BlackByte Tackles the SF 49ers & US Critical Infrastructure

The San Francisco 49ers were recently kneecapped by a BlackByte ransomware attack that temporarily discombobulated the NFL team’s corporate IT network on the Big Buffalo Wing-Snarfing Day itself: Superbowl Sunday. BlackByte – a ransomware-as-a-service RaaS gang that leases its ransomware to...

$3.6 billion worth of Bitcoin seized from crooks tied to 2016’s Bitfinex hack

By Waqas The US Department of Justice DoJ has confirmed seizing $3.6 billion worth of Bitcoin in what could be… This is a post from HackRead.com Read the original post: $3.6 billion worth of Bitcoin seized from crooks tied to 2016s Bitfinex hack...

U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

The U.S. Justice Department DoJ on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan,...

A $320 Million Crypto Hack Sends the DeFi World Reeling

Plus: News Corp gets hacked, UK snacks ransomware, and more of the week's top security news...

Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware

A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed...

$320 milllion stolen from Wormhole crypto-trading platform

By using an exploit in the software of crypto-trading platform Wormhole, threat actors have stolen an estimated $322 million in cryptocurrencies. The platform is offering a $10 million award for the stolen money and details about the attack. How they pulled it off Wormhole Portal is a web-based...

North Korea Hacked Him. So He Took Down Its Internet

Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands...

Safe transfers are vulnerable to EOA calls

Handle 0x1f8b Vulnerability details Impact Safe erc20 calls are prone to EOA calls and human errors. Proof of Concept Recently there was one of the biggest hacks in crypto, 80m$ was lost. One of the root causes of the vulnerability was the fact that tokenAddress.safeTransferFrom does not revert...

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug UXSS Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by...

Crypto.com Finally Admits It Lost $30 Million in a Hack

Plus: Scammer arrests, the NSA plays defense, and more of the week's top security news...

A Teen Took Control of Teslas by Hacking a Third-Party App

Plus: Open source sabotage, Ukrainian website hacks, and more of the week's top security news...

SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts

A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are program...

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

A popular WordPress SEO-optimization plugin, called All in One SEO, has a pair of security vulnerabilities that, when combined into an exploit chain, could leave website owners open to site takeover. The plugin is used by more than 3 million websites. An attacker with an account with the site –...

US Wins Appeal to Extradite Julian Assange

Plus: Bluetooth security, a Brazil hack, and more of the week's top security news...

NSO Group spyware found on iPhones of US State Department employees

iPhones of at least nine US State Department employees are said to have been hacked using the Pegasus spyware developed by the Israeli technology company, NSO Group. Pegasus is a proprietary and sophisticated spyware capable of the remote surveillance of smartphones. The employees targeted by an...

A Planned Parenthood LA Hack Affects 400,000 Patients

Plus: A Ubiquiti hack revelation, predictive policing, and more of the week's top security news...

Hackers all over the world are targeting Tasmania’s emergency services

Emergency services—under which the police, fire, and emergency medical services departments fall—is an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well...

A Canadian Teen Was Arrested in a $36.5M SIM-Swap Heist

Plus: An FBI email hack, a cam site data leak, and more of the week's top security news...

Locked Out of ‘God Mode,’ Runners Hack Their Treadmills

NordicTrack customers were watching Netflix using a simple trick—until the company blocked their access...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking on "Securing a World of Physically Capable Computers" at @Hack on November 29, 2021. The list is maintained on this page...