Security News

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement.

You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.

Cryptocurrency trading platform BitMart has disclosed a "Large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. " Hot wallets, as opposed to their cold counterparts, are connected to the internet and allow cryptocurrency owners to receive and send tokens.

BadgerDAO, maker of a decentralized finance protocol, said on Wednesday that it is investigating reports that millions in user funds have been stolen. The DAO in BadgerDAO stands for Decentralized Autonomous Organization, which means the company is "Run by our users - not VCs, whales, or institutions".

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog -.

A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. Office 365 credentials are a common target for phishing attacks.

Kaspersky said today that a legitimate Amazon Simple Email Service token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.

The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. Malware steals credit card numbers, browser files, Discord tokens.

The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. According to an analysis by Bleeping Computer, the ransomware verifies that the provided Discord gift codes are valid, and decrypts the files using an embedded static decryption key.

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.