Security News

Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange
2021-12-06 20:03

Cryptocurrency trading platform BitMart has disclosed a "Large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. " Hot wallets, as opposed to their cold counterparts, are connected to the internet and allow cryptocurrency owners to receive and send tokens.

BadgerDAO DeFi defunded as hackers apparently nab millions in crypto tokens
2021-12-02 22:58

BadgerDAO, maker of a decentralized finance protocol, said on Wednesday that it is investigating reports that millions in user funds have been stolen. The DAO in BadgerDAO stands for Decentralized Autonomous Organization, which means the company is "Run by our users - not VCs, whales, or institutions".

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells
2021-11-21 23:12

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog -.

Office 365 Phishing Campaign Abuses Stolen Amazon SES Token
2021-11-02 00:29

A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. Office 365 credentials are a common target for phishing attacks.

Kaspersky's stolen Amazon SES token used in Office 365 phishing
2021-11-01 17:25

Kaspersky said today that a legitimate Amazon Simple Email Service token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.

PyPI packages caught stealing credit card numbers, Discord tokens
2021-07-30 12:18

The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. Malware steals credit card numbers, browser files, Discord tokens.

NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens
2021-04-19 19:23

The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. According to an analysis by Bleeping Computer, the ransomware verifies that the provided Discord gift codes are valid, and decrypts the files using an embedded static decryption key.

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens
2020-09-28 15:15

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens
2020-09-28 15:15

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.

Singapore government scraps physical 2FA tokens for government services
2020-04-01 03:26

Singapore will bin the physical tokens used to provide two-factor authentication for some digital government services. The city-state operates "SingPass", a government service that connects Singapore's residents with 200 government services.