14 matches found
Privacy for Agentic AI
Sooner or later, it's going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it's worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a company that is commercializing Tim...
INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore
INTERPOL said it devised a "global stop-payment mechanism" that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise BEC scam. The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. It refers to...
Data Wallets Using the Solid Protocol
I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lees Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here, but basically a digital wallet is a...
Xiaomi Phone Bug Allowed Payment Forgery
Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a repo...
Gone Ape? How to Protect NFTs from Theft
What are NFTs? Non-fungible tokens NFTs are unique and irreplaceable digital assets that, by their nature, have an intrinsic value. These could be digital art, photography, GIFs, avatars, memes, 3D objects, domain names, trading cards, virtual land, music, or other digitally tradable tokens. Each...
Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users
Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by...
U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack
The U.S. Justice Department DoJ on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan,...
Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets
A security researcher helped Valve, the makers of the gaming platform Steam, plug an easy-to-exploit hole that allowed users to add unlimited funds to their digital wallet. Simply by changing the account’s email address, the exploit allowed anyone to artificially boost their digital billfold to...
MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed
Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes TB of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal...
Digital wallet app leaks millions of users’ credit cards & Govt IDs
By Waqas Another day, another treasure trove of data exposed online. This time, a Digital wallet app leaked highly sensitive data online. This is a post from HackRead.com Read the original post: Digital wallet app leaks millions of users' credit cards & Govt IDs...
44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig
Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say. The Key Ring app allows users to upload scans and photos of various physical...
A week in security (January 29 – February 04)
Last week on Labs, we looked into PUPs stealing and using mainstream logos of security and tech companies to further gain user trust, GandCrab and Scarab ransomware variants in the wild, and a new Mac malware called OSX.CreativeUpdater that can be distributed via MacUpdate. We also profiled...
Corrupt Federal Agent, Who Stole Bitcoins From Silk Road, Pleads Guilty To Money Laundering
A former the United States Secret Service agent who stole hundreds of thousands of dollars worth of Bitcoins during an investigation into then-largest underground marketplace Silk Road has now pleaded guilty to money laundering. Shaun W. Bridges is one of two former US undercover agents who plead...
Warning: Android Bitcoin wallet apps vulnerable to theft
A critical vulnerability in the Android implementation of the Java SecureRandom random number generator was discovered, that leaves Bitcoin digital wallets on the mobile platform vulnerable to theft. Before the announcement was made, users on the forums had noticed over 55 BTC were stolen a few...