Crypto trader behind $110M Mango Markets exploit charged with fraud, market manipulation
A crypto investor behind the $110 million exploit of decentralized exchange Mango Markets was arrested in Puerto Rico. The man has been charged with commodities fraud and commodities manipulation.
Avraham Eisenberg is accused of orchestrating a scheme that involved the artificial manipulation of the price of perpetual futures on Mango Markets, which allowed him to steal approximately $110 million from the DeFi platform. Eisenberg later returned $67 million to Mango Markets.
Hacker claims to have obtained data of 400M Twitter users
A threat actor has posted an announcement on a hacker forum claiming they have obtained data of 400 million Twitter users and are attempting to sell it. The seller, who goes online as “Ryushi,” claims the data was scraped through a now-patched vulnerability, and includes emails and phone numbers of celebrities, politicians, companies, users, and a lot of OG and special usernames.
Toy maker Jakks Pacific hit with Hive, ALPHV ransomware attacks
US-based toy maker Jakks Pacific has fallen victim to not one, but two, ransomware gangs - Hive and ALPHV (BlackCat). Hive’s spokesperson told DataBreaches, the two groups agreed on one price they would split if Jakks paid: $5 million.
In a statement the toy maker has confirmed the incident and said that data that was unlawfully accessed potentially includes personal information (including names, emails, addresses, taxpayer identification numbers, and banking information of affected individuals and businesses).
Sophisticated cyber fraud ring made off with $660 million in goods
A new e-commerce fraud group believed to be operating out of Southeast Asia has been running a sophisticated operation involving data science, fraud detection, online payments, and e-commerce expertise that allowed the threat actor to rip off estimated $660 million in stolen laptops, cell phones, computer chips, gaming devices in November alone.
The fraudsters use stolen credentials and account takeover to place orders from unsuspecting consumers' accounts, often using stored payment methods. Then, they re-ship them to Asia for repackaging and resale at a premium.
Google Ads abused to spread malware in a new malvertizing campaign
Researchers at Guardio Security discovered a new malvertizing campaign that targets users searching for popular software products and utilizes Google ads to redirect potential victims to malicious websites that spread malware like Raccoon Stealer and Vidar.
Thousands of Citrix servers still unpatched against two critical bugs
NCC Group's Fox-IT research team has warned that thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities (CVE-2022-27510, CVE-2022-27518) that the vendor patched on November 8 and December 13, 2022, respectively. Earlier this month, the US National Security Agency (NSA) warned that Chinese hackers have been actively exploiting CVE-2022-27518 to hijack vulnerable devices.
Hackers steal $8M in assets from BitKeep wallets
Multiple users of the multichain crypto wallet BitKeep reported that funds in their wallets were stolen over the weekend. The hack appears to have affected users who downloaded unofficial versions of the app containing malicious code. While BitKeep did not reveal how much money was stolen in the incident, transaction tracking service PeckShield estimates that approximately $8 million worth of assets have been stolen so far.
BTC.com lost $3 million worth of crypto assets in a cyberattack
BTC.com, the seventh-largest Bitcoin mining pool, said it suffered a cyberattack that resulted in a significant loss of digital assets, including $700,000 in client crypto assets, and nearly $2.3 million assets belonging to the company. The company said it reported the incident to Chinese law enforcement, and that some of BTC.com’s digital assets have already been secured.
New ransomware strains emerge from leaked Conti’s source code
Cyble Research and Intelligence Labs (CRIL) released a report describing several new ransomware families such as Putin Team, ScareCrow, BlueSky, and Meow based on Conti’s source code leaked earlier this year.
ByteDance admits using TikTok to spy on reporters
Chinese tech giant ByteDance, the parent company of TikTok social media platform, admitted its employees accessed data from TikTok to track journalists in a bid to identify the source of leaks to the media. According to media reports, several employees had obtained the IP addresses of a Financial Times reporter and a former BuzzFeed reporter in order to determine whether they were in the same location as ByteDance colleagues suspected of leaking confidential information. However, the plan failed, partly because the IP addresses only revealed approximate location data. All the involved employees have been fired, the company said.
Researchers detail new evasion techniques used by GuLoader malware
CrowdStrike released a technical report highlighting multiple evasion techniques implemented by an advanced malware downloader called GuLoader.
GuLoader (aka CloudEyE) was first observed in 2019 as a file downloader that was used to distribute remote access trojans (RATs) like AgentTesla, FormBook, Nanocore, NETWIRE and the Parallax RAT. The early versions of GuLoader were distributed via spam email with archived attachments containing the malware.
Data from multiple US electric utilities stolen in a Black Basta ransomware attack
Multiple US electric utilities had their data stolen in an October Black Basta ransomware attack that targeted Chicago-based Sargent & Lundy, a US government contractor that handles critical infrastructure projects across the country. According to sources familiar with the matter, the incident was contained and remediated, and didn’t appear to have a broader impact on other power-sector firms. There is no evidence that the stolen data, which includes “model files” and “transmission data” the firm uses for utility projects, has been leaked on the dark web.
North Korean hackers targeted over 800 foreign policy experts from South Korea
North Korean state-backed hackers have targeted at least 892 foreign policy experts from South Korea to steal their personal data and email lists. It was also the first time the police observed North Korean hackers using ransomware in their attacks. Thirteen companies, mainly online retailers, were hit with ransomware attacks, but only two of them paid the 2.5 million won ($1,980) ransom.
North Korean hackers created nearly 500 phishing sites to steal NFTs
Threat actors linked to the well-known North Korean Lazarus Group APT are believed to be behind a massive phishing campaign targeting nonfungible token (NFT) investors that used nearly 500 phishing domains to dupe victims. One of the techniques used in the phishing campaign involved creating fake NFT-related websites with malicious mints. Such sites lure victims under the pretext of minting legitimate NFTs. Once they connect their wallets to the website, the hackers get access to the wallets and can steal the funds stored there.
EarSpy attack allows to spy on Android users via motion sensors
A group of researchers from five US universities devised a new attack method for Android smartphones that allows, to varying degrees, determine the gender and identity of the caller, and it can even decipher private conversations. Dubbed “EarSpy,” the side-channel attack is designed to capture motion sensor data readings caused by reverberations from ear speakers in mobile devices.