HackDig : Dig high-quality web security articles

US sanctions crypto mixer Tornado Cash used by North Korean hackers

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash today, a decentralized cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019.The North Korean-backed APT Lazarus Group also used the crypto mixer to launder approximately $455 million stolen in the largest known cryptocur
Publish At:2022-08-08 13:47 | Read:149 | Comments:0 | Tags:Security CryptoCurrency hack

Thousands of Solana wallets drained in attack using unknown exploit

An overnight attack on the Solana blockchain platform drained thousands of software wallets of cryptocurrency worth millions of U.S. dollars.The platform has started an investigation and is currently trying to determine how the malicious actors managed to drain the funds.In a statement today, Solana said that at 5 AM UTC the attack impacted more than 7,700 w
Publish At:2022-08-03 09:48 | Read:274 | Comments:0 | Tags:Security CryptoCurrency exploit

Hackers steal $6 million from blockchain music platform Audius

The decentralized music platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.Audius is a decentralized streaming platform hosted on the Ethereum blockchain where artists can earn AUDIO tokens by sharing their music, and users can earn tokens by curating and listening to content.A
Publish At:2022-07-26 13:46 | Read:251 | Comments:0 | Tags:Security CryptoCurrency hack

Ex-Coinbase manager charged in first crypto insider-trading case

The U.S. Department of Justice has charged a former Coinbase manager and two co-conspirators with wire fraud conspiracy and scheme to commit insider trading in cryptocurrency assets.This is the first case of its kind in litigation history and a signal that those performing cryptocurrency and NFT fraud will be targeted by law enforcement.Coinbase is an Americ
Publish At:2022-07-21 17:56 | Read:347 | Comments:0 | Tags:CryptoCurrency Legal

Fraudulent cryptocurrency investment apps are duping investors

Together with the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. The threat actors convince investors to download fraudulent mobile apps with the promis
Publish At:2022-07-19 11:52 | Read:286 | Comments:0 | Tags:Scams Social engineering applications cryptocurrency fbi fin

CoinPayments to shut down in US — 5 days left to withdraw funds

Global crypto payments gateway, CoinPayments.net is ceasing operations in the United States soon and has advised users to withdraw their assets before July 19th, 2022.The short notice given by the exchange via a private email left some customers suspecting if this was an "exit scam" or caused by another mysterious incident.Crypto platform shut down
Publish At:2022-07-14 09:48 | Read:320 | Comments:0 | Tags:Technology CryptoCurrency

Hackers stole $620 million from Axie Infinity via fake job interviews

The hack that caused Axie Infinity losses of $620 million in crypto started with a fake job offer from North Korean hackers to one of the game’s developers.The attack happened in March 2022 and pushed into the ground the then massively popular and quickly-growing game from Sky Mavis.By April 2022, the FBI was able to link the attack to the&nb
Publish At:2022-07-12 14:20 | Read:345 | Comments:0 | Tags:Security CryptoCurrency hack

Fake job offer leads to $600 million theft

Back in March, popular NFT battler Axie Infinity lay at the heart of a huge cryptocurrency theft inflicted on the Ronin network. From the Ronin newsletter: There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,
Publish At:2022-07-08 16:02 | Read:321 | Comments:0 | Tags:Cybercrime cryptocurrency cybercrime infinity malware nodes

AstraLocker 2.0 ransomware isn’t going to give you your files back

Reversing Labs reports that the latest verison of AstraLocker ransomware is engaged in a a so-called “smash and grab” ransomware operation. Smash and grab is all about maxing out profit in the fastest time. It works on the assumption by malware authors that security software or victims will find the malware quickly, so it’s better to get
Publish At:2022-07-01 16:02 | Read:478 | Comments:0 | Tags:Ransomware astralocker cryptocurrency email OLE object ranso

A week in security (June 20 – June 26)

Last week on Malwarebytes Labs: LinkedIn scams are a “significant threat”, warns FBIDDoS-for-hire service provider jailedInternet Safety Month: 7 tips for staying safe online while on vacationClient-side Magecart attacks still around, but more covertSecurity vulnerabilities: 5 times that organizations got hackedYou can be tracked online using
Publish At:2022-06-27 07:53 | Read:338 | Comments:0 | Tags:A week in security 311 7-zip APT28 catfishing chrome conti C

Rogue cryptocurrency billboards go phishing for wallets

Billboards and digital real world advertising has raised many questions of privacy and anonymity in recent years. Until now, the primary concern has been (mostly) legal, yet potentially objectionable geolocation and user profiling. Bluetooth beacons work in tandem with geofenced billboards to send you offers. Stores follow your movements and tailor products
Publish At:2022-06-23 11:51 | Read:519 | Comments:0 | Tags:Scams advert advertisement billboard bitcoin crypto cryptocu

LinkedIn scams are a “significant threat”, warns FBI

Digital currency fraud is a growing issue on social media, and LinkedIn is no different. In fact, according to according to Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices, cryptocurrency scams are big business on LinkedIn. “It’s a significant threat. This type of fraudulent activity is si
Publish At:2022-06-20 13:00 | Read:652 | Comments:0 | Tags:Scams business cryptocurrency fraud LinkedIn pig butcher sca

MetaMask, Phantom warn of flaw that could steal your crypto wallets

MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it.Recovery phrases, otherwise known as “seeds,” are a series of words that function as a human-readable version of your wallet's private key.Anyone wh
Publish At:2022-06-16 10:56 | Read:1357 | Comments:0 | Tags:Security CryptoCurrency

Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto

Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services.The malicious activity has been identified earlier this year in March. Researchers at Confiant named this activity cluster SeaFlower and describe it as "t
Publish At:2022-06-13 18:51 | Read:761 | Comments:0 | Tags:Security CryptoCurrency hack

Hackers exploit recently patched Confluence bug for cryptomining

A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers.The vulnerability, tracked as CVE-2022-26134, was discovered as an actively exploited zero-day at the end of May, while the vendor released a fix on June 3, 2022.Various
Publish At:2022-06-10 14:53 | Read:629 | Comments:0 | Tags:Security CryptoCurrency exploit hack

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud