Security News

In this video for Help Net Security, Tom Kellermann, Head of Cybersecurity Strategy at VMware, talks about threats against financial institutions and the findings of the Modern Bank Heists 5.0 report. There has been a dramatic uptick of attacks, not just specific to spearphishing, but attacks against APIs, attacks where ransomware was distributed inside infrastructure because of the presence of remote access trojans, island hopping, etc.

Crooks stole non-fungible tokens said to be worth about $3 million after breaking into the Bored Ape Yacht Club's Instagram account and posting a link to a copycat website that sought to harvest marks' assets. "It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything," Bored Ape Yacht Club tweeted Monday morning in a warning that came too late for some of its members.

A new wave of cryptocurrency systems dubbed De-Fi, short for decentralised finance, has arisen to fill that transactional void. Instead of depositing your funds with a licensed and regulated bank, and then trading with those funds by choosing from a carefully curated list of transaction types, De-Fi systems let you invest your money with them, in return for access to a "Smart contract" system that allows you trade automatically with other users of the system in a way to suit yourself.

The Lapsus$ extortion gang briefly alleged over the weekend it had compromised Microsoft. "We are aware of the claims and are investigating," a Microsoft spokesperson told The Register on Monday.

Meyer Corp., maker of Farberware and the largest cookware and bakeware distributor in the U.S., has begun notifying 2,747 employees that a cyberattack that occurred on Oct. 25 compromised their personal data. While the report given to the Maine Attorney General doesn't specifically name the culprit behind the attack, the Conti ransomware group had already announced on its leak site on Nov. 7 it was in possession of the employee data files, according to a report this week on the cyberattack.

Wormhole - a web-based blockchain "Bridge" that enables users to convert cryptocurrencies - said on Thursday that "All funds are safe" after attackers abused a vulnerability to shake it down for 120,000 Ethereum. The popular bridge, which connects Ethereum, the Solana blockchain and more, has reportedly been trying to negotiate on-chain with the attacker since Wednesday's attack.

In spite of customers having reported losses over the weekend, Crypto.com's Thursday statement said that the heist happened on Monday at about 12:46 a.m. UTC. That's when the exchange's risk monitoring systems picked up on unauthorized transactions coming out of 483 accounts and being approved without users' 2FA authentication. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.

Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could. Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched.

A Canadian teenager has been arrested for allegedly stealing $37 million worth of cryptocurrency via a SIM swap scam, making it the largest virtual cash heist affecting a single person yet, according to police. "The joint investigation revealed that some of the stolen cryptocurrency was used to purchase an online username that was considered to be rare in the gaming community," according to a statement from Hamilton Police.

Cryptocurrency investors have been transfixed over the past few days by the antics of a mysterious hacker who stole more than $600 million - before giving some of it back. The hacker struck Poly Network, a company that handles cryptocurrency transfers, on Tuesday in one of the biggest thefts of digital monies in history.