Token Radar
Token Radar
Markets
Top 100
Growth leaders
Leaders of fall
Blockchains
Tags
Crypto data
News
Exchanges
Funds
ICO/IDO
Tools
Converter
BTC Unit converter
ETH Unit converter
Cryptocurrency news

The hunt for Binance wallets, Microsoft's 'privacy killer' and other cybersecurity events

Forklog / 25.05.2024 / 04:07
The hunt for Binance wallets, Microsoft's 'privacy killer' and other cybersecurity events

We have collected the most important news from the world of cybersecurity for the week.

The malware Grandoreiro has returned for a new wave of attacks on bitcoin wallets.Microsoft has introduced a "nightmarish feature that kills user privacy."A well-known hacker has announced the launch of an alternative to the closed BreachForums.An iOS bug led to the recovery of photos deleted several years ago.

The malware Grandoreiro is back for a new wave of attacks on Bitcoin wallets

IBM researchers reported the activity of the Grandoreiro malware, the developers of which were detained in Brazil in early 2023. The current phishing campaign targets more than 60 countries and about 1,500 financial institutions.

The malware has significantly improved internal algorithms and expanded the targeting of banking applications and cryptocurrencies — under threat from Binance, Electrum, Coinomi, Bitbox, OPOLODesk and Bitcoin. 

Since 2017, Grandoreiro has caused $120 million in damage.

A well-known hacker has announced the launch of an alternative to the closed BreachForums

The famous cybercriminal USDoD intends to launch the hacker forum Breach Nation on July 4 instead of the recently closed BreachForums. He explains this as a desire to revive the community. 

Announcement
Breach Nation - A new born community on Horizon.

\"Ladies & gentlemen, prepare for landing
Fasten your seat belts, thank you for flying USDoD Airlines
Oh and me, call me the captain, DoD
So, together we stand, divided we fall
United we formBreach Nation and take on…

— USDoD-TA🏴‍☠️🌐👁️‍🗨️ (@EquationCorp) May 16, 2024

According to the project, the new site will have two independently managed servers with breachnation domains[.]io and databreached[.]io.

The USDoD noted that it is not chasing profit. \"As a sign of goodwill\" he promises to provide the first 200,000 users with the latest updated version of the membership rank on the forum.

Judging by the comments under the tweet, users have not ruled out that the FBI or other law enforcement agencies may be behind this announcement.

Microsoft has introduced a "nightmarish feature that kills user privacy"

Microsoft has introduced a new AI-based Recall feature to simplify the search for previously viewed information in Windows 11. It takes a screenshot of the active window every few seconds and, by default, records all user actions in the system for up to three months, writes Bleeping Computer.

The feature caused serious concern among ordinary users and information security researchers, who called it a "built-in keylogger". They fear that the confidential data collected may fall into the hands of intruders or be used in bad faith by the company itself. 

The British Office of the Information Commissioner also demanded an explanation.

Microsoft representatives, in an attempt to reassure the public, said that the data from Recall is encrypted using BitLocker technology and is not transmitted to other users on the same device. In addition, the function can be limited and even completely disabled.

An iOS bug led to the recovery of photos deleted several years ago

Owners of Apple portable devices have noticed that after a recent update, photos and voice messages deleted in the distant past suddenly appeared in their gallery. Some of the recovered files turned out to have intimate pictures taken on old, already unused devices, The Verge reports.

Synactiv researchers studied the problem and found out that the bug is related to the reindexing process in the latest iOS patch, in which the system re-saved photos from the file manager containing all copies of media to the Photos application.

Want to know how deleted photos reappeared in iOS 17.5? Check out today's blogpost by @Lefnui 🍎https://t.co/wcC5ZnrBJM

— Synacktiv (@Synacktiv) May 23, 2024

To solve the problem, Apple has urgently released iOS 17.5.1.

A scheme for installing a Monero miner with an attack of vulnerable drivers has been discovered

Researchers from Elastic Security Labs have reported a multi-stage attack for the hidden mining of the Monero cryptocurrency. 

Today, we’re unveiling an intrusion set focused on cryptomining with a new payload: GHOSTENGINE. REF4578 utilizes multiple malicious modules and BYOVD. Get the details: https://t.co/zM8199VWlw#ElasticSecurityLabs #malware #cryptocurrency

— Elastic Security Labs (@elasticseclabs) May 21, 2024

The mechanism of the initial hacking of servers has not been fully studied, but the installation file is launched first in the victim's system "Tiworker.exe ". During the deployment process, the malware disables all available security products through vulnerable drivers and launches the XMRig miner.

Transactions on one of the hackers' wallets. Data: Elastic Security Labs.

The origin and scale of the campaign are unknown. Experts have suggested that hackers have many crypto wallets, so their combined financial benefit can be significant.

SEC fined NYSE operator $10 million for failure to report hacking

Intercontinental Exchange (ICE), the parent company of the New York Stock Exchange, will pay a $10 million fine due to a late SEC notification of a security breach in April 2021.

The attacker then deployed a malicious payload on a compromised VPN device that was used to remotely access the ICE corporate network. The company learned about the potential intrusion from a third-party source and spent four days assessing the damage, which turned out to be minimal.

According to the Compliance and Integrity of Systems Regulation, the SEC must receive immediate notification of cyber attacks, except in cases where the incident can be immediately reasonably assessed as insignificant.

Also on ForkLog:

CatCoin developers have threatened BitForex with a lawsuit due to withdrawal restrictions.The alleged co-owner of the BTC-e exchange was released for $3 million, and the Lidings law firm began accepting applications for payments from WEX clients.The "star" of the Finico pyramid was sentenced to 4.5 years in prison.In the USA, the owner of the drug market Incognito Market was detained.Gala Games lost more than $200 million as a result of the exploit.Upon the fact of the alleged fraud, the Beribit exchanges opened and soon canceled the first case.A suspect in the Pump.fun hack has been arrested in London.Another top manager has left OpenAI. The reason is a disregard for safety.LayerZero Labs has suspended the "public hunt" for "sybils".

What should I read on the weekend?

We tell you how the four-level consensus mechanism of the Internet Computer blockchain provides resistance to known attack vectors.

https://forklog.com/exclusive/internet-computer-shvejtsarskij-nozh-dlya-oblachnyh-vychislenij
Source
Recently News
See all news
  • Token Radar
© Token Radar 2024. All Rights Reserved.
IMPORTANT DISCLAIMER: All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.