U.S. Crypto Firm Nomad Hit By $190 Million Theft

Post-Quantum Encryption Contender Is Taken Out By Single-Core PC And 1 Hour

GnuTLS patches memory mismanagement bug – update now!

GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...

Ransomware Hit The American Dental Association

FileWave Fixes Bugs That Left 1,000+ Orgs Open To Ransomware

U.S. Offers $10 Million Reward for Information on North Korean Hackers

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or

European Cops Helped 1.5 Million Decrypt Ransomwared Computers

LockBit Ransomware Claims Pwn Of Italy's Tax Agency

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This

Elon Musk's Tesla Sells Most Of Its Bitcoin Holdings

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade

Singapore Distances Itself From Local Crypto Companies

US Seizes Stolen Funds From Suspected North Korean Hackers

This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne 

S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]

Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.

Hacking Of US Hospitals Highlights Deadly Risk Of Ransomware

Popular NFT Marketplace Phished for $540M

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

Popular NFT Marketplace Phished for $540M

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs

GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.  According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]

Listen now! Or read if you prefer...

End-To-End Encryption's Central Role In Modern Self Defense

Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign

Researchers have disclosed what they say could be an attempt to kick-off a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. "This was

OpenSSL fixes two “one-liner” crypto bugs – what you need to know

"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...

Cryptocurrency Broker Voyager Digital Files For Bankruptcy Protection

NIST Rolls Out New Encryption Standards To Prepare For Quantum Computing

Canadian cybercriminal pleads guilty to “NetWalker” attacks in US

Bust in Canada, now bust in the USA as well.

“Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list

The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.

FBI Adds Missing Cryptoqueen To Top Ten Most Wanted List

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack

The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week.

Bumblebee Fast Becoming Favorite For Ransomware Gangs

RansomHouse Hits AMD And Claims To Have Stolen 450 Gigs Of Data

Mitel VoIP Bug Exploited In Ransomware Attacks

Harmony blockchain loses nearly $100M due to hacked private keys

The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

OpenSSL issues a bugfix for the previous bugfix

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

Latest epsiode - listen (or read) now!

Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a

Mega Says It Can't Decrypt Your Files. New POC Exploit Shows Different

Capital One identity theft hacker finally gets convicted

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Hidden Anti-Cryptography Provisions In Internet Anti-Trust Bills

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner

U.S. Water Utilities Prime Cyberattack Target, Experts

Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. "As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim

Optimism Crypto Project Hopes Hacker Will Give Back $15 Million

Black Basta Ransomware Teams Up With Malware Stalwart Qbot

Osmosis Blockchain Taken Offline After Hacker Steals $5m

Maiar Exchange Taken Offline After Hacker Steals $113m

FBI Seizes 'SSNDOB' ID Theft Service for Selling Personal Info of 24 Million People

An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue. The action

Ransomware Attacks Have Dropped. Gangs Attack Each Other's Victims

Costa Rican Government Held Up By Ransomware... Again

Meet The Vigilantes Who Hack Millions In Crypto To Save It From Thieves

Evil Corp Pivots LockBit To Dodge U.S. Sanctions

Clipminer Rakes In $1.7m In Crypto Hijacking Scam

Scammers Target NFT Discord Channel

Industrial IoT Ransomware Attacks Control Systems Directly

Russia Nixes US Charges Against REvil As Cooperation Fizzles

Guardian Launches Tor Onion Service

Ransomware Attack Sends US County Back To 1977