Eclipse attacks are a special type of cyberattack where an attacker creates an artificial environment around one node, or user, which allows the attacker to manipulate the affected node into wrongful action. By isolating a target node from its legitimate neighboring nodes, eclipse attacks can produce illegitimate transaction confirmations, among other effects on the network. While these types of attacks isolate individual nodes, the effectiveness of eclipse attacks at disrupting network nodes a
cryptocurrency (24)
Microsoft representatives have warned that adversaries use OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an analysis. The misuse of OAuth also enables threat actors to maintain access to applications even if the
In the secretive world of venture capital and startups, information means access and it means money. And so, it is rare that we see closely-guarded information the financials, the emails, the cap table all picked apart and challenged for anyone who chooses to pay attention. It is rare we hear a startup’s executives give unadulterated answers to questions on the record, under oath laying out how things really went under the hood. We only get that kind of a look at a private company when things
A highly sophisticated piece of malware posing as a cryptocurrency miner has stayed hidden for five years, infecting more than one million devices, cybersecurity investigators warn. Named StripedFly, the threat contains code sequences previously observed in the malware used by the threat actor known as the Equation Group, known for APT malware and attacks, which has been linked to the US National Security Agency.
Designed as a modular framework, StripedFly can target both Windows and Linux and
A new malware-as-a-service option for cybercriminals known as BunnyLoader was released on September 4th, 2023. It has since seen a variety of updates and has reached version 2.0. As one might expect from any number of the “as a service” monikers, malware-as-a-service is a business model for cybercriminals. The business model is such that malware and its associated infrastructure are provided to customers for a fee. This can also be seen as a variation to the software-as-a-service model.
Thos
"There's a sucker born every minute" is a phrase closely associated with PT Barnum, an American showman of the mid-19th century, although there is no evidence that he said it. Early examples of its use are among gamblers and confidence tricksters of the era. A previously undetected cryptocurrency scam has leveraged over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.
This massive campaign has likely resulted in thousands of people being scamm
FortiGuard Labs discovered an ongoing threat campaign targeting YouTube viewers searching for pirated software earlier this month. Videos advertising downloads of “cracked” (aka pirated) software are uploaded by verified YouTube channels with a large number of subscribers. Victims are led to execute malicious binaries that install multiple malware into their systems focused on harvesting credentials, cryptojacking, and stealing cryptocurrency funds from wallets.
While investigating this campai
Americans do not have a lot of faith in cryptocurrency. Around 75% of those familiar with crypto say they are not confident that the current ways to invest in, trade or use cryptocurrency are reliable and safe, according to Pew Research Center’s April 2023 survey of 10,071 people ages 18 and older living in the US. The survey found that about 18% say they are somewhat confident, but just 6% feel extremely or very confident. Confidence varies by age as well. The survey found that about 66% of
In the cryptocurrency ecosystem, coins have a story, tracked in the unchangeable blockchains underpinning their economy. The only exception, in some sense, is a cryptocurrency freshly generated by its owner's computational power. Unsurprisingly, Kim Jong-Un’s North Korean hackers have begun adopting a new trick to launder the coins they steal from victims worldwide and use their dirty, stolen coins in services that allow them to mine innocent new ones.
Recently, cybersecurity investigators pub
Another day and another US Securities and Exchange Commission (SEC) crypto crackdown case. Recently, the US regulator announced emergency action against investment adviser BKCoin Management in connection with an alleged fraud scheme.
The SEC alleged on 07 March 2023 that Miami-based BKCoin Management raised $100 million from at least 55 investors to plug into cryptocurrency. Instead, it was used to spend on luxury items and make “Ponzi-like payments” to investors to hide their fraud. The inv
The following article is based on the opinions of cyber threats and financial professionals and is not intended to place blame on any parties. It is an important topic that has been brought to the attention of the US Government, even before the fall of the FTX Exchange.
See: https://redskyalliance.org/xindustry/sec-chairman-pushes-for-more-cryptocurrency-regulations
The seemingly limitless innovations from information technology have created enormous opportunities for all kinds of predatory be
North Korea’s BlueNoroff hackers have updated their strategies and delivery techniques in a new wave of attacks targeting banks and venture capital firms according to cyber threat investigators. Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyber-attacks targeting banks, cryptocurrency firms, and other financial institutions.
The campaign by BlueNoroff has been in operation at least since 2017. It us
The fall of the FTX crypto exchange forced many investors to seriously reconsider their overall approach to investments starting from self-custody to verifying the on-chain existence of funds. This shift in approach was driven primarily by the lack of trust crypto investors have in the entrepreneurs after being duped by FTX CEO and co-founder Sam Bankman-Fried.
FTX crashed after Mr. Bankman-Fried and his accomplices were caught secretly reinvesting users’ funds, resulting in the misplacement of
Researchers found buried deep in a 61-page recent report by the U.S. Attorney General, the Biden Administration called for a dramatic expansion in the federal government’s ability to seize and keep cryptocurrency. If enacted, the proposed changes would bolster both criminal forfeiture, which requires a conviction to permanently confiscate property, as well as civil forfeiture, which does not require a conviction or even criminal charges to be filed. Notably, the report’s release was coupled wit
Cyber threat investigators say do not let the ongoing "crypto winter" lull you into a false sense of cybersecurity. The phrase “crypto winter” likely came from the hit HBO series, “Game of Thrones.” In the series, the motto of the House of Stark was “Winter Is Coming.” It was considered a warning that lasting conflict could descend on the land of Westeros at any time. Similarly, an extended period of trouble may be settling over the crypto market. During this difficult time, you must remain
The State of NJ NJCCIC continues to receive reports of stolen cryptocurrency and recently reported on observed tactics that often include the use of social engineering. The FBI issued a notification this week alerting financial institutions and investors that cybercriminals are creating fraudulent cryptocurrency investment apps to defraud cryptocurrency investors. The cybercriminals were observed contacting investors and convincing them to download fraudulent cryptocurrency investment mobile a
Cryptocurrency storage is one of the most important things that investors should consider when joining the burgeoning digital asset market. Most people investing in this space have little to no knowledge of the existing options. Crypto exchanges currently hold the larger share of investors’ capital despite the associated risks, including hacking and regulatory pressures from oversight authorities.
There are two types of crypto wallets; custodial and non-custodial. The former is offered by cen
It has been reported that cyber criminals are sending out millions of phishing emails a day, using extortion and other schemes to steal Bitcoin and other cryptocurrencies from victims. The phishing attacks use a variety of techniques to trick people into transferring sums of Bitcoin, including phony requests for charity donations and Business Email Compromise BEC scams.
See: https://redskyalliance.org/xindustry/what-the-heck-is-bec
According to a report by cybersecurity researchers at Proofpoi
The US government is reportedly set to announce new measures, including sanctions to deter cryptocurrency businesses from getting involved in laundering and facilitating ransomware payments. People familiar with the matter told the Wall Street Journal that the US Treasury Department could enact the new sanctions as early as the week of 20 September 2021. They will reportedly target cryptocurrency exchanges and traders who either knowingly or unwittingly enable cybercrime transactions. Among ot
There appears to be continuing data breach campaign inside the THORChain’s security system. THORChain is a cross-chain DeFi protocol that was hacked last week for the first time and suffered a loss of $8.3 million. Now it has been hacked again, and this time, attackers allegedly managed to steal $8 million worth of cryptocurrency Ether.
According to THORChain, the decentralized e-commerce exchange has become a victim of a sophisticated attack on its ETH router. THORChain posted to Twitter to a
