New research by cybersecurity firm, Cyble Research Team, revealed that on May 29, data for more than 80,000 credit cards were put up for sale on the dark web. The data from these cards appears to have been gathered from various countries around the world. According to the announcement, the data leak involved credit card details from various countries, such as the United States (33K), France (14K), Australia (5K), United Kingdom (5K), Canada (2K), Singapore (1.2 K) and India (1.3K). They include both Visa and Mastercard, according to the information collected by Cyble. The price of each credit card, which …

In a May 28 virtual roundtable before the congressional Subcommittee on National Security, International Development and Monetary Policy, witnesses and congresspeople alike feared that they are not keeping up with criminals hacking the financial system. Criminals have better resumes than government agents One witness, Guillermo Christensen, a partner at law firm Ice Miller, admired the cyber talent operating illegally: “We are always playing catch up with the criminals. [...] It’s very hard to find people who are as qualified as some of these criminal hackers, frankly, to take apart their schemes and trace them.” Another issue is the overclassification of …

Microsoft's security team revealed a new ransomware that is deployed in human-operated attacks. It uses "brute force" against a target company's systems management server, and mainly has targeted the healthcare sector amid the COVID-19 crisis. According to a series of tweets published by the tech giant on May 27, the human-operated ransomware attack, named "PonyFinal", requires hackers to break the security scheme of corporate networks in order to deploy the ransomware manually. That means PonyFinal doesn't rely on tricking the users into launching the payload through phishing links or emails. A Java-based ransomware attack The Java-based Pony Final deploys a …

A study unveiled on May 28 by the National Police of Colombia shows that ransomware attacks are a rising trend across the country. The report notes that 30% of all ransomware attacks within Latin American have specifically targeted Colombia. The report, made in alliance with Cisco, McAfee, Microsoft, Absolute, Fortinet, and Claro, states that the threat of ransomware in Colombia is “underestimated.” The quantity of Colombian attacks are followed by Peru (16%), Mexico (14%), Brazil (11%), and Argentina (9%), with SMEs being the preferred targets of cybercriminals. The study shows that 83% of companies in the country lack response protocols …

New York City resident Vitalii Antonenko was charged for allegedly participating in a $94 million Bitcoins-for-cards scheme, according to a May 27 statement from the United States Attorney's Office for the District of Massachusetts. He is now facing up to 20 years in jail and $500,000 in fines. Antonenko was arrested in March 2019 at New York’s John F. Kennedy International Airport after he arrived there from Ukraine carrying devices “that held hundreds of thousands of stolen payment card numbers”. According to the prosecution, the suspect and his co-conspirators used SQL injection attacks to extract payment card data from vulnerable …

Ken Deeter, a partner at crypto venture firm, Electric Capital, proposed a pragmatic approach to ensure decentralized finance, or DeFi, projects are not exploited due to bugs in the system. In an article published on May 27 through the Electric Capital blog, Deeter calls for DeFi projects to introduce “better risk management.” This largely comes as a response to the many hacks and protocol failures that occurred in recent months, like the temporary theft of $25 million from the dForce protocol. Deeter believes that DeFi should adopt some of the established techniques in the tech industry, which makes heavy use …

According to a report by an online monitoring web portal, Under the Breach, a hacker was able to penetrate the privacy protocols of major firms such as Trezor, Ledger and Bnktothefuture on May 24 and walk away with a host of sensitive customer data, including email addresses, home addresses and phone numbers. The documents posted by Under the Breach claimed that the hacker was in possession of three large databases that allegedly contained the details of more than 80,000 customers. In this regard, it was also rumored that the hacker was able to procure the above-stated information via an exploit …

The Blue Mockingbird malware gang has infected more than 1,000 business systems with Monero mining malware since December 2019. The global scale of the hacker group’s operations was revealed by cloud security firm Red Canary on May 26. The report outlined the group’s methodology. The malware attacks servers running ASP.NET applications and exploits a vulnerability to install a web shell on the attacked computer and obtain administrator-level access to modify the server settings. Next, the cybercriminals install the XMRRig application to take advantage of the resources of the infected machines. Most of the infected computers belong to large companies, though …

The hacker claiming to be selling user databases from top hardware wallet manufacturers Ledger, Trezor, and KeepKey appears to actually be peddling bunk, according to SatoshiLabs. On May 24, cybercrime monitoring blog Under the Breach reported that a hacker had begun advertising the customer databases of popular hardware wallet companies for sale. The data purportedly included the full names and physical addresses for over 80,000 user accounts. Under the Breach tweeted screenshots suggesting that the hacker obtained the databases by exploiting a vulnerability of popular e-commerce platform Shopify. “Don’t offer me low dolar, only big money allowed,” the hacker warns …

Ellis Pinksy, the hacker who allegedly masterminded the theft of $23.8 million worth of crypto from pioneering investor, Michael Terpin, planned on retiring after the heist at the age of 15. However, after turning 18, Pinsky became the subject of a $71.4 million civil suit from Michael Terpin, who is seeking damages equal to triple the sum that was stolen three years ago. 18-year-old sued for $71.4 million for crypto theft At one point, Pinsky allegedly told the informant “I could buy you and all your family. I have 100 million dollars.” In the complaint, the acquaintance also noted spotting …

The hacker that breached the Ethereum.org forum is allegedly selling the databases for the three most-popular crypto hard wallets — Ledger, Trezor, and KeepKey. The three databases contain the name, address, phone number, and email for more than 80,000 users combined, however, they do not contain passwords for the accounts. The hacker has also recently listed the SQL database for online investment platform, BnkToTheFuture. Ledger and Trezor databases reportedly compromised On May 24, cyber crime monitoring website, Under the Breach, spotted the hacker’s new listings for the databases of the top hardware wallet providers. The hacker claims to be in …

Blockchain technology has become synonymous with privacy and security, but those very characteristics have been put to the test over the past decade. With historical roots embedded in cryptography, many blockchain and cryptocurrency projects purport to offer unbridled security and privacy measures. The industry is split between public blockchain platforms like Bitcoin and private or permissioned blockchains focused on enterprise use. Cointelegraph has previously explored the ins and outs of privacy concerns around blockchain technology, but the security of these systems is a major consideration on its own. In the years since Bitcoin’s (BTC) inception, a multitude of cryptocurrencies has …