The Hacker News
Detecting Windows-based Malware Through Better Visibility
Traditional defense tactics don't always apply to cyber warfare. With EventSentry, bolster your network's defense with prevention, detection, and ongo
Ars Technica
Banish OEM self-signed certs forever and roll your own private LetsEncrypt
Toss certbot or acme.sh onto some servers and baby, you got a stew going!
Security Affairs
Crooks stole $10 million from Axie Infinity co-founder - Security Affairs
Crooks stole nearly $10 million from the wallet of one of the co-founders of the video game Axie Infinity and the related Ronin Network.
Infosecurity News
Python-Based Tool FBot Disrupts Cloud Security
Discovered by the SentinelLabs team, FBot targets web servers, cloud services and SaaS platforms
SecurityWeek
Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services
The tool, called FBot, is capable of credential harvesting for spamming attacks, and AWS, PayPal and SaaS account hijacking.
SecurityWeek
North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report
Recorded Future calculates that North Korean state-sponsored threat actors are believed to have stolen more than $3 billion in cryptocurrency.
Cyber Security News
Hackers Launch a Chain of Exploits Via Malicious iMessage Attachments
TriangleDB", this malware infection chain consists of a malicious iMessage attachment which launches a chain of exploits on affected devices.
SecurityWeek
Stealth Techniques Used in 'Operation Triangulation' iOS Attack Dissected
Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks.
The Hacker News
Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks
Sophisticated Apple iOS attack dubbed Operation Triangulation employed clever techniques to targets victims with a backdoor implant called "TriangleDB
The Hacker News
Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies
New MATA cyber espionage operation strikes Eastern European companies in oil & gas and defense sectors.
Bleeping Computer
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA
A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts.
SecurityWeek
CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI
SecurityWeek interviews Field CISOs, Fawaz Rasheed (VMware Carbon Black) and Nabil Hannan (NetSPI), about the emerging cybersecurity role.
The Record
China accuses U.S. of hacking earthquake monitoring equipment
State-controlled media said the alleged intrusion could "illegally control and steal seismic intensity data," calling it "a serious threat to national security."
The Hacker News
Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin
Unmasking the E-Crime Mastermind: Vietnamese suspect linked to notorious XE Group unveiled!
The Hacker News
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
New Analysis Reveals Raspberry Robin Attack Infrastructure Can be Repurposed by Other Threat Actors
DarkReading
CSAF Is the Future of Vulnerability Management
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.
SecurityWeek
Binance Bridge Hit by $560 Million Hack
Hackers have exploited a blockchain bridge to divert 2 million Binance Coins (BNB) – worth more than $560 million – from Binance Bridge.
Security Affairs
$30 Million worth of cryptocurrency stolen by Lazarus from Axie Infinity was recovered
US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover more than $30 million worth of cryptocurrency stolen by North Korean-linked APT group Lazarus from online video game Axie […]
Bleeping Computer
How 'Kimsuky' hackers ensure their malware only reach valid targets
The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers.
SecurityWeek
Nearly $200 Million Stolen From Cryptocurrency Bridge Nomad
Cryptocurrency bridge Nomad has lost roughly $200 million worth of tokens following a hack described as chaotic.
SecurityWeek
US Government Says North Korean IT Workers Enable DPRK Hacking Operations
The US government has warned that rogue IT workers from North Korea enable DPRK hacking operations and provide logistical support for its threat actors.
ZDNet
Crypto mixer Blender sanctioned by US Treasury for involvement in $600m Ronin theft | ZDNet
Blender.io blocked from transactions involving Americans after laundering crypto for North Korea.
Security Affairs
Security Affairs newsletter Round 361 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The […]
Security Affairs
U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist
The U.S. government blames North Korea-linked APT Lazarus for the recent $600 million Ronin Validator cyber heist. The U.S. government attributes the recent $600 million Ronin Validator cryptocurrencty heist to the North Korea-linked APT Lazarus. The U.S. Treasury announced in a notice the sanctions against the Ethereum address used by the APT to receive the […]
ZDNet
Sky Mavis raises $150 million to refund users after Ronin network attack
Binance, a16z, and Animoca Brands chip in for funding round while the network has its security upgraded.
Infosecurity News
Attackers Steal $620m From Crypto Firm
Cyber-heist could be biggest ever
ZDNet
Ethereum sidechain Ronin that powers play-to-earn game is fleeced for over $600m
The attacker took control of validation nodes and then stripped the network in a pair of transactions.
Security Affairs
$625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hack
Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity ‘s Ronin network bridge. Threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The attack took place on March 23rd, but the cyber heist was […]
CyberScoop
Hackers steal more than $600M from Ronin blockchain used to play Axie Infinity
It's one of the largest crypto heists in history.
The Record
More than $625 million stolen in DeFi hack of Ronin Network
The Ronin Network announced on Tuesday that hackers have stolen more than $600 million worth of Ethereum (173,600 ETH) and $25.5 million of US dollar-pegged stablecoin USDC, making it one of the largest decentralized finance (DeFi) hacks to date.
Bleeping Computer
$620 million in crypto stolen from Axie Infinity's Ronin bridge
A hacker has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history.
DataBreaches
Infinity’s Ronin Network Says About $620M Stolen In Major Security Breach
Shanthi Rexaline reports: Ronin, an Ethereum-linked sidechain made by Sky Mavis specifically for Axie Infinity disclosed Tuesday a major security breach that...