Crypto scammers responsible for what could be the largest ever hack on Twitter were able to succeed because individual employees have high levels of access to information and control on the platform. In a series of tweets from Twitter Support on July 15, the help center of the social media platform confirmed that hackers responsible for the massive breach of high-profile figures’ accounts had conducted a “coordinated social engineering attack” to gain “access to internal systems and tools.” “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter Support …

After a massive number of Twitter accounts were hacked on July 15, one of the affected, Tron founder Justin Sun, put a bounty on the heads of those responsible. Tron's founder will give $1 million to the person or persons responsible for tracking down the hackers and providing pertinent data on the situation, Sun, CEO of BitTorrent and Founder of TRON told, Cointelegraph. Sun added: “We are working closely with Twitter to resolve this issue immediately and return our accounts to normal. We are always vigilant in the handling our accounts; operating safely and responsibly -- taking the security of …

The MGM Resort suffered a massive data breach in 2019 that left 142 million hotel guests exposed. A hacker is now selling the stolen database for roughly $2,900. According to the information revealed by ZDNet, a dark web marketplace claims that data from 142,479,937 MGM hotel guests are on sale. Preferred payment is denominated in Bitcoin (BTC) and Monero (XMR). MGM Resorts confirmed the data breach, stating that they’re aware of the scope of this previously reported incident from 2019. No financial data was leaked However, according to the research, the cybercriminal did not leak any sensitive data from the …

A recent study revealed that over 15 billion credentials are in circulation via the dark web, representing a 300% increase since 2018. Available information ranges from network access credentials, banking login data, and even streaming services accounts from Netflix. According to research conducted by the cybersecurity firm Digital Shadows, part of the leaked data is even circulating for free. The report warns that the reason that so many account credentials are available online is that people are using non-complex passwords that can be easily brute-forced using hacking tools. Access to corporate networks as an open door for ransomware attacks Among …

A Ukrainian hacker got caught selling confidential information gathered from Ukrainian central government databases. According to a media release from the Ukrainian Cyberpolice, a hacker whose identity was not disclosed was able to break into many government databases by compromising personal accounts of authorized staff. The hacker reportedly used brute force approaches to break into email addresses and social media accounts. Through this simple method, he appears to have found 50 government databases with up-to-date information. He then sought to sell the captured information on hacker forums in exchange for cryptocurrency. Authorities did not disclose which currency was used. The …

Retail and enterprise blockchain adoption trends dominated the discussions on days three and four of the ongoing virtual conference Unitize, organized by BlockShow and San Francisco Blockchain Week and sponsored by crypto derivatives exchange ByBit. The key topic that dominated discussion was blockchain adoption, which continues to spread across the globe, with governments and corporate establishments developing solutions based on distributed ledger technology. Exploring the blockchain development landscape Speaking during one of Wednesday’s panels at the conference. Yi Ming Ng, a member of the Tribe Accelerator project in Singapore, and Marloes Pomp, a blockchain consultant with the Dutch government, shed …

Speaking at Unitize virtual event, Coin Metrics researcher Lucas Nuzzi suggested that one way for exchanges to fight back against the hackers is by renting mining power from online marketplaces. Six confirmations ticking countdown Nuzzi conjectured that an exchange which has been hacked could rent enough hashing power through an online marketplace to force a favorable network reorganization: “So, it is essentially a technique to try and reorg yourself by renting mining power and doing that work where if you’re an exchange and you've been hacked, within those six work confirmations that the network is expecting to be considered final. …

The U.S. Department of Justice, or DoJ, indicted Andrey Turchin, known under the pseudonym "fxmsp," with various federal crimes. Turchin allegedly founded a cybercrime group that targeted the computer networks of several companies. After stealing each company’s data, Turchin’s group allegedly sold the data on the dark web. Turchin, a 37 year old Kazakhstan national, is affectionately known on the dark web as "the invisible god of networks." He allegedly sold access to thousands of networks breached with his malware attacks, amassing a million dollar crypto fortune over the course of three years. The Western District of Washington is now …

Leading crypto hardware wallet producer Ledger has denied that its product’s transaction management software featured a double-spend vulnerability. According to Ledger’s CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is — in fact — nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph: “It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever …

Cross-platform database company, MongoDB, is the latest victim of a cybercriminal attack. This attack has infiltrated 22,900 unsecured databases by wiping their contents. The gang behind the attack has since requested Bitcoin (BTC) payments in exchange for a backup of the data. According to WeLiveSecurity from the cybersecurity firm ESET, if the ransom isn't paid in two days, the hacker, or a gang of cybercriminals, threatened to notify authorities in charge of enforcing European Union's General Data Protection Regulation, or GDPR. A report published by ZDNet explains that the number of databases compromised in the “Wiping & Ransom” attack account …

A new ransomware is targeting macOS users who download installers for popular apps via torrent files. Known as EvilQuest, the attack was first spotted by Dinesh Devadoss, a K7 Lab malware researcher. Findings show that EvilQuest has been quite active since the start of June 2020. Malware lab firms, like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through torrent sites and warez forums. Same BTC address used EvilQuest asks victims to pay a ransom through the same static Bitcoin (BTC) address in every documented attack. One of the first signs that EvilQuest has deployed an …

A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …