Blockchain

B2b, AI-driven, scams, tenable, vulcan, AI, attacks, Torq, agentic ai, attacks, AI emerging technology secure by design cybersecurity

World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security

Jeffrey Burt | October 17, 2024 | AI, Cybersecurity, Hybrid and Emerging Technologies, iot, Quantum Computers, secure by design, World Economic Forum

The World Economic Forum is advocating a shift in security thinking from secure by design to resilience by design in the face of the rapid development and expanding connectivity of emerging technologies ...

Security Boulevard

DOJ Created NexFundAI Crypto Firm in Crypto Scamming Sting

Jeffrey Burt | October 14, 2024 | cryptocurrency fraud, Department of Justice (DOJ), money laundering

The DOJ created NexFundAI, a false cryptocurrency company and token, in a sting that nabbed 19 people and companies accused of scamming investors by falsely creating the illusion of activity around their ...

Security Boulevard

Perfectl Malware

Bruce Schneier | October 14, 2024 | attribution, cryptocurrency, Hacking, Linux, Malware, Uncategorized

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions ...

Schneier on Security

cryptocurrency ransomware DOJ seize Lazarus

DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group

Jeffrey Burt | October 7, 2024 | cryptocurrency asset theft, Department of Justice (DOJ), Lazarus Group, North Korean Hacking

The DOJ wants to seize $2.67 million from the $69 million in crypto the North Korean-backed Lazarus Group stole in from the options exchange Deribit in 2022 and online gambling platform Stake.com ...

Security Boulevard

Emulating the Surging Hadooken Malware

Ian Rogers | October 3, 2024 | adversary emulation, Broad-Based Attacks, cryptomining, Hadooken, Linux, Malware, Oracle, Remote Code Execution (RCE), Weblogic Servers

AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Hadooken malware during intrusions that abused misconfigurations and critical Remote Code Execution (RCE) vulnerabilities on public-facing Oracle Weblogic ...

AttackIQ

Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors

Tom Eston | September 9, 2024 | atm, Bitcoin, Bitcoin ATM, bug bounty, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Elderly, Episodes, Exploit, Hacking, Information Security, Infosec, Podcast, Podcasts, Privacy, scam, Scams, security, Security Research, Security Researcher, Senior Citizens, Seniors, sql injection, sqli, technology, tsa, vulnerability, Weekly Edition

This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of ...

Shared Security Podcast

FBI Warns of North Korea Attacks Against the Crypto Industry

Matthew Rosenquist | September 4, 2024 | cryptocurrency, Cybersecurity, DeFi, Hacking

The decentralized finance (DeFi) and cryptocurrency industries are being targeted by North Korean social engineering schemes in highly personalized and convincing ways. Here is an example that the FBI is showcasing: ...

Information Security Strategy

Gafgyt Botnet: Weak SSH Passwords Targeted For GPU Mining

Wajahat Raja | August 27, 2024 | cloud-native environments, cryptocurrency mining, Cybersecurity News, GPU computational power, IoT botnet, weak SSH passwords

A new variant of the Gafgy botnet has recently been discovered by cybersecurity researchers. As per media reports, the botnet appears to be machines with weak SSH passwords for mining crypto. In ...

TuxCare

Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen)

Richi Jennings | July 16, 2024 | API exploit, blockchain, Crypto, cryptocurrencies, cryptocurrency, cryptocurrency exchange, DeFi, domain hijacking, Google Domains, imaginary money, Ponzi scheme, SB Blogwatch, smart contract, Smart Contract Security, smart contracts, Squarespace, Web3

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decentralized finance sites ...

Security Boulevard

Commando Cat Docker Cryptojacking: Alert & Prevention Tips

Recent reports have unveiled a concerning cyber threat orchestrated by a group identified as Commando Cat. This threat actor has been actively engaging in cryptojacking campaigns, leveraging vulnerabilities in Docker instances to ...

TuxCare