We have collected the most important news from the world of cybersecurity for the week.
The automatic redirect of links in X presented a \"gift\" to phishers.Bitcoin wallet owners have been warned about a new type of attack.Apple has notified users in 92 countries about the espionage.The Nirvana Finance hacker was sentenced to prison time.Automatic link redirection in X presented a \"gift\" to phishers
On April 9, social network X started automatically changing links with mentions twitter.com on x.com . Against this background, dozens of phishing sites flooded the network within two days, KrebsOnSecurity reports.
Since the replacement was performed line by line, the potential threat affected all domains containing in the name x.com . For example, to the website spacex.com the original link could have redirected spacetwitter.com .
Some individuals intentionally registered domains similar to popular brands (Fedex, Linux, Rolex, Webex, Yandex and others), but ending in twitter.com to prevent their purchase by scammers.
A number of such sites display a stub warning about recent changes and their potential use for phishing.
The message displayed when visiting the site Goodrtwitter.com which X displays in tweets as Goodrx.com . Data: KrebsOnSecurity.Shortly after the public coverage of the problem, the X administration corrected the error.
Bitcoin wallet owners have been warned about a new type of attack
A new multi-stage attack spreading remote access Trojans and grabbers of cryptocurrency wallets uses phishing messages disguised as invoices. This was reported by researchers from Fortinet.
Attackers use BatCloak and ScrubCrypt tools to mask malicious code.
A chain of attacks. Data: Fortinet.The Venom RAT Trojan is installed first, which transfers control over the compromised system to attackers. Further, other malware is loaded into it: Remcos RAT, XWorm, NanoCore RAT, as well as an infostiler.
The latter collects information about the system and extracts data from folders associated with Atomic Wallet, Electrum, Ethereum, Exodus, Jaxx Liberty, Zcash, as well as Foxmail and Telegram applications.
Apple notified users in 92 countries about the espionage
Apple has sent notifications to users in 92 countries about attempts to remotely hack their devices through a "hired spy attack."
The connection of the incident with specific attackers or jurisdictions is not reported. As a rule, the victims of spyware are journalists, activists, politicians and diplomats.
Users are advised to enable Lockdown mode on the device, as well as update the software of the iPhone and other Apple products to the latest version.
Nirvana Finance hacker sentenced to prison term
Security specialist Shakib Ahmed, accused of hacking the profitable farming protocol of Nirvana Finance and an unnamed DEX (presumably Cream Finance), received three years in prison in the United States. This is the first ever verdict related to an attack on the DeFi segment, according to CoinDesk.
According to the investigation, in 2022, Ahmed exploited a vulnerability in the smart contract of an unnamed exchange. A few weeks later, he attacked Nirvana Finance using an instant loan and withdrew $3.49 million in cryptocurrencies from the project's treasury.
The hacker was arrested in July 2023. He pleaded guilty and agreed to the confiscation of stolen assets worth $12.3 million.
After his release, the attacker will spend three years under supervision. He also has to pay the victims $5 million in compensation.
A scheme for hijacking Telegram accounts via a Wi-Fi network has been discovered
Using public Wi-Fi networks can lead to hijacking of Telegram messenger accounts. This is reported by the YouTube channel \"Batrankov Academy\".
One of the experts discovered fraudulent Wi-Fi at Moscow Sheremetyevo Airport called SVO_Free. After connecting to the network, the user receives a message about the need to register via Telegram. To do this, they are asked for an access code, after sending which the scammers gain full control over the account.
To avoid such incidents, it is recommended to give preference to the mobile Internet in public places, periodically check the list of connected devices in the Telegram settings, and also set a password code for the messenger.
Ukrainian hackers destroyed a data center with data from Gazprom and Lukoil
Hacker group Blackjack together with the SBU destroyed the cloud service OwenCloud.ru which was used by Russian industrial giants.
Data: Telegram-Blackjack channel.This data center stored data from more than 10,000 legal entities, including \"Ural Civil Aviation Plant\", \"NPP \"RUBIN\" (part of the holding \"Roselektronika\"), \"Ural Plant of Special Equipment\", \"Gazprom\", \"Transgaz\", \"Lukoil\", \"Rosneft\", \"Norilsk Nickel\", \"Rostelecom\", \"Telecom\" and \"MegaFon\".
As a result of the operation, more than 300 TB of data was destroyed — 400 virtual and 42 physical servers, which hosted internal documentation, backups and other programs for remote process management at enterprises.
Also on ForkLog:
It became known about the investigation of the theft of bitcoins from the developer of Bitcoin Core.Updating the Pectra in Ethereum will allow you to restore private keys.Experts assessed the consequences of the confrontation between the SEC and Uniswap. Kraken will exclude Monero from listing in Ireland and Belgium.Half of the presales on Solana turned out to be a scam.The US Treasury Department has requested additional powers in the field of cryptocurrencies.The founder of ACE Exchange was accused of fraud in the amount of $ 10.7 million.Worldcoin has allowed the deletion of biometric data.In the USA, the trial of a participant in the attack on the DeFi project Mango Markets has begun.Every sixth meme token on Base is fraudulent, and 91% have vulnerabilities — a study.The STFIL protocol announced the arrest of developers in China.Phishing ads were found in Etherscan and other services.What should I read on the weekend?
ForkLog interview with American journalist Laura Shin, host of the popular Unchained podcast. We are talking, in particular, about the investigation of the collapse of The DAO and the lessons that the community has not learned from it.
https://forklog.com/exclusive/ya-uverena-v-tom-kto-vzlomal-the-dao-intervyu-s-loroj-shin-vedushhej-podkasta-unchained