Hackers have hijacked the DNS server for BlackWallet, an online wallet application for the cryptocurrency Stellar Lumens (XLM), and drained users' accounts of hundreds of thousands of dollars. The attack reportedly took place on Saturday after hackers managed to hijack its DNS server, change the settings and redirect it towards their own third-party server.
"BlackWallet was compromised today after someone accessed my hosting provider account," the creator of BlackWallet said in a statement on Reddit. "He then changed the DNS settings to those of its fraudulent website (which was a copy of BlackWallet).Read more
Early last year, a piece of Mac malware came to light that left researchers puzzled. They knew that malware dubbed Fruitfly captured screenshots and webcam images, and they knew it had been installed on hundreds of computers in the US and elsewhere, possibly for more than a decade.
Still, the researchers didn't know who did it or why. An indictment filed Wednesday in federal court in Ohio may answer some of those questions. It alleges Fruitfly was the creation of an Ohio man who used it for more than 13 years to steal millions of images from infected computers as he took detailed notes of what he observed.Read more
Two Romanian hackers infiltrated nearly two-thirds of the outdoor surveillance cameras in Washington, DC, as part of an extortion scheme, according to federal court documents.
In a criminal complaint filed last week in the US District Court for the District of Columbia, the US government alleges that the two Romanian hackers operating outside the United States infiltrated 65% of the outdoor surveillance cameras operated by DC city police — that's 123 cameras out of 187 in the city. The alleged hacking occurred during a four-day period in early January.Read more
When Stensul CEO Noah Dinkin visited a Starbucks in Buenos Aires recently, he probably didn’t expect to be served some sneaky cryptocurrency miner code along with his coffee. But thanks to the store’s internet provider, that’s exactly what he got.
“Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop?” Dinkin tweeted on December 2. “Feels a little off-brand.” Dinkin wrote that Bitcoin was the digital currency being mined, but CoinHive, the company that provided the code for the miner, only works with Monero, a competing coin.Read more
Security researchers have discovered a new database floating around the dark web that contains a whopping 1.4 billion user names and password combinations in clear text.
While scouring the dark web for stolen, leaked or lost data, researchers at 4iQ found the 41GB file with an interactive, aggregate database dubbed the largest ever found in the dark web to date. The 1.4 billion records have been aggregated from various sources, earlier data breaches and credential lists. A portion of the unencrypted passwords have been tested by the researchers and were verified to be true.Read more
The contents of a digital wallet belonging to cryptocurrency company NiceHash, which included potentially millions of dollars worth of customers' bitcoin, was stolen in a major security breach early Wednesday. The hack affected NiceHash's payment system, and the entire contents of the company's bitcoin wallet was stolen.
"Clearly, this is a matter of deep concern, and we are working hard to rectify the matter in the coming days," NiceHash said in the Facebook post. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement, and we are cooperating with them as a matter of urgency."Read more
United States officials are charging an Iranian hacker in the theft of 1.5 terabytes of data from HBO in May, an attack that tormented network executives and included the release of several unaired programs and scripts.
Behzad Mesri, who went by the pseudonym “Skote Vahshat,” was charged with computer fraud, wire fraud, extortion and identity theft, according to an indictment unsealed Tuesday in United States District Court in Manhattan. But he remains in Iran, and officials acknowledged that it would be difficult to detain him. “He will forever be looking over his shoulder, and if he isn’t, he should be,” Joon H. Kim said at a news conference.Read more
Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.
The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private. The security officer, Joe Sullivan, has been fired. Mr. Kalanick was forced out in June, although he remains on Uber’s board. The two hackers stole data about the company’s riders and drivers.Read more
Bitcoin cruised past $8,000 for the first time this week, but it hasn’t been smooth sailing for all after Tether — a company that helps exchanges convert fiat currency to token — said today that a hacker snatched nearly $31 million.
Tether operates USDT, a cryptocurrency asset that it backs via the U.S. dollar. The company said that $30,950,010-worth of USDT was taken from its core treasury wallet “through malicious action by an external attacker.” In response Tether said it has flagged the tokens — meaning that it will track them and prevent the holder from exchanging them through its service — and that it is working to recover them.Read more
Security research firm Rhino Security Labs found a vulnerability in the Amazon Key in-home delivery service's security procedures that could allow either the courier or even a savvy and malicious bystander to enter your home undetected after the delivery is completed.
Amazon has promised to change how Key works in order to make it easier for you to tell when something unusual is happening in this event, but the changes proposed by Amazon don't necessarily resolve the vulnerability. Amazon Key is available to Amazon customers who have bought and installed Amazon's own Cloud Cam security camera and installed it at their front door.Read more