News

Crypto exchanges on the dark web are facing a "bank run" because of falling cryptocurrency prices, security researchers have discovered. The fall in value is making it harder for threat actors to "monetise" their attacks, fun malware-as-a-service operations or buy vulnerabilities. Cryptocurrencies have lost up to $1.8tn in value since the market's peak in November 2021, Dov Lerner, security research lead at Cybersixgill, suggested. Holders are exchanging their crypto for more stable currencies. Lerner also...

The Virginia Commonwealth University Health System (VCU) has warned almost 4500 transplant participants about a privacy breach affecting the healthcare information. The company warned that some transplant recipients' medical records included information about their donor too. Some recipient information also appeared on donors' records too. In some cases, this information has been exposed since 2006. The information visible included Social Security numbers, names, and medical record numbers, amongst other things. In total, 4441 people were...

During an attack earlier this week, Uniswap, a popular decentralised cryptocurrency exchange, lost close to $8million worth of Ethereum. The cyberattack has impacted many investors in digital assets. The threat actors used the lure of free UNI tokens (airdrops) to trick victims into approving a transaction that gave hackers full access to wallets. The trap was a disguised "setApprovalForAll" function that assigns or revokes full approval rights to the operator. This essentially allows the attacker...

A 2022 report by the security firm Digital Shadows analyzed 90 data leak sites on the dark web and found that there were a 705 victims in Q2. This is a 21% increase compared to Q1 where the firm found 582 victims on the same sites. The leading ransomware group was Lockbit, utilizing the new ransomware operation Lockbit 3.0, which they claim is the “world’s fastest and most stable ransomware”. Lockbit overtook the infamous Conti...

In Microsoft's latest Patch Tuesday update this week, Microsoft patched a zero-day bug that allowed remote execution on Windows machines and which is already being exploited in the wild. CVE-2022-22047 is an elevation of privilege vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS), which is responsible for Windows features, including the shutdown process. Details on how to exploit the bug have not been publicly disclosed. An attack that succeeds could, however, gain access to SYSTEM...

The U.S Federal Trade Commission (FTC), the U.S agency primarily responsible for consumer protection, warned that they would be cracking down on companies which illegally share or sell sensitive consumer data. This warning is in response to a growing consumer awareness surrounding the private market of personal data and the inability of a consumer to reasonably prevent such usage. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on...

Hackers are impersonating well-known cybersecurity companies in callback phishing emails to gain initial access to corporate networks. CrowdStrike have been recently targeted. Most phishing campaigns embed malicious links that lead to landing pages that steal login credentials or emails that include harmful attachments to install malware. Over the past year, threat actors have increasingly used "callback" phishing campaigns that impersonate well-known cybersecurity companies requesting victims to call a number to resolve a problem, cancel a...

On Tuesday, TikTok, the popular video-sharing platform, agreed to halt a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the platform without their permission. TechCrunch reported the reversal, which comes a day after the Italian data protection company (the Garante per la Protezione dei Dati Personali) warned the company against the change, citing violations of data protection laws. The Garante said, "The personal data stored in...

A report released by Panaseer, a cybersecurity company, last week suggests that cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims. The 2022 Cyber Insurance Market Trends Report found that there is a lack of confidence in underwriting processes. Nearly one in 10 respondents admitted that they were 'not that confident' in their underwriting capabilities for cyber insurance. Only 44% of insurers said that they...

Salt Security, the API security company, has been accepted as part of the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, to address the prevalence of API-driven businesses, along with how to secure them and not put customers at risk. ISV a co-sell program for AWS Partners who provide software solutions that run on or integrate with AWS. Acceptance, the company says, validates the proven integration of the Salt Security API Protection Platform...