In its latest effort to fend off cryptocurrency scams, the Securities and Exchange Commission launched its own fake initial coin offering website today called the Howey Coin to warn people against fraudulent cryptocurrencies.
The name is a tongue-in-cheek reference to the Howey Test that the SEC uses to determine whether an investment is a security, which the Commission would therefore have legal jurisdiction over. Click ‘Buy Coins Now’ on the Howey Coins site and you’ll be redirected to an SEC page that states: “We created the bogus HoweyCoins.com site as an educational tool to alert investors to possible fraud involving digital assets like crypto-currencies and coin offerings.”Read more
A Boeing production plant in Charleston, South Carolina was hit by the WannaCry ransomwear cyberattack on Wednesday. Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering, sent out a company-wide memo calling for “all hands on deck.”
“It is metastasizing rapidly out of North Charleston and I just heard 777 may have gone down,” reads VanderWel’s memo. The company worries the virus may hit equipment used in functional airplane tests, which could lead to it spreading to airplane software. WannaCry, which the Trump administration blames on the cyberterrorism unit of North Korea as of December 2017, attacked mainly via a critical Windows vulnerability.Read more
Cybercriminals have found another way to spread their malware: uploading cryptocurrency mining code to GitHub, according to security researchers at security company Avast.
Developers 'fork' projects on GitHub, which means making a copy of someone else's project in order to build on it. In this case, the cybercriminals fork random projects and then hide malicious executables in the directory structure of these new projects, the researchers said. Users don't need to download the malicious executables directly from GitHub. Instead, the malware is spread via a phishing ad campaign.Read more
It’s the end of your phone’s annual life cycle and you have decided to go in for an upgrade. You make your way into a local Sprint store where you are warmly greeted by Pepper, a four-foot-tall, humanoid service robot.
Pepper welcomes you and asks how it can be of assistance. Suddenly, something goes terribly wrong. Before you can avert your gaze, hardcore porn starts streaming from Pepper’s chest tablet. You plea to make the moaning stop but instead Pepper simply looks at you and angrily demands large sums of Bitcoin. You throw your hands up in defeat, unsure what to do.Read more
Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to F-Secure.
The single most common source of breaches analyzed in the report was attackers exploiting vulnerabilities in an organization’s Internet facing services, which accounted for about 21 percent of security incidents investigated by F-Secure’s incident responders. Phishing and emails with malicious attachments together accounted for about 34 percent of breaches, which F-Secure Principal Security Consultant Tom Van de Wiele says make attacks arriving via email a much bigger pain point for organizations.Read more
Cryptojacking only really coalesced as a class of attack about six months ago, but already the approach has evolved and matured into a ubiquitous threat. Hacks that co-opt computing power for illicit cryptocurrency mining now target a diverse array of victims, from individual consumers to massive institutions—even industrial control systems.
But the latest victim isn't some faceless internet denizen or a Starbucks in Buenos Aires. It's Tesla. Researchers published findings on Tuesday that some of Tesla's Amazon Web Services cloud infrastructure was running mining malware in a far-reaching and well-hidden cryptojacking campaign.Read more
India’s City Union Bank said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Chief Executive Officer N. Kamakodi called it a “conspiracy” involving multiple countries, and added the lender was still investigating how it had happened. “This is basically a cyber attack by international cyber criminals,” he told.Read more
Malware hunters from US security firm Forcepoint have stumbled across a new strain of Point of Sale (PoS) malware, the second such type of PoS malware that hides stolen credit/debit card information inside DNS requests.
The first PoS malware that was first seen employing this technique was a lesser known version of the NewPosThings PoS malware, named MULTIGRAIN, discovered in April 2016 by fellow US cyber-security firm FireEye. But while MULTIGRAIN had been used in real-world attacks, Forcepoint says it did not find any evidence suggesting this new strain of PoS malware, named UDPoS, has made any victims as of yet.Read more
The odds are about one in four that the crypto fanatic in your office is involved in illegal activities. After conducting a study of historical Bitcoin transaction data an Australian research group concluded:
We find approximately one-quarter of Bitcoin users and one-half of Bitcoin transactions are associated with illegal activity. Around $72 billion of illegal activity per year involves Bitcoin, which is close to the scale of the US and European markets for illegal drugs. And that $72 billion? Here’s a bone for you conspiracy theory types: Business Insider reports Bitcoin has lost $72 billion in value since the beginning of 2018. Coincidence? Probably.Read more
A massive cryptocurrency mining botnet has taken over half a million machines and may have made its cybercriminal controllers millions of dollars - and the whole operation is powered by EternalBlue, the leaked NSA exploit which made the WannaCry ransomware outbreak so destructive.
The Smominru miner botnet turns infected machines into miners of the Monero cryptocurrency and is believed to have made its owners around $3.6 million since it started operating in May 2017 - about a month after EternalBlue leaked and around the same time as the WannaCry attack.Read more