Crooks stole more than $300M worth of Bitcoin from DMM Bitcoin

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw.
Microsoft fixed two zero-day bugs exploited in malware attacks.
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks.
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware.
PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released.
BianLian group exploits JetBrains TeamCity bugs in ransomware attacks.
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws.
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks.
Multiple malware used in attacks exploiting Ivanti VPN flaws.
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw.
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts.
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies.
Critical Confluence flaw exploited in ransomware attacks.
iLeakage attack exploits Safari to steal data from Apple devices.
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks.
CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog.
Apple fixed the 17th zero-day flaw exploited in attacks.
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks.
Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws.
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks.


This Cyber News was published on securityaffairs.com. Publication date: Sat, 01 Jun 2024 15:43:06 +0000


Cyber News related to Crooks stole more than $300M worth of Bitcoin from DMM Bitcoin

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto - Y is the author of a book I can very greatly recommend, with the fascinating title Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. As I dug into this cypherpunk world, around 2010 and 2011, I came upon this thing that ...
1 year ago Nakedsecurity.sophos.com
CVE-2019-5303 - There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing ...
6 months ago
CVE-2019-5302 - There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing ...
6 months ago
Crypto Enthusiasts Embrace New Frontier: Investing in Bitcoin ETFs Explained - This was the first time the Securities and Exchange Commission approved an exchange-traded fund that contained bitcoin, but the Commission stressed that its decision does not mean it endorses or approves Bitcoin, but that it remains deeply sceptical ...
5 months ago Cysecurity.news
Here's Some Bitcoin: Oh, and You've Been Served! - The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction - such as a link to a civil claim filed in federal court - as reasonably likely to provide notice of the lawsuit to the ...
5 months ago Krebsonsecurity.com
The United States is Monitoring Vulnerabilities in Bitcoin - The United States has shown a keen interest in the cybersecurity aspects of Bitcoin, particularly honing in on a vulnerability associated with the Ordinals Protocol in 2022. The National Vulnerability Database, overseen by the National Institute of ...
6 months ago Cysecurity.news
Crooks stole more than $300M worth of Bitcoin from DMM Bitcoin - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Threat actors actively ...
1 week ago Securityaffairs.com
Navigating the Paradox: Bitcoin's Self-Custody and the Privacy Challenge - Self-custody in Bitcoin refers to individuals holding and controlling their private keys, which in turn control their bitcoin. This concept is akin to securing physical gold in a personal safe rather than relying on a bank or third-party custodian. ...
4 months ago Cysecurity.news
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
1 year ago Nakedsecurity.sophos.com
Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
5 months ago Go.theregister.com
Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
5 months ago Theregister.com
SEC Approves Bitcoin ETFs, Crypto Industry Rejoices - The US securities regulator has officially approved the first US-listed exchange traded funds to track bitcoin, in what is being labelled a watershed moment for the world's largest cryptocurrency, as well as the broader crypto industry. Earlier this ...
5 months ago Silicon.co.uk
CVE-2010-0570 - Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378. Per: ...
6 years ago
El Salvador to Offer Citizenship for a $1 Million Bitcoin 'Investment' - Last week, the El Salvador government, along with the stablecoin company Tether, joined in an initiative called 'Adopting El Salvador Freedom,' which will enable foreigners to obtain a Salvadoran passport in exchange for a million dollars in Bitcoin. ...
6 months ago Cysecurity.news
Bitcoin Core Flaw Raises Concerns Regarding Blockchain Integrity - The blockchain's defence against spam may have a weakness, as this discovery has sparked concerns in the cryptocurrency community. According to Dashjr, Dashjr, Bitcoin Core users have been able to set limits on extra data in transactions using the ...
6 months ago Cysecurity.news
CVE-2020-9069 - There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: ...
2 years ago
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
3 months ago Bleepingcomputer.com
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
1 year ago Securityweek.com
Police Seize $300m Linked to Online Scams - An international policing operation has led to the arrest of 3500 suspects and the seizure of assets worth $300m in connection with various organized cybercrime schemes. Interpol's HAECHI IV operation was the latest in a long-running series of ...
5 months ago Infosecurity-magazine.com
North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled - It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum in the last 24 hours, using the coin mix-up service ...
2 months ago Cysecurity.news
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
SEC Twitter hacked to push fake news of Bitcoin ETF approval The Register - Breaking The SEC today said its Twitter/X account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price. In the past few minutes, the tweet was vanished. The SEC has not ...
5 months ago Go.theregister.com
Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023 - As per crypto security firms, this was the first time since 2020, that the trend has been declining. Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company ...
5 months ago Cysecurity.news
Estes refuses to deliver ransom, but did lose client data The Register - One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals may have stolen their personal information. A month later, ransomware crew Lockbit took responsibility for the intrusion, and ...
5 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)