Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe

Documents say customs officers in the US Virgin Islands had friendly relationships with Epstein years after his 2008 conviction, showing how the infamous sex offender tried to cultivate allies...

An Anarchist’s Conviction Offers a Grim Foreshadowing of Trump’s War on the ‘Left’

As the Trump administration ramps up its targeting of left-leaning people and groups, the prosecution and harsh sentencing of Casey Goonan may provide a glimpse of things to come...

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...

Former Uber CISO Appealing His Conviction

Joe Sullivan, Ubers CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the companys data security a...

Teenage members of Lapsus$ ransomware gang convicted

A wave of video game developer compromises has come to a court-based conclusion for those responsible, with several convictions the end result. Arion Kurtaj, and a second teen who cannot be named due to their age, are finding themselves to be in quite a lot of trouble after repeated and sustained...

The Uber Data Breach Conviction Shows Security Execs What Not to Do

Former Uber security chief Joe Sullivan’s conviction is a rare criminal consequence for an executive’s handling of a hack...

TributeAccrual.availableTribute() & TributeAccrual.availableGovernanceTribute() Distributes Tributes Unfairly

Handle leastwood Vulnerability details Impact Conviction scores are calculating by taking the user's balance and multiplying it by the time elapsed. This score is updated upon each token transfer, or alternatively by directly calling ERC20ConvictionScore.updateConvictionScore. The availableTribut...

Vested NFT not always minted

Handle cmichel Vulnerability details The FSDVesting.claimVestedTokens function tokenizes the conviction only if the current claimed amount tokenClaim equals the total vested amount amount. // tokenClaim is vestedAmount - totalClaimed uint256 tokenClaim = calculateVestingClaim; if amount ==...

ERC20ConvictionScore._updateConvictionScore uses stale credit score for governanceDelta

Handle cmichel Vulnerability details Vulnerability Details In ERC20ConvictionScore.updateConvictionScore, when the user does not fulfill the governance criteria anymore, the governanceDelta is the old conviction score of the previous block. isGovernanceuser = false; governanceDelta =...

Conviction totals not updated during tokenization

Handle 0xRajeev Vulnerability details Impact updateConvictionScore function returns convictionDelta and governanceDelta which need to be used immediately in a call to updateConvictionTotalsconvictionDelta, governanceDelta for updating the conviction totals of conviction and governance-enabled...

setConvictionless can be front-run to prevent conviction reset

Handle 0xRajeev Vulnerability details Impact The denylist convictionless is meant to deny conviction scores for certain users and is set by the privileged roles timelock/FSD-owner in setConvictionless. The documentation says: “adjust which addresses are meant to not accrue a conviction score. The...

NFTs can never be redeemed back to their conviction scores leading to lock/loss of funds

Handle 0xRajeev Vulnerability details Impact Besides the conviction scores of users, there appears to be tracking of the FairSide protocol’s tokenized conviction score as a whole using fscAddress = addressfairSideConviction. This is evident in the attempted reduction of the protocol’s score when ...

ERC20ConvictionScore.tokenizeConviction transfers locked balance from user twice

Handle cmichel Vulnerability details Vulnerability Details In tokenizeConviction when locked 0 the amount is first transferred from the user using an internal call to transfermsg.sender, addressfairSideConviction, locked;. It is then transferred a second time from the user in the...

Man convicted for identity theft & fraud against US Military, veterans

By Zara Khan The perpetrator was blatantly involved in victimizing thousands... This is a post from HackRead.com Read the original post: Man convicted for identity theft & fraud against US Military, veterans...

Going dark: encryption and law enforcement

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...

First Hacker Convicted of 'SIM Swapping' Attack Gets 10 Years in Prison

A 20-year-old college student who stole cryptocurrency worth more than $5 million by hijacking victims' phone numbers has pleaded guilty and accepted a sentence of 10 years in prison. Ortiz was arrested last year on charges of siphoning millions of dollars in cryptocurrency from around 40 victims...

A week in security (January 14 – 20)

Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach. Other cybersecurit...

LulzSec Hacker Sabu Sentenced to Time Served

The LulzSec hacker-turned-informant known as Sabu avoided any more jail time and was sentenced to time served on Tuesday for his part in leading several of the group’s attacks on high-profile targets. Hector Monsegur walked out of court in New York a free man, thanks to his cooperation with the F...

Microsoft offers $250,000 reward for information of Rustock Botnet

Microsoft offers $250,000 reward for information of Rustock Botnet Microsoft is offering a $250,000 reward for providing information of Rustock botnet. The Rustock botnet is responsible for a great deal of cyber crime, spam the botnet has capacity for 30 billion spam mails every day, dodgy...

Experts said - Loopholes in law let cyber criminals get away !

MUMBAI: Cyber experts say there should be proper guidelines when the court grants bail to those arrested under the Information Technology IT Act and fast-track courts for cyber-related cases will help proper convictions. Procedures currently followed to grant bail in cyber cases are similar to...