Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

Leave a Comment / Cyber Attacks /

Hackers have taken digital assets worth over $160 million from cryptocurrency trading company Wintermute in the latest crypto crime to attack the decentralised finance (DeFi) sector. Unauthorized transfers of USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker’s wallet were part of the hack. The business claimed that the […]

Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident Read More »

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

Leave a Comment / Vulnerabilities /

WPGateway, a premium WordPress plugin, has a zero-day vulnerability that is already being aggressively abused in the wild, giving bad actors the capability to entirely take over vulnerable websites. According to WordPress security firm Wordfence, the vulnerability, identified as CVE-2022-3180 (CVSS score: 9.8), is being exploited to install a malicious administrator user to websites using

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability Read More »

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

Leave a Comment / Cyber Attacks /

Wide-ranging penalties against ten people and two organizations supported by Iran’s Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020 were announced on Wednesday by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). According to the FBI, some of the individuals’ online activities can be attributed

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks Read More »

New Malware Targeting YouTube Gamers Uncovered

Leave a Comment / Cyber Attacks /

Links to harmful password-protected archive files intended to install the RedLine Stealer malware and crypto miners on infected devices are being sent to gamers searching for cheats on YouTube. In a new report released today, Kaspersky security researcher Oleg Kupreev stated that “the videos sell cheats and crackers and provide advice on hacking popular games

New Malware Targeting YouTube Gamers Uncovered Read More »

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

Leave a Comment / Cyber Attacks /

The criminal underworld is promoting a new phishing-as-a-service (PhaaS) toolkit called EvilProxy as a way for threat actors to get beyond the two-factor authentication (2FA) safeguards put in place against internet services. In a report published on Monday, Resecurity researchers stated that “EvilProxy actors are exploiting reverse proxy and cookie injection methods to overcome 2FA

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security Read More »

Shopify Caught Using Weak Password Policy Involved in Password Breaches

Leave a Comment / Data Breach /

According to a recent revelation, the Shopify customer-facing section of its website has extremely lax password requirements. The article claims that Shopify requires its users to create passwords that are at least five characters long and do not contain a space at the start or end. One billion passwords that were known to have been

Shopify Caught Using Weak Password Policy Involved in Password Breaches Read More »

Samsung Acknowledges Data Breach that Leaked Information About Some US Customers

Leave a Comment / Cyber Attacks /

This is the second time this year that South Korean chaebol Samsung has disclosed a cybersecurity incident that led to the unlawful access of certain customer information. Samsung stated in a notice that “in late July 2022, an unauthorized third-party obtained information from several of Samsung’s U.S. networks.” We discovered through our continuing investigation that

Samsung Acknowledges Data Breach that Leaked Information About Some US Customers Read More »

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Leave a Comment / Uncategorized /

To protect the ecosystem against supply chain threats, Google on Monday unveiled a new bug bounty program for its open source projects that offers rewards ranging from $100 to $31,337 (a reference to eleet or leet). One of the first open source-specific vulnerability programs is known as the Open Source Software Vulnerability Rewards Program (OSS

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks Read More »

Hackers Distributing Malware Using Fake DDoS Protection Pages

Leave a Comment / Cyber Attacks /

Hackers are using WordPress websites to show fake Cloudflare DDoS protection pages that spread malware like NetSupport RAT and Raccoon Stealer. According to a report last week by Sucuri’s Ben Martin, a recent spike in JavaScript injections that target WordPress sites has led to phony DDoS prevent prompts that direct victims to download remote access

Hackers Distributing Malware Using Fake DDoS Protection Pages Read More »

Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations

Leave a Comment / Cyber Attacks /

The threat actor responsible for the attack on Twilio and Cloudflare earlier this month has been connected to a larger phishing operation that targeted 136 businesses and led to a total of 9,931 accounts being compromised. Because the primary intent of the assaults was to “get Okta identity credentials and two-factor authentication (2FA) codes from

Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations Read More »