some of its members.

A new wave of cryptocurrency systems dubbed De-Fi, short for decentralised finance, has arisen to fill that transactional void. Instead of depositing your funds with a licensed and regulated bank, and then trading with those funds by choosing from a carefully curated list of transaction types, De-Fi systems let you invest your money with them, in return for access to a "Smart contract" system that allows you trade automatically with other users of the system in a way to suit yourself.

The Lapsus$ extortion gang briefly alleged over the weekend it had compromised Microsoft. "We are aware of the claims and are investigating," a Microsoft spokesperson told The Register on Monday.

Meyer Corp., maker of Farberware and the largest cookware and bakeware distributor in the U.S., has begun notifying 2,747 employees that a cyberattack that occurred on Oct. 25 compromised their personal data. While the report given to the Maine Attorney General doesn't specifically name the culprit behind the attack, the Conti ransomware group had already announced on its leak site on Nov. 7 it was in possession of the employee data files, according to a report this week on the cyberattack.

Wormhole - a web-based blockchain "Bridge" that enables users to convert cryptocurrencies - said on Thursday that "All funds are safe" after attackers abused a vulnerability to shake it down for 120,000 Ethereum. The popular bridge, which connects Ethereum, the Solana blockchain and more, has reportedly been trying to negotiate on-chain with the attacker since Wednesday's attack.

In spite of customers having reported losses over the weekend, Crypto.com's Thursday statement said that the heist happened on Monday at about 12:46 a.m. UTC. That's when the exchange's risk monitoring systems picked up on unauthorized transactions coming out of 483 accounts and being approved without users' 2FA authentication. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.