The Securities and Exchange Commission has charged Canadian crypto company PlexCorp with violating securities laws by selling up to $15 million in an initial coin offering (ICO).
ICOs have seen explosive growth over the past year as fledgling companies have used them to raise more than $3 billion in capital through various cryptocurrencies. However, experts have warned they can present several dangers to unsuspecting investors hoping to get into a hot new market as regulations are pretty loose. Called PlexCoins, PlexCorp allegedly used this cryptocurrency to scam would-be investors hoping to cash in early on the company’s growth.Read more
The holidays are upon us, and so it is to remind ourselves once again of just how much cyber criminals enjoy playing on the very fears of consumer fraud they elicit.
If the last thing you want interrupting your time with friends and loved ones is a slew of fraudulent bank charges, you’ll need to keep your wits about you. As you read this, an illicit campaign is underway to deceive PayPal users into believing recent transactions they’ve made “could not be verified.” In emails bearing PayPal’s logo, consumers are warned that PayPal has detected suspicious activity on their accounts and that the company requires updated information to avoid fraudulent charges.Read more
SWIFT, the global messaging system used to move trillions of dollars each day, warned banks that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.
Brussels-based SWIFT has been urging banks to bolster security of computers used to transfer money since Bangladesh Bank lost $81 million in a February 2016 cyber heist that targeted central bank computers used to move funds. The new warning provided detail on some new techniques being used by the hackers. “Adversaries have advanced their knowledge,” SWIFT said.Read more
Phishing is still a key tool for cyber criminals as they seek to insert malware onto machines and to get hold of personal details.
Although most people are aware of the threat there are still some subject lines that are much more likely to deliver results for the phishermen than others, according to security awareness training specialist KnowBe4, which has released its Top 10 Global Phishing Email Subject Lines report for the third quarter of 2017. The company looked at tens of thousands of email subject lines used in simulated phishing tests to uncover just what makes a user want to click.Read more
Online retailer AliExpress fixed an open redirect vulnerability in its online shopping portal last October that could have been exploited to display a fake coupon designed to phish sensitive information from those who viewed it.
Bitcoin cruised past $8,000 for the first time this week, but it hasn’t been smooth sailing for all after Tether — a company that helps exchanges convert fiat currency to token — said today that a hacker snatched nearly $31 million.
Tether operates USDT, a cryptocurrency asset that it backs via the U.S. dollar. The company said that $30,950,010-worth of USDT was taken from its core treasury wallet “through malicious action by an external attacker.” In response Tether said it has flagged the tokens — meaning that it will track them and prevent the holder from exchanging them through its service — and that it is working to recover them.Read more
The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report. Highly customized and sophisticated, Terdot is based on the source code of ZeuS, which leaked online in 2011.
The banking Trojan resurfaced in October last year and Bitdefender has been tracking its whereabouts ever since, the security company notes in a technical paper. Terdot was designed to operate as a proxy to perform man-in-the-middle attacks, as well as to steal browser information such as login credentials or the stored credit card data. Furthermore, the malware is capable of injecting HTML code into visited web pages.Read more
Researchers are warning users about a wave of recent attacks targeting U.S. financial institutions that leverage a new banking Trojan dubbed IcedID.
The IcedID Trojan was spotted in September. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and the ability to monitor a browser’s activity by setting up a local proxy for traffic tunneling. “At this time, the malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S.,” researchers wrote in a report released Monday explaining the discovery.Read more
Cryptocurrencies are basically the same as e-money — like WebMoney or PayPal. That means they also have the same problems as classic e-payment systems.
However, the operating principles specific to cryptocurrencies sometimes make the problems more likely to occur, and thus more disturbing. In addition, the same principles are responsible for a certain number of risks unique to cryptocurrencies. We’ll start with common problems such as plain old theft. Let’s say you’re transferring money to a friend. You copy his wallet address accurately, but malware replaces the address in the clipboard with another one.Read more
More than one million people were tricked into downloading a fake Android app that was pretending to be WhatsApp. The app was called "Update WhatsApp" and is still on the Play Store, although the developer has now changed its name to "Dual Whatsweb Update" and switched the icon, which doesn't look like the WhatsApp icon anymore.
But before its facelift, the app mimicked WhatsApp in a clear attempt to trick users into downloading it thinking they were downloading an update for the popular messaging app, according to users who reviewed the app on the Play Store, and users on Reddit, who flagged the malicious app.Read more