Security News

US reveals 'Target' pic of Conti man with $10m reward offer
2022-08-12 19:30

The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew. "The reward notice included the aliases of the alleged attackers -"Tramp," "Dandis," "Professor,"Reshaev," and "Target" - and came with a photo of a man and a message underneath it that said, "Is this the Conti associate known as 'Target'?".

US govt will pay you $10 million for info on Conti ransomware members
2022-08-11 21:46

The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time. Today, for the first time, the State Department revealed the face of a known Conti ransomware operator known as 'Target,' offering rewards of up to $10 million for information on him and four other members known as 'Tramp,' 'Dandis,' 'Professor,' and 'Reshaev.

What the Zola Hack Can Teach Us About Password Security
2022-08-11 10:24

Password security is only as strong as the password itself. Let's look at the Zola breach and why it emphasizes the need for organizations to bolster their password security and protect against various types of password attacks.

Ex-CISA chief Krebs calls for US to get serious on security
2022-08-10 23:26

It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs. Or, if that's too ambitious for Uncle Sam, Krebs proposed to at least pull CISA out of the Department of Homeland Security and make it a sub-cabinet agency that's allowed to operate independently.

As Black Hat kicks off, the US government is getting the message on hiring security talent
2022-08-10 20:58

With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring. Katie Moussouris, founder of Luta Security, knows a thing or six about recruiting new security talent and was invited to the White House last month to help advise on policy.

Cloudflare: Someone tried to pull the Twilio phishing tactic on us too
2022-08-10 14:23

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services. According to Cloudflare, it recorded a very similar incident late last month, which could suggest the two attacks may have originated from the same attacker or group.

US treasury whips up sanctions for crypto mixer Tornado Cash
2022-08-08 23:00

The US Treasury Department is levying sanctions against Tornado Cash, a notorious cryptocurrency mixer that it says has been used by threat groups like ransomware gang Lazarus to launder stolen digital assets. According to the government agency, Tornado Cash has been used to launder more than $455 million stolen by the North Korean-supported Lazarus Group, including more than $96 million in Wrapped Bitcoin, Ethereum and other digital assets from blockchain startup Harmony's Horizon Bridge service in June.

US sanctions crypto mixer Tornado Cash used by North Korean hackers
2022-08-08 15:21

The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Tornado Cash today, a decentralized cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019. The North Korean-backed APT Lazarus Group also used the crypto mixer to launder approximately $455 million stolen in the largest known cryptocurrency heist ever.

Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal?
2022-08-05 19:43

Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10 percent as a bounty for discovering the security flaw, and Nomad will consider this a "White-hat" hack, as opposed to plain old theft, and not take legal action. Update: Nomad Bridge Hack Bounty(see below for details)Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 https://t.

Warning! Critical flaws found in US Emergency Alert System
2022-08-05 18:05

The US government is warning of critical vulnerabilities in its Emergency Alert System systems that, if exploited, could enable intruders to send fake alerts out over television, radio, and cable networks. The system is designed to ensure that the president can address US citizens within 10 minutes during a national emergency and requires that radio and TV broadcasters, cable TV, wireless cable systems, satellite, and wireline operators ensure that can happen.