Squid Game Crypto Scammers Rip Off Investors for Millions

Players in the Squid Game cryptocurrency market have been eliminated — at least their investment has — by what cryptocurrency watchers have called a classic “rug-pull” scam. When SQUID tokens were first released last week, they were valued at a paltry $0.01 but promised entry into a game with the...

This Week in Security News - October 29, 2021

What to Expect in a Ransomware Negotiation & Cybercriminals Claim to Have Hacked the NRA...

Recent NPM package hack is an alarming reminder of the risks of website supply-chain fraud

There are over 1.8 billion websites online today. Almost 98% of them are powered by JavaScript, and for a good reason: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But when that same functionality becomes a significant vector for...

International Operation Knocks Notorious REvil Group Offline

Plus: Data theft in Argentina, a Sinclair Broadcast Group hack, and more of the week’s top security news...

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline

The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. The...

Hackers Keep Targeting the US Water Supply

Plus: The biggest Twitch hack, an iOS zero day, and more of the week's top security news...

Twitch hacked- Source code and Streamer payment figures leaked

By Waqas Twitch has undergone a massive hack resulting in leaking the source code for its unreleased streaming service, creator payout details, and other sensitive information. This is a post from HackRead.com Read the original post: Twitch hacked- Source code and Streamer payment figures leaked...

Syniverse Hack

This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 o...

HackTool.Win32.Agent.gi Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e60606d19a36789662ba97b4bb5c4ccf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Agent.gi Vulnerability: Local Stack Buffer Overflow SEH Description: The Hack Office...

Help Might Finally Be on the Way to Fight SIM-Swap Attacks

Plus: A cybersecurity CEO arrest, an Apple Pay hack, and more of the week's top security news...

The Proliferation of Zero-days

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves --...

More Detail on the Juniper Hack and the NSA PRNG Backdoor

We knew the basics of this story, but its good to have more detail. Heres me in 2015 about this Juniper hack. Heres me in 2007 on the NSA backdoor...

Cream Finance DeFi Platform Rooked For $29M

Cream Finance is the latest decentralized finance DeFi platform for cryptocurrency trading to take a major financial hit at the hands of hackers, losing nearly $19 million in an attack this week on its “flash loan” feature. The attacker was able to steal nearly $29 million before being discovered...

_transfer what happens if sender==recipient

Handle gpersoon Vulnerability details Impact The function transfer of nTokenAction.sol uses temporary variables and updates the sender and recipient separately. This is a dangerous constructions because the update of the recipient could overwrite the update of the sender. This has led to several...

A week in security (August 16 – August 22)

Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks. How to troubleshoot hardware problems that look like malware problems. Analysts “strongly believe” the Russian state colludes with ransomware gangs. macOS 11’s hidden security...

This Week in Security News - August 20, 2021

This Week in Security News: Tokyo Olympics Leveraged in Cybercrime Attack and T-Mobile Confirms Hack...

The value of regulator-driven red teaming: CBEST

How do we in the UK avoid something like the Colonial Oil Pipeline ransomware attack happening? How would you feel if your mobile phone suddenly stopped working altogether? What if ambulances couldn’t respond to 999 emergency calls? What if the mechanism of government suddenly ground to a halt? T...

Hack Back Is Still Wack

Every year or two, we see a policy proposal around authorizing private-sector hack back. The latest of these is legislation from two U.S. Senators, Daines and Whitehouse, and it would require the U.S. Department of Homeland Security DHS to “conduct a study on the potential benefits and risks of...

PlugwalkJoe Does the Perp Walk

Joseph "PlugwalkJoe" OConnor, in a photo from a paid press release on Sept. 02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor. One day after last summers mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph "PlugwalkJoe" OConnor appeared to...

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaini...