Researchers have discovered several vulnerabilities in the BitcoinJS library that could leave Bitcoin wallets created online a decade ago prone to hacking. The basic issue is that the private keys for these crypto wallets were generated with far greater predictability than the library developers expected. Randstorm vulnerabilities and consequences Let’s start at the beginning. … [Read more...] about Vulnerability in crypto wallets created online in the early 2010s
Crypto
The most spectacular crypto thefts and how to defend against them
The advantages of cryptocurrencies for owners — lax regulation and lack of government control — are major pluses for cyberthieves too. Because the threats to crypto assets are quite varied, we recommend that you study our overview of how to protect your crypto investments, as well as our tips for owners of hardware cryptowallets. But these posts of ours, detailed as they are, … [Read more...] about The most spectacular crypto thefts and how to defend against them
How DoubleFinger malware steals crypto
Cryptocurrencies are under attack from all sorts of criminal schemes — from mundane Bitcoin mining scams to grandiose cryptocurrency heists worth hundreds of millions of dollars. For cryptocurrency owners, dangers lurk at literally every turn. Just recently we talked about fake cryptowallets — which look and work just like real ones but eventually steal all your money. Now our … [Read more...] about How DoubleFinger malware steals crypto
Hot crypto wallet, cold crypto wallet: what are they, and how are they stolen from?
Hardware wallets are considered to be the most reliable cryptocurrency storage solution of all. A special device that signs all of its owner’s blockchain operations offline looks so much more reliable than online storage or computer apps. After all, we hear news of hacks and bankruptcies of online cryptocurrency exchange platforms nearly every month, while apps are clearly … [Read more...] about Hot crypto wallet, cold crypto wallet: what are they, and how are they stolen from?
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
Jan 09, 2023Ravie LakshmananKubernetes / Cryptojacking The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft … [Read more...] about Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks
A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies … [Read more...] about New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks
Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs … [Read more...] about Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware
Crypto Miners Using Tox P2P Messenger as Command and Control Server
Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact ("72client") that functions as a bot and can run scripts on the compromised host using the … [Read more...] about Crypto Miners Using Tox P2P Messenger as Command and Control Server
SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds
The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse 20 additional positions with the goal … [Read more...] about SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds
Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector
The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets … [Read more...] about Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector