Category Archives: bitcoin

Bitcoin Price Action Cools Following Tether-Induced Volatility

Bitcoin’s price action narrowed on Tuesday, as markets consolidated in the wake of yesterday’s Tether-inspired upsurge. BTC/USD The price of bitcoin reached a high of $6,897.60 on Bitfinex Tuesday, as markets returned to a narrower trading range. The leading digital currency by market capitalization and trade volumes was last spotted around $6,744, where it was […]

The post Bitcoin Price Action Cools Following Tether-Induced Volatility appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Settle Down After Crazy Monday

The cryptocurrency segment has been relatively quiet since yesterday’s spike and the subsequent pullback, with the majors settling down above their pre-surge levels, but well below the highs hit amid Tether’s slump. Bitcoin has been among the stronger coins while Ripple has been the most active top coin, as bulls and bears are fighting for […]

The post Crypto Update: Coins Settle Down After Crazy Monday appeared first on Hacked: Hacking Finance.

“The Core of Any Blockchain Project is Decentralization” – Jack Zhang, Lightning Bitcoin

Lightning Bitcoin is a fork of the ‘first-crypto-currency’ Bitcoin about which we decided to take the opportunity recently to speak to advisor Jack Zhang (AKA DianfuDatou / 点付大头 – known best as a Founder of Chainfunder and DAF). Discussion topics include: what makes this project unique, as well as how you shouldn’t get it confused […]

The post “The Core of Any Blockchain Project is Decentralization” – Jack Zhang, Lightning Bitcoin appeared first on Hacked: Hacking Finance.

Crypto Update: Tether Chaos Triggers Spike, Bulls Beware of Reversals

While the week started out on a negative note, with the major cryptocurrencies selling off after the Asian market open, the European session saw a price rally that originated in a major market dislocation in Tether, the largest stablecoin. USDT/USD, 4-Hour Chart Analysis The spike affected coins and exchanges differently, and sellers quickly took control […]

The post Crypto Update: Tether Chaos Triggers Spike, Bulls Beware of Reversals appeared first on Hacked: Hacking Finance.

Crypto Markets Add $20 Billion Overnight in Bitcoin-Inspired Surge

The cryptocurrency market capitalization rose by as much as $20 billion on Monday, with bitcoin leading the surge after investors cut ties to USDT, a controversial stablecoin that is pegged to the U.S. dollar. Market Update The combined value of all coins in circulation reached a high of $221.6 billion at 02:57 UTC, according to […]

The post Crypto Markets Add $20 Billion Overnight in Bitcoin-Inspired Surge appeared first on Hacked: Hacking Finance.

Ripple Price Analysis: XRP/USD Shoots Higher For Further Correction, Trump Administration Discuss XRP

Ripple has been in regular discussions with the Trump administration on XRP and other cryptos. XRP/USD receives a strong bid on Monday, making another attempt at correcting the heavy drop.  XRP Discussions with Trump Administration Ripple’s chief marketing strategist Cory Johnson, in an interview, revealed Ripple has been discussing XRP with the Trump administration. He […]

The post Ripple Price Analysis: XRP/USD Shoots Higher For Further Correction, Trump Administration Discuss XRP appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Fall After a Quiet Weekend

The cryptocurrency segment stabilized this weekend after a technically important breakdown that shifted the short-term outlook to clearly bearish. While the stability was a small plus for bulls, the lack of bullish momentum and the fact that the majors remained below key resistance levels meant that most of the coins remained on sell signals in […]

The post Crypto Update: Coins Fall After a Quiet Weekend appeared first on Hacked: Hacking Finance.

A Few Lessons From Last Week

There is an adage on Wall Street.  It is quite old. It was passed down to me from my grandfather last Wednesday.  It goes something like this. When the cops raid the brothel, they take everybody including the piano player.   No matter when the notion originated, it applies directly, and painfully, to last week’s […]

The post A Few Lessons From Last Week appeared first on Hacked: Hacking Finance.

Bitcoin Price Treads Water as Market Eyes Maturity

Bitcoin’s price hovered within a narrow range on Sunday, as plunging trade volumes kept rally caps in check following a rocky end to the previous week. BTC/USD Update The bitcoin price fluctuated within a $70 range on Sunday, reaching a high of $6,3399.30 on Bitfinex. At the time of writing, BTC/USD was valued at $6,368 […]

The post Bitcoin Price Treads Water as Market Eyes Maturity appeared first on Hacked: Hacking Finance.

Trade Recommendation: TRON

The TRON/Bitcoin (TRX/BTC) dropped to as low as 0.00000259 on August 16, 2018. At that price level, the market was down by over 87% from the 2018 peak of 0.00002047. Fortunately for TRX/BTC, 0.0000026 is a buy zone. Bulls used this level back in December 2017 as a staging ground to launch its parabolic run. […]

The post Trade Recommendation: TRON appeared first on Hacked: Hacking Finance.

Crypto Markets Stabilize in Low-Volume Trade; World Bank President Hails Blockchain

Cryptocurrency prices were little changed on Saturday, as investors shifted to the sidelines following a brisk technical selloff that knocked $20 billion off market values. Market Update The combined value of all cryptocurrencies in circulation continues to hover near $202 billion, according to CoinMarketCap. Values plummeted more than $20 billion last week to a low […]

The post Crypto Markets Stabilize in Low-Volume Trade; World Bank President Hails Blockchain appeared first on Hacked: Hacking Finance.

Fake Flash updates upgrade software, but install crypto-mining malware

According to cybersecurity firm Palo Alto Networks, it discovered a fake Flash updater that has been duping conscientious computer users since August. The fake updater installs files to sneak a cryptocurrency mining bot called XMRig, which mines for Monero.

But here's the catch, while the fake updater is installing the XMRig malware, it's also updating the user's Flash.

Via: The Next Web

Source: Palo Alto Networks

Bitcoin Update: 2018 and 2014 Bear Market Comparison

Technical analysis is the study of historical price action in an attempt to forecast future price movement. The assumption is that history tends to repeat itself and that human emotions such as fear and excitement can be predictable. That’s why technical traders and investors rely heavily on price action, volume, and other indicators to get […]

The post Bitcoin Update: 2018 and 2014 Bear Market Comparison appeared first on Hacked: Hacking Finance.

Litecoin Price Analysis: LTC/USD $50 Level Comes to The Rescue, as Buying Returns

Litecoin (LTC) price received a decent bounce ahead of the big psychological $50 mark on Friday. LTC/USD dropped to the lowest levels seen since 18th September, recovery is now eyed, following the steep fall. Litecoin (LTC) had suffered a bout of selling pressure during the prior session, as seen across the cryptocurrency market. LTC/USD initially […]

The post Litecoin Price Analysis: LTC/USD $50 Level Comes to The Rescue, as Buying Returns appeared first on Hacked: Hacking Finance.

After Plunging with Broader Markets, Bitcoin Price Regains Footing Above $6,300

Bitcoin experienced a quick and painful pullback on Thursday, as the leading digital currency failed to assert itself as an alternative safe haven following a series of massive selloffs on Wall Street and in global markets. That said, BTC appears to have regained its footing after successfully defending a key technical and psychological support. BTC/USD […]

The post After Plunging with Broader Markets, Bitcoin Price Regains Footing Above $6,300 appeared first on Hacked: Hacking Finance.

Crypto Update: Altcoins in Trouble Despite Bounce as Bitcoin Holds Above $6000

While the major cryptocurrencies experienced an oversold bounce in Asian trading today, the key technical breakdowns in the segment are intact. The top altcoins extended their losses before the bounce, but Bitcoin held up relatively well again, avoiding a test of the $6000 level and staying well above the key long-term support zone that might […]

The post Crypto Update: Altcoins in Trouble Despite Bounce as Bitcoin Holds Above $6000 appeared first on Hacked: Hacking Finance.

What is Blockchain? Everything you need to know

Like much of the technology world, cryptocurrencies such as Bitcoin still rely on some form of database that are able to track large volumes of transactions and keep them secure.The

The post What is Blockchain? Everything you need to know appeared first on The Cyber Security Place.

The Cryptocurrency Industry is ‘On the Brink of an Implosion’, Research Says

Echoing sentiments of mainstream economists, Juniper Research is warning that many of the metrics in the cryptocurrency world are pointing to a market implosion. From a report: Industry bellwether Bitcoin had seen its daily transaction volumes fall from an average of around 360,000 a day in late 2017 to just 230,000 in September 2018. Meanwhile, daily transaction values were down from more than $3.7 billion to less than $670 million in the same period, Juniper said in the study, The Future of Cryptocurrency: Bitcoin & Altcoin Trends & Challenges 2018-2023. The market as a whole has contracted quickly as well. In the first quarter, cryptocurrency transactions totaled just over $1.4 trillion, compared with less than $1.7 trillion for 2017 as a whole, Juniper said. However, by the second quarter, transaction values had plummeted by 75 percent, with total market capitalization falling to just under $355 billion. "Based on activity during the first half of Q3, Juniper estimates a further 47 percent quarter-on-quarter drop in transaction values in that quarter," the researcher said in an accompanying white paper.

Read more of this story at Slashdot.

Finally Time To Switch Away From Stocks?

I know that talk is cheap and for the last few months I have babbled on about inflated stock prices and the relative values to be had in cryptocurrencies, so it is ok if you roll your eyes and sigh.  But the relative value case has an inevitability to it that is can’t be ignored. In […]

The post Finally Time To Switch Away From Stocks? appeared first on Hacked: Hacking Finance.

Dark web kingpin visiting US for beard competition gets 20 years in prison

By Waqas

Dream Market Drug Vendor arrived in the US to participate in a beard competition in Texas. A Dark Web drug dealer has received 240 months or 20 years in prison after he pleaded guilty to the crimes of laundering money and possessing controlled substances with the intention of distributing them. The convict, Gal Vallerius, is […]

This is a post from HackRead.com Read the original post: Dark web kingpin visiting US for beard competition gets 20 years in prison

Bitcoin Whales to the Rescue?

Last month, we asked whether a whale had sunk bitcoin following a sharp and sudden decline for the world’s leading digital currency. As it turns out, these oversized holders could be playing a vital role in stabilizing the market. Not-So-Killer Whales New research by Chainanalysis purports to show that bitcoin whales have a stabilizing role […]

The post Bitcoin Whales to the Rescue? appeared first on Hacked: Hacking Finance.

Ethereum Price Analysis: Flood Gates are Open as Price Plummets Lower from Rising Wedge Pattern

Ethereum (ETH) is at threat of firmly giving up the $200 level, on the back of a crypto market wide sell-off. ETH/USD breaks aggressively from rising wedge pattern, running towards third consecutive week of losses.  Ethereum Price Pressure The Ethereum (ETH) price came crashing out from a rising wedge pattern on Thursday. As a result, […]

The post Ethereum Price Analysis: Flood Gates are Open as Price Plummets Lower from Rising Wedge Pattern appeared first on Hacked: Hacking Finance.

Bitcoin Price Takes a Dive as Bitfinex Suspends Fiat Deposits

Bitcoin’s sudden and rapid price collapse on Thursday may have forced one of the world’s largest exchanges to temporarily suspend all fiat deposits. The selloff, which began at roughly 20:00 UTC Wednesday, wiped out roughly $6 billion in bitcoin’s market cap. BTC/USD Update The price of bitcoin touched an intraday low of $6,220 on Bitfinex, […]

The post Bitcoin Price Takes a Dive as Bitfinex Suspends Fiat Deposits appeared first on Hacked: Hacking Finance.

Ripple Price Analysis: XRP/USD Downside Risks Intensify as a Hole is Pierced in Major Support Area

Ripple price was under heavy pressure on Thursday, due to a chunky crypto-market wide sell-off. XRP/USD bears have applied further pressure to break down a key demand area. Ripple Price Pressure The Ripple price came under heavy selling pressure on Thursday, due to a bloodbath being observed across the crypto market. XRP/USD is seen down over […]

The post Ripple Price Analysis: XRP/USD Downside Risks Intensify as a Hole is Pierced in Major Support Area appeared first on Hacked: Hacking Finance.

Could Bitcoin Challenge Ethereum?

I know it sounds like a silly question but one that may be asked increasingly if certain things fall into place.  When it comes to challengers, most of the time we hear of Ethereum killers like EOS, Stellar NEO or IOTA, to name a few.  The key selling point to each is scalability.  By building […]

The post Could Bitcoin Challenge Ethereum? appeared first on Hacked: Hacking Finance.

Bitcoin Cash Price Analysis: Roger Ver Planning to Launch an Exchange with BCH as the Base-currency

The CEO of Bitcoin.com, a digital currency wallet provider, noted that the organization is exploring launching its own exchange. Bitcoin Cash (BCH) still looks promising for a potential bull rally, despite the minor downturn seen. Bitcoin Cash Advocate Exploring Exchange Offering Roger Ver was speaking during an exclusive interview with Bloomberg in Malta, making it […]

The post Bitcoin Cash Price Analysis: Roger Ver Planning to Launch an Exchange with BCH as the Base-currency appeared first on Hacked: Hacking Finance.

Bitcoin Price Tows the Line Above $6,600; Mining Becomes Unprofitable for the First Time

Bitcoin resumed its narrow-bound trading on Tuesday, though prices remained well supported above a key trend line following a modest breakout at the start of the week. BTC/USD Update The price of bitcoin fluctuated within a $57 range on Bitfinex, marking one of the lowest volatility days of the year. At press time, BTC was […]

The post Bitcoin Price Tows the Line Above $6,600; Mining Becomes Unprofitable for the First Time appeared first on Hacked: Hacking Finance.

Crypto Update: Rally Attempts Fails Again as Ripple Weighs

The cryptocurrency segment still resembles a swamp, as prices are stuck in narrow trading ranges, with no major moves in any of the top coins for almost a week now, except the short-term breakdown in Ripple.  It’s no surprise that the technical picture is unchanged, with a slightly mixed short-term outlook and a still overwhelmingly […]

The post Crypto Update: Rally Attempts Fails Again as Ripple Weighs appeared first on Hacked: Hacking Finance.

The Ethical Hacker Network: Webinar: Blockchain Hacking for Investigating Cryptocurrencies on Oct 24 2018

Register Now to Learn Blockchain Hacking Step-by-Step!

Nick Furneaux, forensics trainer, investigator & author of "Investigating Cryptocurrencies" takes you through a journey of code and tools to unpick the movement of illegal funds through the blockchain during this fascinating, FREE EH-Net Live! webinar on Wednesday October 24, 2018 at 1:00 PM US Eastern. Join us live to learn how to win free copies of his book!

The post Webinar: Blockchain Hacking for Investigating Cryptocurrencies on Oct 24 2018 appeared first on The Ethical Hacker Network.



The Ethical Hacker Network

How Secure Are Bitcoin Wallets, Really?

Purchasers of Bitcoin wallets usually have one priority topping their lists: security. What’s the truth about the security of these wallets?

When buying conventional wallet coins and paper money, people often prioritize characteristics like the size, color, shape, and number of compartments.

However, purchasers of Bitcoin wallets — the software programs that facilitate storing someone’s cryptocurrency-related wealth — usually have one priority topping their lists: security.

So, the companies behind those wallets wisely emphasize why their products are more secure than what competitors offer and why that’s the case. But, beyond the marketing language, what’s the truth about the security of these wallets?

Guessing an Individual Bitcoin Wallet Key Is Tremendously Unlikely, Crypto Expert Says

People appreciate comparisons when thinking about the likelihood something might happen. Brian Liotti of the website Crypto Aquarium had that in mind when he carried out research and found the probability of guessing a Bitcoin key for one wallet is as likely as winning the Powerball nine times in a row.

So, that’s undoubtedly comforting to people who raise their eyebrows at the prospect of using a digital method to store their cryptocurrency investments.

A Wallet Owner Gets Locked out for Months

There’s also the detailed account of Mark Frauenfelder, who owned a Trezor wallet and couldn’t access it for several traumatizing months after misplacing the PIN that served as recovery words for the software. His tale of woe proves a hacker couldn’t contact a Bitcoin wallet manufacturer, masquerade as a wallet owner and get the goods for access.

A Teenager Hacked a Tamper-Proof Wallet

Ledger, a French company that sells Bitcoin wallets, found itself receiving unwanted publicity when a British teenager disclosed a proof of concept that allowed him to break into the Ledger Nano S, a wallet the company had advertised as unhackable. The hack focuses on the device’s microcontrollers.

One of them stores the wallet’s private key and the other acts as a proxy. The proxy microcontroller is reportedly so insecure it cannot differentiate between authentic firmware and that which a cybercriminal creates.

This case study, as well as others associated with less-than-locked-down Bitcoin wallets, emphasizes how people should not get too comfortable after buying a Bitcoin wallet, even one considered as being among the best of the best. The same goes for storing other types of money: Following best practices is always the ideal approach.

If a person owns collector coins, it’s essential to learn how to protect them from potential sources of damage — such as temperature extremes, acids and humidity. Although they exist in the cyber-realm, Bitcoins need safeguards of their own concerning hackers, especially as even the most high-tech options show they need improvement.

Alleged Break-Ins to McAfee’s Wallet

The Bitfi Bitcoin wallet, backed by cybersecurity executive John McAfee, offered a $250,000 bounty to anyone who could successfully hack it. And, in August 2018, a security research firm called OverSoft NL claimed success. The company behind the wallet then issued a second bounty in an attempt to find the weaknesses.

People in the cybersecurity sector expressed their frustrations about the reward, since participants have to abide by the company’s rules. In other words, if cybersecurity experts hacked the wallet in a way the company didn’t specify, they would not win the reward.

But, hacks carried out by malicious players never seem to follow such parameters. Often, they involve unusual methods that exploit vulnerabilities the manufacturer never fathomed. Other people said they had hacked the wallet before OverSoft NL, but not per the company’s rules.

Even representatives from the cybersecurity firm expressed doubts that they’d actually receive the money, believing the bounty to be nothing more than a marketing ploy. The bounty program has since become discontinued, with the company promising to launch another soon.

The Marketing Language Could Tempt Hackers

Whenever something in the tech industry gets presented as impossible to infiltrate, both ethical and malicious hackers frequently see a challenge to try and prove otherwise.

As John McAfee spoke of his wallet on Twitter, the tone could easily come across as overconfident and cocky: “For all you naysayers who claim that ‘nothing is unhackable’ & who don’t believe that my Bitfi wallet is truly the world’s first unhackable device, a $100,000 bounty goes to anyone who can hack it…” And indeed, hackers got to work and accepted the challenge.

Cryptocurrency Wallet Owners Cannot Be Too Careful

Although we’ve seen here how research shows Bitcoin wallet hacks are unlikely and that a wallet owner himself couldn’t even get access to his funds after losing the PIN, case studies show hacks are still possible.

People should always perform adequate research about security measures built into individual wallets but also use them intelligently by following good cyber security habits and never assuming a wallet couldn’t get hacked.

About the author

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com. To learn more about Kayla and her recent projects, visit her About Me page.

 

 

Pierluigi Paganini

(Security Affairs – Bitcoin, cybercrime)

The post How Secure Are Bitcoin Wallets, Really? appeared first on Security Affairs.

Security Affairs: How Secure Are Bitcoin Wallets, Really?

Purchasers of Bitcoin wallets usually have one priority topping their lists: security. What’s the truth about the security of these wallets?

When buying conventional wallet coins and paper money, people often prioritize characteristics like the size, color, shape, and number of compartments.

However, purchasers of Bitcoin wallets — the software programs that facilitate storing someone’s cryptocurrency-related wealth — usually have one priority topping their lists: security.

So, the companies behind those wallets wisely emphasize why their products are more secure than what competitors offer and why that’s the case. But, beyond the marketing language, what’s the truth about the security of these wallets?

Guessing an Individual Bitcoin Wallet Key Is Tremendously Unlikely, Crypto Expert Says

People appreciate comparisons when thinking about the likelihood something might happen. Brian Liotti of the website Crypto Aquarium had that in mind when he carried out research and found the probability of guessing a Bitcoin key for one wallet is as likely as winning the Powerball nine times in a row.

So, that’s undoubtedly comforting to people who raise their eyebrows at the prospect of using a digital method to store their cryptocurrency investments.

A Wallet Owner Gets Locked out for Months

There’s also the detailed account of Mark Frauenfelder, who owned a Trezor wallet and couldn’t access it for several traumatizing months after misplacing the PIN that served as recovery words for the software. His tale of woe proves a hacker couldn’t contact a Bitcoin wallet manufacturer, masquerade as a wallet owner and get the goods for access.

A Teenager Hacked a Tamper-Proof Wallet

Ledger, a French company that sells Bitcoin wallets, found itself receiving unwanted publicity when a British teenager disclosed a proof of concept that allowed him to break into the Ledger Nano S, a wallet the company had advertised as unhackable. The hack focuses on the device’s microcontrollers.

One of them stores the wallet’s private key and the other acts as a proxy. The proxy microcontroller is reportedly so insecure it cannot differentiate between authentic firmware and that which a cybercriminal creates.

This case study, as well as others associated with less-than-locked-down Bitcoin wallets, emphasizes how people should not get too comfortable after buying a Bitcoin wallet, even one considered as being among the best of the best. The same goes for storing other types of money: Following best practices is always the ideal approach.

If a person owns collector coins, it’s essential to learn how to protect them from potential sources of damage — such as temperature extremes, acids and humidity. Although they exist in the cyber-realm, Bitcoins need safeguards of their own concerning hackers, especially as even the most high-tech options show they need improvement.

Alleged Break-Ins to McAfee’s Wallet

The Bitfi Bitcoin wallet, backed by cybersecurity executive John McAfee, offered a $250,000 bounty to anyone who could successfully hack it. And, in August 2018, a security research firm called OverSoft NL claimed success. The company behind the wallet then issued a second bounty in an attempt to find the weaknesses.

People in the cybersecurity sector expressed their frustrations about the reward, since participants have to abide by the company’s rules. In other words, if cybersecurity experts hacked the wallet in a way the company didn’t specify, they would not win the reward.

But, hacks carried out by malicious players never seem to follow such parameters. Often, they involve unusual methods that exploit vulnerabilities the manufacturer never fathomed. Other people said they had hacked the wallet before OverSoft NL, but not per the company’s rules.

Even representatives from the cybersecurity firm expressed doubts that they’d actually receive the money, believing the bounty to be nothing more than a marketing ploy. The bounty program has since become discontinued, with the company promising to launch another soon.

The Marketing Language Could Tempt Hackers

Whenever something in the tech industry gets presented as impossible to infiltrate, both ethical and malicious hackers frequently see a challenge to try and prove otherwise.

As John McAfee spoke of his wallet on Twitter, the tone could easily come across as overconfident and cocky: “For all you naysayers who claim that ‘nothing is unhackable’ & who don’t believe that my Bitfi wallet is truly the world’s first unhackable device, a $100,000 bounty goes to anyone who can hack it…” And indeed, hackers got to work and accepted the challenge.

Cryptocurrency Wallet Owners Cannot Be Too Careful

Although we’ve seen here how research shows Bitcoin wallet hacks are unlikely and that a wallet owner himself couldn’t even get access to his funds after losing the PIN, case studies show hacks are still possible.

People should always perform adequate research about security measures built into individual wallets but also use them intelligently by following good cyber security habits and never assuming a wallet couldn’t get hacked.

About the author

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com. To learn more about Kayla and her recent projects, visit her About Me page.

 

 

Pierluigi Paganini

(Security Affairs – Bitcoin, cybercrime)

The post How Secure Are Bitcoin Wallets, Really? appeared first on Security Affairs.



Security Affairs

Crypto Update: Rosy Outlook for IOTA/Bitcoin

Technical analysis is all about making sense of chaos. To do that, you must be able to shut the noise and focus on the long-term direction. For instance, a plummet of over 75% can be so overwhelmingly loud that participants who were once invested in the asset might never look at it again. However, those […]

The post Crypto Update: Rosy Outlook for IOTA/Bitcoin appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bread/Bitcoin

The Bread/Bitcoin pair took out resistance of 0.00005 on September 17, 2018. This triggered the breakout from the falling wedge on the daily chart. The price action attracted more bargain hunters and momentum traders. The surge in demand enabled the market to climb to as high as 0.0000761 on October 4. Unfortunately for buyers at […]

The post Trade Recommendation: Bread/Bitcoin appeared first on Hacked: Hacking Finance.

Bitcoin Price Crosses $6,700 as New Signs of Life Emerge

Bitcoin is showing new signs of life Monday, as declining volatility and rebounding trade volumes put markets on course for bigger short-term gains. BTC/USD Update Bitcoin’s price breached $6,700 for the first time since Sept. 28, signaling renewed upside in the market. At press time, BTC was trading at $6,668.40 on Bitfinex for a daily […]

The post Bitcoin Price Crosses $6,700 as New Signs of Life Emerge appeared first on Hacked: Hacking Finance.

Crypto Update: Week Starts on a Bullish Note as Sideways Drift Continues

The major cryptocurrencies haven’t made meaningful progress during the weekend, with Ripple’s move below support being the most important change in the technical setups. Today, we saw some positive price action in early trading, as Chinese markets reopened following the Golden Week, and traditional financial markets remained in a risk-off mood. The top coins are […]

The post Crypto Update: Week Starts on a Bullish Note as Sideways Drift Continues appeared first on Hacked: Hacking Finance.

Trust flourishes in blockchain

if implemented effectively, blockchain has the potential to transform the way we do business. After several years spent in the shadow of bitcoin, it’s time for blockchain, the technology on

The post Trust flourishes in blockchain appeared first on The Cyber Security Place.

Crypto Slumber: Time To Wake Up?

How many times this year did we hope for stability in the crypto market?  Well, now we are having all the quiet and calm anyone could ever want. But what good is stability anyway? The answer to that question is easy: lots of things.   For one thing we have learned that mass acceptance of […]

The post Crypto Slumber: Time To Wake Up? appeared first on Hacked: Hacking Finance.

Crypto Update: Ripple Breaks Support as Market Ticks Lower

Choppy trading continues in the cryptocurrency segment, with most of the major still stuck in narrow trading ranges, with little changes in the technical setup. Ripple is back in the center of attention after a period of lower trading activity in the third largest coin. XRP moved below short-term support, triggering a short-term sell signal […]

The post Crypto Update: Ripple Breaks Support as Market Ticks Lower appeared first on Hacked: Hacking Finance.

BTC/USD Little Changed as SEC Re-Opens Review of Nine Bitcoin ETF Applications

Bitcoin’s price was little changed heading into the weekend, as volatility fell to fresh yearly lows after the U.S. Securities and Exchange Commission (SEC) set forth a timeline for reviewing nine previously rejected ETF proposals. Although the two events – bitcoin’s declining volatility and the SEC timeline – are not directly related, the review period […]

The post BTC/USD Little Changed as SEC Re-Opens Review of Nine Bitcoin ETF Applications appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bancor

The Bancor/Bitcoin (BNT/BTC) pair dropped to as low as 0.00017359 on September 12, 2018. At that price, the market lost over 84% of its value from this year’s high of 0.00110062. It looked as if the pair had more room to plummet. This is because bears managed to breach historic support of 0.000185. However, bulls […]

The post Trade Recommendation: Bancor appeared first on Hacked: Hacking Finance.

Trade Recommendation: POA Network

The POA Network/Bitcoin pair (POA/BTC) came off lows of 0.00000818 on September 12, 2018. At that price, the market was down by over 95% from the 2018 peak of 0.000176. This makes POA/BTC one of the worst performing crypto pairs this year. With no known support at that low price point, the market appeared to […]

The post Trade Recommendation: POA Network appeared first on Hacked: Hacking Finance.

Crypto Markets in Search of Direction as Wall Streets Calls Bitcoin’s Bottom

Digital currencies were little changed on Friday, as a lack of trading catalysts kept market participants on the sidelines indefinitely. However, a new survey from Fundstrat Global Advisors suggests that the worst of bitcoin’s epic price collapse may have already passed. Market Update The cryptocurrency market capitalization hovered between $217 billion and $220 billion on […]

The post Crypto Markets in Search of Direction as Wall Streets Calls Bitcoin’s Bottom appeared first on Hacked: Hacking Finance.

Trade Recommendation: Theta Token

The Theta Token/Bitcoin pair (THETA/BTC) breached resistance of 0.00001275 on August 24, 2018. This triggered the breakout from the large falling wedge on the daily chart. The price action attracted breakout players who helped inspire a rally to as high as 0.00001799 on the same day. However, THETA/BTC corrected immediately after the breakout. It even […]

The post Trade Recommendation: Theta Token appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Turn Lower Again as Trading Ranges Remain Intact

The major cryptocurrencies are still trading with low volumes and low volatility across the board, with now even the recently active Ripple settling down within its triangle consolidation pattern. The total value of the market is virtually unchanged compared to the previous weekend, hovering around the $220 billion level. Yesterday’s bounce quickly lost momentum, and […]

The post Crypto Update: Coins Turn Lower Again as Trading Ranges Remain Intact appeared first on Hacked: Hacking Finance.

Bitcoin Price In Tight Range; Quiet Period Is Nothing New

Bitcoin (BTC) has traded within a tight 3% range for the past seven days, never rising higher than $6,680 and never falling lower than $6,455. The previous month’s numbers tell a similar tale, with BTC trading within an 8% range since September 6th. Volatility makes for good headlines and draws a lot of eyes to […]

The post Bitcoin Price In Tight Range; Quiet Period Is Nothing New appeared first on Hacked: Hacking Finance.

Litecoin Price Analysis: Big Optimism Boost Following Litecoin Futures Update

The Litecoin (LTC) price is looking to close in the green, after six consecutive sessions of losses. New regulated cryptocurrency exchange, ErisX, may soon launch Litecoin futures and others. Positive Litecoin Development TD Ameritrade, a brokerage firm based in the U.S., have launched a new regulated cryptocurrency exchange, ErisX. This will facilitate spot and futures […]

The post Litecoin Price Analysis: Big Optimism Boost Following Litecoin Futures Update appeared first on Hacked: Hacking Finance.

Hackers exploit Bitcoin bug to print 235 million Pigeoncoins

By Uzair Amir

It has been confirmed by the Pigeoncoin developers that a recently discovered bug in Bitcoin’s code has now been exploited to print approx. 235m Pigeoncoins ($15,458). It must be noted that Pigeoncoin is a newly launched and somewhat lesser known digital currency. The reason the extraordinary feat was successfully pulled off by the hacker(s) is […]

This is a post from HackRead.com Read the original post: Hackers exploit Bitcoin bug to print 235 million Pigeoncoins

Trade Recommendation: ChainLink

The ChainLink/Bitcoin pair (LINK/BTC) is one of those rare altcoins that’s in the green. The market is up by 11% year-to-date. It may not sound like much but this is actually positive news to LINK/BTC investors. The market appeared to have weathered the storm. Actually, it looks ready to make a bold statement. Technical analysis […]

The post Trade Recommendation: ChainLink appeared first on Hacked: Hacking Finance.

Criminals Holding Hijacked Instagram Influencers’ Accounts for Ransom

Criminals are hijacking Instagram influencers’ accounts and demanding that victims pay a ransom in bitcoin to regain access. Kevin Kreider, a Los Angeles-based Instagrammer who’s known for his following around fitness-related topics, told Motherboard that extortionists first targeted him when someone named Lana reached out with a fake business opportunity. Posing as a press relations […]… Read More

The post Criminals Holding Hijacked Instagram Influencers’ Accounts for Ransom appeared first on The State of Security.

Bitcoin Price Regains $6,600 as Volatility Hits New Yearly Low

Bitcoin’s price swung higher on Thursday, though upside momentum appears to be limited by weak underlying momentum. That being said, a key indicator of bitcoin’s volatility declined this week to its lowest level since May 2017, signaling renewed calm in the market. BTC/USD Update Bitcoin’s value reached an intraday high of $6,648.80 on Bitfinex. BTC […]

The post Bitcoin Price Regains $6,600 as Volatility Hits New Yearly Low appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Rebound but Selling Pressure Persists

The cryptocurrency market is experiencing a relief rally today after several days of dominantly bearish price action in the majors. The rebound left the short-term technical setup unchanged, and yesterday’s downgrades in our trend model are in place. Most of the top coins are trading in or near the trading ranges that developed last week, […]

The post Crypto Update: Coins Rebound but Selling Pressure Persists appeared first on Hacked: Hacking Finance.

Crypto Update: TRON/Bitcoin Looks Ready to Make a Splash

The TRON/Bitcoin pair (TRX/BTC) may be down by over 80% from the 2018 high of 0.00002047. If you’ve been following our crypto updates, you would have known by now that such heavy losses can be the catalyst of a trend reversal. This actually makes sense from the perspective of a whale. You force or wait […]

The post Crypto Update: TRON/Bitcoin Looks Ready to Make a Splash appeared first on Hacked: Hacking Finance.

Crypto Market Development: South Korea’s National Policy Committee Chair Calls For ICO Legalization

A member of South Korea’s governing Democratic party and the chairman of Korea’s National Policy Committee, Min Byung-Doo, is urging to ease the current regulations on Initial Coin Offerings (ICOs). Min Byung-Doo wants to introduce necessary regulatory framework, allowing ICOs in the country. Allow ICOs In South Korea The South Korean National Policy Committee Chief, […]

The post Crypto Market Development: South Korea’s National Policy Committee Chair Calls For ICO Legalization appeared first on Hacked: Hacking Finance.

Hackers are holding Instagram accounts of influencers for ransom

By Waqas

The social media giant Facebook was hacked a few days ago after hackers exploited a vulnerability in its “View As” feature. As a result, 90 million users were affected but now, in another hacking spree hackers are targeting high-profile Instagram accounts and holding them for ransom – In some cases, hackers have gone one step further by […]

This is a post from HackRead.com Read the original post: Hackers are holding Instagram accounts of influencers for ransom

Bitcoin’s Tenth Birthday Marred by Manipulation

A lot can be said of bitcoin’s first decade. From the pages of an obscure whitepaper penned by an anonymous author to the forefront of digital innovation, bitcoin has revolutionized our conception of value. The nascent market has also attracted some unscrupulous actors who have played a major role in manipulating prices. Whales, stablecoins and […]

The post Bitcoin’s Tenth Birthday Marred by Manipulation appeared first on Hacked: Hacking Finance.

Will Bitcoin Rally To $20,000 Before The End Of 2018?

This time last year Bitcoin was just getting into the swing of its chunky 2017 bull run. The week commencing 25th September 2017, until the week commencing 11th December, Bitcoin gained around 445%. Bitcoin Rally 2017 Looking back at 2017, Bitcoin investors enjoyed a huge rally to the upside, towards the end of the year. […]

The post Will Bitcoin Rally To $20,000 Before The End Of 2018? appeared first on Hacked: Hacking Finance.

Crypto Update: Technical Outlook Deteriorates as Selloff Continues

While the major coins are slightly off their lows before the start of the US session, the cryptocurrency segment is having a clearly bearish day so far. Several coins triggered downgrades in our trend model in the past 24 hours, falling below key support levels and trendlines. Most of the top coins are only modestly […]

The post Crypto Update: Technical Outlook Deteriorates as Selloff Continues appeared first on Hacked: Hacking Finance.

Trade Recommendation: Komodo

The Komodo/Bitcoin pair (KMD/BTC) bounced off lows of 0.0001435 on September 12, 2018. At that price, the market shed over 88% from the 2018 high of 0.0012598. But just like many altcoins that we’ve recently covered, KMD/BTC started to show signs of stability as soon as it touched a key support area. This is one […]

The post Trade Recommendation: Komodo appeared first on Hacked: Hacking Finance.

Fortnite gamers targeted by data theft malware

The new season of the incredibly popular video game Fortnite is upon us, and so too are the scams. It’s no surprise that con artists would jump on this bandwagon, eager to peddle their fakeouts.

Only this time, scammers had something a little more dangerous in mind than your typical low-level surveys and downloads that never actually materialize. Among all the gluttony of scams there hid a malicious file ready to steal data and Bitcoin, for starters.

How did we find it? First, we sifted through a sizable mish-mash of free season six passes, supposedly “free” Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of “free V-Bucks” used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.

Here’s the current state of YouTube, for example:

fortnite search results

Click to enlarge

These videos can drive huge numbers: Here’s one that’s been pulled down, but managed to rack up 120,000 views before the hammer fell:

120k views

Click to enlarge

Almost all of the scam tomfoolery followed the typical survey route, as expected. But buried in all of this was a nasty little slice of data theft malware disguised as a cheat tool.

Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cybercriminals before. In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of clickthroughs and (eventually) some malware as a parting gift. Shall we take a look?

Setting the scene

The YouTube account offering this scam up has a little over 700 subscribers, and the video in question already had more than 2,200 views the day after being uploaded.

fortnite aimbot video

Click to enlarge

Clicking the link sends potential victims to a page on Sub2Unlock. This site differs from typical survey pages, where you’d normally click offers or fill in questions to obtain a theoretical reward. Instead, it asks you to hit subscribe on the social portal of the person sending you there in the first place. So there’s one difference, right off the bat.

sub to unlock

Click to enlarge

Another interesting difference is that any initial survey page requires you to physically complete a survey before progressing. Without doing this, you can’t gain access to a download link.

Here, we had no validation taking place during our testing. Clicking the subscribe button simply opened up the YouTube channel’s subscribe page but nothing checked to ensure we’d actually subscribed. All we had to do at this point was go back to the Sub2Unlock site and click the download button.

From here, gamers are whisked away to a site located at

bt-fortnite-cheats(dot)tk

fortnite cheat site

Click to enlarge

This site is a fairly good-looking portal claiming to offer up the desired cheat tools, and it stands a fair chance of convincing youngsters of its legitimacy. A little bit more button clicking, and potential victims are taken to a more general download site containing what appears to be an awful lot of files alongside a wide range of adverts.

fortnite malware download link

Click to enlarge

As far as the malicious file in question goes, at time of writing, 1,207 downloads had taken place. That’s 1,207 downloads too many.

File information

Malwarebytes detects this file as Trojan.Malpack, a generic detection given to files packed suspiciously. The actual payload could be anything at all, but it will invariably be up to no good. In this case, a little digging showed us the payload is a data stealer.

Once the initial .EXE (which weighs in at just 168KB) runs on the target system, it performs some basic enumeration on details specific to the infected computer. It then attempts to send data via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169.

Some of the most notable things it takes an interest in are browser session information, cookies, Bitcoin wallets, and also Steam sessions.

a grab bag

Click to enlarge

Bizarrely, it also wrote this to our test system:

radio stations

Click to enlarge

…Grateful Dead, anyone?

The IP address up above has been seen many times in relation to similarly named/themed files.

Lots of the files contained in this download are packed in entirely different ways. One of them has a process called “Stealer.exe.” Many more post the stolen information to /gate.php instead of index.php, which is a common sign of Zbot and a few others.

While this particular file probably isn’t that new, it’s still going to do a fair bit of damage to anyone that runs in. Combining it with the current fever for new Fortnite content is a recipe for stolen data and a lot of cleanup required afterward.

As a final note, we should mention the readme file accompanying the stealer advertises being able to purchase additional Fortnite cheats for “$80 Bitcoin.”

read me

Click to enlarge

Given how things up above panned out, we’d advise anyone tempted to cheat to steer well clear of this one. Winning is great, but it’s absolutely not worth risking a huge slice of personal information to get the job done.

The post Fortnite gamers targeted by data theft malware appeared first on Malwarebytes Labs.

Crypto Update: Coins Drift Lower but Key Support Levels Hold

The major cryptocurrencies are sporting small losses today in European trading, with still Ripple being the most volatile from a short-term perspective. In general, the market is very calm, with most of the top digital currencies being stuck in the ranges that developed during the weekend. The volatility compression will likely lead to a larger […]

The post Crypto Update: Coins Drift Lower but Key Support Levels Hold appeared first on Hacked: Hacking Finance.

Bitcoin Resumes Lateral Trading as Lightning Network Gets New Use Case

Bitcoin continued to trade in a narrow range on Tuesday, reflecting the overall mood of the market following a weekend consolidation. On a fundamental note, a recent breakthrough in Lightning Network capability is generating renewed optimism over bitcoin adoption in commercial and consumer circles. BTC/USD Update Bitcoin showed little upside on Tuesday, as prices hovered within […]

The post Bitcoin Resumes Lateral Trading as Lightning Network Gets New Use Case appeared first on Hacked: Hacking Finance.

Crypto Isn’t As Risky As It Used To Be, But Regulators Could Still Do More

During the summer, an agent at the US’s Drug Enforcement Administration, Lilita Infante, said the ratio of legal to illegal activity in bitcoin has inverted. Talking to Bloomberg, she said illegal

The post Crypto Isn’t As Risky As It Used To Be, But Regulators Could Still Do More appeared first on The Cyber Security Place.

Encrypgen Offers A Low Risk, High Reward Opportunity

Since the start of the year, crypto valuations have been collapsing faster than Kevin Spacey’s career.  For investors who entered the market a few years ago, it’s been painful but not deadly.  For those who entered the market at or near the highs, this bear market may have turned them off of crypto for a […]

The post Encrypgen Offers A Low Risk, High Reward Opportunity appeared first on Hacked: Hacking Finance.

Crypto Update: Laggard Altcoins Play Catch Up

In September 2018, many altcoins started to break out of their bearish patterns to signal the beginning of the end of the altcoin apocalypse. Pairs such as Ripple/Bitcoin (XRP/BTC), Doge/Bitcoin (DOGE/BTC), and Monero/Bitcoin (XMR/BTC) led the way. These markets doubled or tripled their value from the bottom in a matter of days. Eventually, other altcoin […]

The post Crypto Update: Laggard Altcoins Play Catch Up appeared first on Hacked: Hacking Finance.

Bitcoin Price Searches for New Catalysts After Modest Q3 Gains

Bitcoin’s trading range further narrowed on Monday, as markets awaited fresh catalysts following a rocky third quarter. BTC/USD Update The BTC/USD exchange trade fluctuated within a $65 band on Bitfinex Monday and was last seen trading at $6,618. Prices were little changed compared with the previous session. Trading volumes in BTC amounted to $4 billion […]

The post Bitcoin Price Searches for New Catalysts After Modest Q3 Gains appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Flatline, Major Move Ahead?

The cryptocurrency segment has been very quiet during the weekend with most of the major coin trading in progressively narrowing ranges with very low volumes. The total value of the market settled down near $220 billion, with only Ripple experiencing meaningful moves, hovering around the $24 billion market cap of Ethereum. The short-term picture remains […]

The post Crypto Update: Coins Flatline, Major Move Ahead? appeared first on Hacked: Hacking Finance.

Stasis For Bitcoin and Alts; New Foundations or Calm Before the Storm?

The cryptocurrency market has ended the weekend in a state of relative stability. Bitcoin and the majority of major altcoins ended Sunday in much the same manner as they started, and now move into October with the possibility of having found some new foundations. Done With Yearly Lows? Bitcoin’s yearly low of $5,984 on August […]

The post Stasis For Bitcoin and Alts; New Foundations or Calm Before the Storm? appeared first on Hacked: Hacking Finance.

Crypto Market Update: Japan’s Self-Regulatory Group (JVCEA) Readying Tighter Rules on Digital Assets

A group of cryptocurrency exchange operators in Japan is readying to tighten up measures following recent cyber breach. Action follows reported hack earlier in the month; cryptocurrency exchange Zaif lost an estimated $59.67 million. Self-Regulatory Group Set To Tighten Rules The Japan Virtual Currency Exchange Association (JVCEA) is exploring new rules to safeguard against cyber […]

The post Crypto Market Update: Japan’s Self-Regulatory Group (JVCEA) Readying Tighter Rules on Digital Assets appeared first on Hacked: Hacking Finance.

Trade Recommendation: Verge

The Verge/Bitcoin (XVG/BTC) pair came off lows of 0.00000165 on August 14, 2018. At this price, the pair has lost over 90% of its value from the 2018 high of 0.0000171. Like many altcoin pairs, however, XVG/BTC started to show signs of life just as the situation looked hopeless. The market climbed to as high […]

The post Trade Recommendation: Verge appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Drift Higher as Ripple Hits $0.60 Again

The major cryptocurrencies continued the relatively quiet weekend so far today, with only Ripple’s rally making headlines in the segment. Trading volumes are low, as is volatility, and most of the top coins are stuck in very narrow short-term ranges. The mixed short-term and bearish long-term outlook is intact, but Ripple’s strength led to an […]

The post Crypto Update: Coins Drift Higher as Ripple Hits $0.60 Again appeared first on Hacked: Hacking Finance.

Bitcoin Price Stabilizes Above $6,600; Bullish Bias Still Intact

Bitcoin held within a narrow range on Sunday, as markets eyed a bigger recovery following last week’s bullish crossover. The largest digital currency by market capitalization is once again showing signs of stability, which is a positive sign for long-term holders. BTC/USD Update Bitcoin’s price reached a high of $6,662.80 on Bitfinex Sunday, as calm […]

The post Bitcoin Price Stabilizes Above $6,600; Bullish Bias Still Intact appeared first on Hacked: Hacking Finance.

Crypto Update: Ripple Attempts Another Rally as Market Remains Stable

The cryptocurrency segment settled down today after the selloff in the second half of the session yesterday. Ripple is the most active among the majors, spiking higher in early trading, and while most of the top coins are also off their lows, yesterday’s highs are clearly above the current price levels in most cases. With […]

The post Crypto Update: Ripple Attempts Another Rally as Market Remains Stable appeared first on Hacked: Hacking Finance.

Trade Recommendation: DigixDAO

The DigixDAO/Bitcoin pair (DGD/BTC) came off lows of 0.005045 on September 12, 2018. At this price, the market was down by over 93% from the 2018 high of 0.081. This puts DGD/BTC on the list of the worst altcoin performers in 2018. While it is tempting to write off DGD/BTC, the reality is that the […]

The post Trade Recommendation: DigixDAO appeared first on Hacked: Hacking Finance.

Trade Recommendation: Lisk

Our August 16, 2018 trade recommendation for Lisk/Bitcoin (LSK/BTC) achieved its target on August 23 when the pair climbed to as high as 0.00078168. Those who followed the recommendation grew their investments by over 60% in seven days. Though the market overshot our target, we were confident that LSK/BTC would significantly correct once the breakout […]

The post Trade Recommendation: Lisk appeared first on Hacked: Hacking Finance.

Bitcoin Price Eyes Breakaway, According to RIG Trend Lines

Bitcoin’s price targeted new weekly highs on Friday after a Bloomberg report suggested significant upside is on the horizon. The price bump followed an extended period of broadly consistent trading ranges for the digital currency. BTC/USD Update The bitcoin price broke out of a narrow trading range on Friday, reaching a high of $6,826.40 on […]

The post Bitcoin Price Eyes Breakaway, According to RIG Trend Lines appeared first on Hacked: Hacking Finance.

Crypto Update: Litecoin Hits $64 Resistance Level After Triggering Buy Signal

The cryptocurrency segment continued to lean bullish for the second day in a row, despite the late-session pullback yesterday, with today, Litecoin and Bitcoin Cash leading the rally.  On the other hand, the top 3 coins have been quiet today, with Ethereum and Bitcoin both failing to rally, and with Ripple getting stick below resistance, […]

The post Crypto Update: Litecoin Hits $64 Resistance Level After Triggering Buy Signal appeared first on Hacked: Hacking Finance.

11 million personal unprotected MongoDB records leaked online

By Uzair Amir

Another day, another trove of sensitive data exposed online. This time, a MongoDB database containing a whopping 43.5GB of the dataset used in marketing campaigns has been left exposed for public access. The data was discovered by Bob Diachenko, an independent security researcher who noted that the database was available on an unprotected MongoDB hosted on Grupo-SMS hosting and […]

This is a post from HackRead.com Read the original post: 11 million personal unprotected MongoDB records leaked online

Bitcoin Price Struggles to Overcome Key Resistance

Bitcoin’s price consolidated in a narrow range on Thursday, signaling a return to low-volatility trading for the world’s largest crypto. However, a failure to overcome a key technical resistance during Wednesday’s rally suggests that bearish bias continues to dictate market trends. BTC/USD Update The value of bitcoin reached a session low of $6,346.70 on Bitfinex […]

The post Bitcoin Price Struggles to Overcome Key Resistance appeared first on Hacked: Hacking Finance.

Crypto Update: Ripple Surges Again But Remains Weak

The cryptocurrency segment had a mostly bullish Fed-Day, with last week’s star, with Ripple experiencing a strong rebound after the correction of the past few days.  Although most of the majors spent the day in the green, their gains are dwarfed by the more than 20% rise in the price XRP, with the closely correlated […]

The post Crypto Update: Ripple Surges Again But Remains Weak appeared first on Hacked: Hacking Finance.

Bitcoin Price Claws Back Toward $6,500 Ahead of Futures Expiry

Bitcoin’s price pivoted higher on Wednesday, as calm returned to the market following a rocky start to the week. Although the bulls aren’t out of the woods yet, the quick recovery supports the view that BTC has established a firm price floor. BTC/USD Update Bitcoin’s price notched highs of $6,538.20 on Bitfinex and was last […]

The post Bitcoin Price Claws Back Toward $6,500 Ahead of Futures Expiry appeared first on Hacked: Hacking Finance.

Trade Recommendation: IOST

The IOST/Bitcoin (IOST/BTC) pair came off lows of 0.00000163 on September 12, 2018. At this price level, the market lost over 99% of its value from the 2018 high of 0.00023205, which was the opening price on January 24. This type of loss is unthinkable. If you’re an everyday investor, this is an asset that […]

The post Trade Recommendation: IOST appeared first on Hacked: Hacking Finance.

Is Bitcoin Really Un-Tethered? Yes, Says University Researcher

The debate surrounding Tether’s (USDT) effect on the price of Bitcoin has been around since the start of the year when Tether Limited was subpoenaed by the U.S Commodity Futures Trading Commision. A short while later this anonymous report was published which claimed USDT was being printed willy-nilly and that it was subsequently manipulating the […]

The post Is Bitcoin Really Un-Tethered? Yes, Says University Researcher appeared first on Hacked: Hacking Finance.

Long-Term Cryptocurrency Analysis: Bearish Trend Intact Despite Explosive Rally Attempts

The negative trend in the cryptocurrency segment continues to be dominant, with almost all of the top coins trading below the structural support levels that were broken during the summer months. Bitcoin is still above the $5850 level, the last base support before last winter’s explosive speculative event, but Ethereum, Ripple, Litecoin, and the other […]

The post Long-Term Cryptocurrency Analysis: Bearish Trend Intact Despite Explosive Rally Attempts appeared first on Hacked: Hacking Finance.

Bitcoin’s Notorious Whale Confirms Fire-Sale

Bitcoin’s notorious ‘Tokyo Whale’ offloaded hundreds of millions worth of BTC over a three-month period, highlighting once again the impact of fat hands on a nascent market. The liquidation period was between Mar. 7 and June 22 – a three-and-a-half-month stretch with a peak-to-trough of roughly $9,900-$5,755 for the bitcoin price. Tokyo Whale On behalf […]

The post Bitcoin’s Notorious Whale Confirms Fire-Sale appeared first on Hacked: Hacking Finance.

Bitcoin Core Team fixes a critical DDoS flaw in wallet software

Bitcoin Core Software fixed a critical DDoS attack vulnerability in the Bitcoin Core wallet software tracked as CVE-2018-17144.

The Bitcoin Core team urges miners to update client software with the latest Bitcoin Core 0.16.3 version as soon as possible.

“A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible,” states the security advisory.

The flaw affected the Bitcoin Core wallet software and could have been exploited by attackers to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2.

The CVE-2018-17144 vulnerability is critical because by coordinating an attack through the Bitcoin miners it was possible to bring down the entire blockchain either by overflooding the block with duplicate transactions, resulting in blockage of transaction confirmation from other people or by flooding the nodes of the Bitcoin P2P network and saturating the bandwidth.

The bug seems to have been introduced in March 2017, but no one apparently has exploited the flaw in live attacks.

The flaw potentially affects all recent versions of the BTC system, but anyway, experts pointed out that a coordinated Distributed Denial of Service (DDoS) attack against Bitcoin blockchain is very expensive.

It has been estimated that a successful DDoS attack on the BTC network would cost miners 12.5 bitcoins ($80,000).

Bitcoin Core

According to the change log of the latest version, the Bitcoin Core team also patched minor issues related to RPC and other APIs, to invalid error flags, to the consensus and documentation.

“If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer (on Windows) or just copy over `/Applications/Bitcoin-Qt` (on Mac) or `bitcoind`/`bitcoin-qt` (on Linux).” continues the note.

“The first time you run version 0.15.0 or newer, your chainstate database will be converted to a new format, which will take anywhere from a few minutes to half an hour, depending on the speed of your machine.”

Pierluigi Paganini

(Security Affairs – Bitcoin Core, DDoS)

The post Bitcoin Core Team fixes a critical DDoS flaw in wallet software appeared first on Security Affairs.

Exploring the Korean Bitcoin “Kimchi Premium”

If you have been trading Bitcoin for over a year, you will no doubt have heard of a weird market phenomenon called the “Kimchi premium”. This is essentially the premium that Korean traders will pay over the international price of Bitcoin. More specifically, it is the difference between the USD equivalent of the KRW price […]

The post Exploring the Korean Bitcoin “Kimchi Premium” appeared first on Hacked: Hacking Finance.

Trade Recommendation: NEM

The NEM/Bitcoin pair (XEM/BTC) came off lows of 0.00001257 on September 12, 2018. At that price level, the XEM/BTC pair was down by over 90% from the 2018 high of 0.000137. To add insult to injury, many altcoins have already managed to reverse their trend yet the pair is still correcting. Thus, NEM/Bitcoin appears to […]

The post Trade Recommendation: NEM appeared first on Hacked: Hacking Finance.

Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability

The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain. The DDoS vulnerability, identified as CVE-2018-17144, has been found in the Bitcoin Core wallet software, which could potentially be exploited by

Crypto Update: Ripple Leads Selloff After Weekend Consolidation

Sellers are back in full force in the cryptocurrency segment as Ripple retraced a large chunk of last week’s surge Monday in late trading. The coin dragged the whole market lower, with Bitcoin, Ethereum, and all of the major altcoins registering significant losses. The 5-10% decline and the almost 20% plunge of XRP hurt the […]

The post Crypto Update: Ripple Leads Selloff After Weekend Consolidation appeared first on Hacked: Hacking Finance.

BlockState Interview Part One: Institutional Investment Framework Story

The mainstream media narrative has shown an uncompromisingly negative bias towards institutional crypto investment of late and it only seemed fair that we got in touch with some people who have professional expertise in the field. BlockState is a platform that aims to deliver a modular blockchain-based legal and technological infrastructure for financial institutions which […]

The post BlockState Interview Part One: Institutional Investment Framework Story appeared first on Hacked: Hacking Finance.

Crypto Exchanges: Looking For Guaranteed Results

The word guaranteed is never to be used anywhere investment advice is offered.  So please think of my use of the term as just one person’s opinion. But after doing some weekend reading, I think there should be a way to achieve extraordinary gains that are virtually assured for a very long time. Back in […]

The post Crypto Exchanges: Looking For Guaranteed Results appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bitcoin

On our August 18, 2018 trade recommendation, we notified our readers to sell as soon as Bitcoin (BTC/USD) hit $7,400. The target was hit on September 4 when the market went as high as $7402.50. We hope you were able to sell close to the target because BTC immediately corrected after it hit the resistance. […]

The post Trade Recommendation: Bitcoin appeared first on Hacked: Hacking Finance.

Selling Pressure Hits Bitcoin, Altcoins Following Large Rally

Cryptocurrencies declined across the board on Monday, as the market returned to a defensive posture following a $38 billion inflow over the past six days. Losses affected all major assets but were largely concentrated in altcoins and tokens. Market Update From a peak of around $230 billion on Friday, the cryptocurrency market cap has fallen […]

The post Selling Pressure Hits Bitcoin, Altcoins Following Large Rally appeared first on Hacked: Hacking Finance.

Trade Recommendation: Stellar

We’ve been tracking the Stellar/Bitcoin (XLM/BTC) pair for some time now and for good reason. The pair has been retracing after generating a high of 0.00006789 on January 3, 2018. That means for about nine months, the pair has been trading bearishly. However, recent price action finally enabled XLM/BTC to leave bear country. Technical analysis […]

The post Trade Recommendation: Stellar appeared first on Hacked: Hacking Finance.

Bitcoin Network Faced One-Two Punch of Inflation and DoS Threats

Bitcoin Core has emerged seemingly unscathed from a major vulnerability that threatened to shut down parts of the network in a denial-of-service (DoS) attack. But apparently, the bug was even worse than originally thought. According to a Bitcoin Core Full Disclosure Report, the issue included an “inflation vulnerability,” one in which if seized upon could […]

The post Bitcoin Network Faced One-Two Punch of Inflation and DoS Threats appeared first on Hacked: Hacking Finance.

Bitcoin Core Bug Could Crash The Entire Bitcoin Network

Nobody knew that the currency of the future was on the verge of collapse until the developers patched a critical

Bitcoin Core Bug Could Crash The Entire Bitcoin Network on Latest Hacking News.

Bitcoin Price Crosses 50-Day MA amid Seller’s Fatigue

Bitcoin is charting a bullish reversal after an impressive Friday rally pushed prices back above the 50-day moving average. BTC/USD Update Bitcoin’s price clocked a high of $6,840.90 on Bitfinex Saturday, the highest in over two weeks. BTC was last seen trading at $6,678, having declined 1.2% from the previous session. The leading digital currency […]

The post Bitcoin Price Crosses 50-Day MA amid Seller’s Fatigue appeared first on Hacked: Hacking Finance.

Trade Recommendation: ICON

The ICON/Bitcoin (ICX/BTC) pair breached resistance of 0.00009 on August 17, 2018. This enabled the pair to break out from the large falling wedge pattern on the daily chart. The price action attracted breakout players who helped push the market to as high as 0.0001458 on August 27. At that point, the market started to […]

The post Trade Recommendation: ICON appeared first on Hacked: Hacking Finance.

Trade Recommendation: Ontology

The Ontology/Bitcoin (ONT/BTC) pair took out resistance of 0.00022 on August 16, 2018. The breach triggered the breakout from the large descending channel on the daily chart. The price action inspired a rally that saw ONT/BTC climb to as high as 0.0004357 on August 18. At that point, bottom pickers and breakout players took profits. […]

The post Trade Recommendation: Ontology appeared first on Hacked: Hacking Finance.

Crypto Update: Market Stabilizes as Ripple Craze Fades

The major cryptocurrencies had crazy Friday, with the skyrocketing Ripple in the center of attention. XRP more than doubled in 24 hours, and the coin was up 3 times off its low from earlier this month before entering a correction in the second half of the day. Ripple briefly took over Ethereum as the second […]

The post Crypto Update: Market Stabilizes as Ripple Craze Fades appeared first on Hacked: Hacking Finance.

Hackers steal $60 million from Japan’s Zaif cryptocurrency exchange

By Waqas

Zaif is the 35th largest cryptocurrency exchange by turnover. Hackers have stolen a whopping $60 million (6.7 billion yen) worth of cryptocurrency from Zaif, the 35th largest cryptocurrency exchange dealing in Bitcoin, Bitcoin Cash, and Monacoin. The exchange is owned by Tech Bureau, Corp. based in Nishi-Ku, Osaka, Japan. The hack attack took place on September 14th after hackers gained […]

This is a post from HackRead.com Read the original post: Hackers steal $60 million from Japan’s Zaif cryptocurrency exchange

ETFs: What Is The SEC  Really Thinking?

As a veteran Wall Street type, I was not surprised at Thursday’s SEC announcement on the VanEck-SolidX Bitcoin ETF.  Once again they gave a “no decision”. This pushes the deadline back to December 29, 2018. Don’t be surprised if New Year’s Eve comes and goes and nothing happens before the SEC is forced into a […]

The post ETFs: What Is The SEC  Really Thinking? appeared first on Hacked: Hacking Finance.

Bitcoin Shrugs Off SEC’s Delay of VanEck/SolidX ETF

The U.S. Securities and Exchange Commission (SEC) has issued an order to launch proceedings on whether or not to approve the widely anticipated VanEck/SolidX bitcoin ETF on the CBOE. The announcement comes just days before what was supposed to be a Sept. 30 deadline for the Wall Street regulator to make a call on a proposed […]

The post Bitcoin Shrugs Off SEC’s Delay of VanEck/SolidX ETF appeared first on Hacked: Hacking Finance.

Crypto Update: Surging Ripple Leads Strong Rally, Tops $0.50

The last 24 hours saw a much-awaited bullish shift in the cryptocurrency segment, as finally, the rally of a major triggered a broad and sustained move in the other top coins as well. Ripple surged by 50% after the initial rally of the bear market lows, and it really took off after yesterday’s buy signal […]

The post Crypto Update: Surging Ripple Leads Strong Rally, Tops $0.50 appeared first on Hacked: Hacking Finance.

Trade Recommendation: aelf

The aelf/Bitcoin (ELF/BTC) pair took out resistance of 0.000058 on September 1, 2018. The breach enabled the pair to breakout from the large falling wedge pattern on daily chart. Unfortunately for breakout buyers, ELF/BTC immediately retraced. It even went as low as 0.00004593 on September 12. Because of this price action, many would doubt the […]

The post Trade Recommendation: aelf appeared first on Hacked: Hacking Finance.

Security Affairs: Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Cybercriminals have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from the Japanese digital currency exchange Zaif exchange.

According to the Tech Bureau Corp., a Japanese cryptocurrency firm, hackers have compromised its Zaif exchange and have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies, including Bitcoin, Monacoin, and Bitcoin Cash.

The stole digital currencies included roughly 2.2 billion yen belonged to Tech Bureau and 4.5 billion belonged to its clients.

The hacked have taked the control of the exchange for a couple of hours on Sept. 14, and illegally transferred coins form the “hot wallet” of the exchange to wallets under their control.

“Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital currencies were stolen from its exchange, highlighting the industry’s vulnerability despite recent efforts by authorities to make it more secure.” reported the Reuters.

Three days later, operators at the exchange noticed server problems and publicly disclosed the hack on Sept. 18.

The Tech Bureau took offline the exchange and sold to Fisco Ltd the majority ownership for a 5 billion yen ($44.59 million) investment that would be used to replace the digital currencies stolen from client accounts.

“Documents seen by Reuters on Thursday showed Japan’s Financial Services Agency would conduct emergency checks on cryptocurrency exchange operators’ management of customer assets, following the theft. FSA officials were not immediately available for comment.” continues the Reuters.

This is the second hack suffered by a Japan’s crypto exchange this year, earlier January  Japan-based digital exchange Coincheck was hacked and crooks stole$530 million in digital coins.

Earlier this year, a problem at the Zaif exchange allowed some people to buy cryptocurrencies without paying.

Japan is considered a global leaked in cryptocurrency technologies, the Bitcoin could be used for payment in the country since April 2017 major retailers accept this kind of payments.

Experts believe that the cyber heist will affect the FSA’s ongoing regulatory review of the cryptocurrency industry.

Last year Japan became the first country to regulate cryptocurrency exchanges, they have to register with FSA and required reporting and other responsibilities.

Anyway, the incidents demonstrate that the level of security of exchanges has to be improved.

Pierluigi Paganini

(Security Affairs – Zaif exchange, hacking)

The post Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange appeared first on Security Affairs.



Security Affairs

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Cybercriminals have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from the Japanese digital currency exchange Zaif exchange.

According to the Tech Bureau Corp., a Japanese cryptocurrency firm, hackers have compromised its Zaif exchange and have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies, including Bitcoin, Monacoin, and Bitcoin Cash.

The stole digital currencies included roughly 2.2 billion yen belonged to Tech Bureau and 4.5 billion belonged to its clients.

The hacked have taked the control of the exchange for a couple of hours on Sept. 14, and illegally transferred coins form the “hot wallet” of the exchange to wallets under their control.

“Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital currencies were stolen from its exchange, highlighting the industry’s vulnerability despite recent efforts by authorities to make it more secure.” reported the Reuters.

Three days later, operators at the exchange noticed server problems and publicly disclosed the hack on Sept. 18.

The Tech Bureau took offline the exchange and sold to Fisco Ltd the majority ownership for a 5 billion yen ($44.59 million) investment that would be used to replace the digital currencies stolen from client accounts.

“Documents seen by Reuters on Thursday showed Japan’s Financial Services Agency would conduct emergency checks on cryptocurrency exchange operators’ management of customer assets, following the theft. FSA officials were not immediately available for comment.” continues the Reuters.

This is the second hack suffered by a Japan’s crypto exchange this year, earlier January  Japan-based digital exchange Coincheck was hacked and crooks stole$530 million in digital coins.

Earlier this year, a problem at the Zaif exchange allowed some people to buy cryptocurrencies without paying.

Japan is considered a global leaked in cryptocurrency technologies, the Bitcoin could be used for payment in the country since April 2017 major retailers accept this kind of payments.

Experts believe that the cyber heist will affect the FSA’s ongoing regulatory review of the cryptocurrency industry.

Last year Japan became the first country to regulate cryptocurrency exchanges, they have to register with FSA and required reporting and other responsibilities.

Anyway, the incidents demonstrate that the level of security of exchanges has to be improved.

Pierluigi Paganini

(Security Affairs – Zaif exchange, hacking)

The post Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange appeared first on Security Affairs.

Crippling DDoS Vulnerability Put the Entire Bitcoin Market At Risk

A major flaw was spotted in the Bitcoin network that could have allowed miners to bring down the entire blockchain by flooding full node operators with traffic, via a Distributed Denial-of-Service (DDoS) attack. "A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2." the patch notes state. "It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible." The Next Web reports: Developers have issued a patch for anyone running nodes, along with an appeal to update the software immediately. As far as the attack vector in question goes, there's a catch: anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it. The bug relates to its consensus code. It meant that some miners had the option to send transaction data twice, causing the Bitcoin network to crash when attempting to validate them. As such invalid blocks need to be mined anyway, only those willing to disregard block reward of 12.5BTC ($80,000) could actually do any real damage.

Read more of this story at Slashdot.

Mass WordPress compromises redirect to tech support scams

Content Management Systems (CMSes) such as WordPress, Drupal, or Joomla are under a constant barrage of fire. Earlier this year, we detailed several waves of attacks against Drupal, also known as Drupalgeddon, pushing browser-based miners and various social engineering threats.

During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked. One of the most visible client-side payloads we see are redirections to tech support scam pages. Digging deeper, we found that this is part of a series of attacks that have compromised thousands of WordPress sites since early September.

Multiple injections

The sites that are affected are running the WordPress CMS and often using outdated plugins. We were not able to figure out whether this campaign was made worse by the exploitation of a single vulnerability, although the recent RCE for the Duplicator plugin came to mind. Our friends over at Sucuri believe this is a combination of multiple vectors.

Threat actors inject vulnerable sites in different ways. For example, on the client-side we see one large encoded blurb, usually in the HTML headers tag, and a one liner pointing to an external JavaScript. Website owners are also reporting malicious code within the wp_posts table of their WordPress database.

The domain examhome[.]net had a recent whois change (2018-09-16) and interesting nameservers:

1a7ea920.bitcoin-dns[.]hosting
a8332f3a.bitcoin-dns[.]hosting
ad636824.bitcoin-dns[.]hosting
c358ea2d.bitcoin-dns[.]hosting

The redirection flow shows further use of encoding to load mp3menu[.]org with a whois updated on 2018-09-15 and the following nameservers:

a8332f3a.bitcoin-dns[.]hosting
ad636824.bitcoin-dns[.]hosting

That .TK URL pattern is well known and has been documented in detail as part of a large Traffic Distribution System (TDS) responsible for massive redirections to browlock pages. Note the custom mouse cursor (the “Evil cursor”), which we reported on recently, has yet to be patched.

Scope and mitigations

The number of WordPress sites that have been compromised is increasing in the last few days, suggesting that these are ongoing campaigns.

Website owners affected by these attacks will have to perform a thorough cleanup of injected pages, databases, and backdoors. More importantly, they will need to identify the root cause of the compromise, which often times is an outdated WordPress installation or plugin.

Malwarebytes users running our browser extension are protected against the tech support scam pages without any need for signature updates.

Indicators of compromise

137.74.150.112,examhome[.]net,Examhome Campaign (URI)
37.139.5.74,mp3menu[.]org,Examhome Campaign (URI)
23.163.0.39,ejyoklygase[.]tk,TK TSS Browlock (URI)

Injected blurb (partial):
String.fromCharCode(118, 97, 114, 32, 115, 111, 109

From Sucuri Labs:
ads.voipnewswire[.]net/ad.js
cdn.allyouwant[.]online/main.js?t=c

The post Mass WordPress compromises redirect to tech support scams appeared first on Malwarebytes Labs.

Crypto: Is Relative Value Investing Time Finally Here?

For at least the past six months you have been kind enough to listen while the topic of relative value in cryptocurrencies has repeated more than once.  Could it finally be happening? Things are certainly in place. It seems to show every time the price of Bitcoin or any of the altcoins suddenly spikes for […]

The post Crypto: Is Relative Value Investing Time Finally Here? appeared first on Hacked: Hacking Finance.

Time To Regulate Bitcoin, Says UK Treasury Committee Report

Bitcoin and other cryptocurrencies are "wild west" assets that expose investors to a litany of risks and are in urgent need of regulation, MPs on the Treasury select committee have said. From a report: The committee said in a report that consumers were left unprotected from an unregulated industry that aided money laundering, while the government and regulators "bumble along" and fail to take action. The Conservative MP Nicky Morgan, the chair of the committee, said the current situation was unsustainable. "Bitcoin and other crypto-assets exist in the wild west industry of crypto-assets. This unregulated industry leaves investors facing numerous risks," Morgan said. "Given the high price volatility, the hacking vulnerability of exchanges and the potential role in money laundering, the Treasury committee strongly believes that regulation should be introduced."

Read more of this story at Slashdot.

Trade Recommendation: Cardano

The Cardano/Bitcoin (ADA/BTC) pair started to show signs of weakness just as it registered its 2018 high of 0.00008788 on January 4. Unfortunately for buyers at the top, the market would go on a long bear run for the next nine months. ADA/BTC went so deep in bear territory that it lost almost 90% of […]

The post Trade Recommendation: Cardano appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Settle Down After End-Of-The-Day Bitcoin Madness

While the short-term technical setup has been little changed in the cryptocurrency segment in the past 24 hours, a volatile dump&pump period made headlines in Bitcoin. The most valuable coin got smashed lower right before the futures market close, violating the $6275 support and plunging as low as $6100, triggering a downgrade in our trend […]

The post Crypto Update: Coins Settle Down After End-Of-The-Day Bitcoin Madness appeared first on Hacked: Hacking Finance.

Zaif Cryptocurrency Exchange Suffers $60 Million Hack

Hackers were able to steal $60 million worth of company and user funds belonging to the Zaif Japanese cryptocurrency exchange. The breach occurred last week, but the company discovered the hack on Monday, September 17. An anonymous reader shares the report from ZDNet: Investigators are still gathering details, but Zaif said the hack took place on September 14, between 17:00 and 19:00 local time, when the attacker siphoned off three types of cryptocurrencies from the company's "hot wallets." [A "hot wallet" is a term used to describe a cryptocurrency addresses with light security measures where a cryptocurrency exchange keeps funds for immediate transactions, such as cryptocurrency-to-cryptocurrency or cryptocurrency-to-fiat (and vice versa) operations.] Zaif says the hacker stole Bitcoin, Bitcoin Cash, and MonaCoin from its hot wallet, all three worth 6.7 billion Japanese yen (roughly $59.67 million) when combined. Of the 6.7 billion stolen yen, 2.2 billion yen -- 32 percent -- were Zaif funds, while 4.5 billion yen were customer funds. Zaif plans to secure a 5 billion yen loan to pay back affected customers.

Read more of this story at Slashdot.

New Bitcoin Core Release Prevents Miner DoS Attack

The Bitcoin Core development team released an important update yesterday that patches a crucial security vulnerability. Bitcoin is usually known as the most hackproof and secure blockchain, which makes any vulnerability in the network incredibly newsworthy. Specifically, the patch addresses a potential opening for a denial of service attack within the Bitcoin Core wallet software. […]

The post New Bitcoin Core Release Prevents Miner DoS Attack appeared first on Hacked: Hacking Finance.

Crypto Update: Worst Seems to be Over for Stellar and Cardano

With so many cryptocurrency pairs losing as much as 90% of their value from this year’s high, it may seem that altcoins are deep in bear territory. Even if you’ve been following our bullish breakout series, the pullbacks in the last two few weeks would have made it easy for you to doubt our claims. […]

The post Crypto Update: Worst Seems to be Over for Stellar and Cardano appeared first on Hacked: Hacking Finance.

Trade Recommendation: Reddcoin

The Reddcoin/Bitcoin (RDD/BTC) pair is giving crypto enthusiasts something to be excited about. The pair took out resistance of 0.0000004 on August 27, 2018. The breach triggered the breakout from a falling wedge pattern. Breaking out from a falling wedge is something that you can observe in many altcoins. However, many of these altcoins significantly […]

The post Trade Recommendation: Reddcoin appeared first on Hacked: Hacking Finance.

Bitcoin’s Third Bear Market Showing Little Sign of Letting Up: Analyst

Despite several attempts to rationalize bitcoin’s yearlong downturn, the leading digital currency remains locked in a protracted bear market that is showing little signs of letting up, according to veteran analyst Willy Woo. Based on this view, there’s little evidence to suggest that a reversal is imminent. Bear Market Continues In a recent tweet, Woo […]

The post Bitcoin’s Third Bear Market Showing Little Sign of Letting Up: Analyst appeared first on Hacked: Hacking Finance.

Dark Web: US court seizes assets and properties of deceased AlphaBay operator

By Waqas

AlphaBay was one of the largest dark web marketplaces – In 2017, its admin Alexandre Cazes committed suicide in a Thai prison. The Fresno Division of the U.S. District Court for the Eastern District of California has finally concluded a 14-month long civil forfeiture case and allowed seizure of property and assets of a Canadian national Alexandre Cazes […]

This is a post from HackRead.com Read the original post: Dark Web: US court seizes assets and properties of deceased AlphaBay operator

Crypto Update: Market Remains Weak Despite Ripple’s Surge

Ripple made headlines today in the cryptocurrency segment, as the third largest coin jumped by more than 15% after trading in a narrow range for several days. Most of the major coins joined the rally, but the gains were muted and the technical setup remained unchanged in most cases, with the long-term outlook still being […]

The post Crypto Update: Market Remains Weak Despite Ripple’s Surge appeared first on Hacked: Hacking Finance.

Bitcoin, Ether and Ripple Up in the Air as SEC Delivers a Sobering Reminder

The U.S Securities and Exchange Commission just delivered a sobering reminder to the crypto community regarding the legal status of Bitcoin and Ethereum. SEC Director of the Division Corporation Finance William Hinman originally told a San Francisco conference in June that: “…based on my understanding of the present state of Ether, the Ethereum network and […]

The post Bitcoin, Ether and Ripple Up in the Air as SEC Delivers a Sobering Reminder appeared first on Hacked: Hacking Finance.

Linux & Windows hit with disk wiper, ransomware & cryptomining Xbash malware

By Waqas

Xbash is an “all in one” malware. Palo Alto Networks’ Unit 42 researchers have come to the conclusion that the notorious Xbash malware that has been attacking Linux and Windows servers is being operated by the Iron Group which is an infamous hacker collective previously involved in a number of cyber crimes involving the use […]

This is a post from HackRead.com Read the original post: Linux & Windows hit with disk wiper, ransomware & cryptomining Xbash malware

It Only Took 37 Seconds For Two Bitcoin ‘Celebs’ To Start Fighting on a Cruise Ship

An anonymous reader shares a report: The cruise ship wasn't big enough for the both of them. On September 10, somewhere in the Mediterranean, two well-known rivals -- Jimmy Song, a venture partner at Blockchain Capital LLC and Roger Keith Ver, an early investor in bitcoin-related startups and Bitcoin Cash evangelist -- in the cryptocurrency space stood awkwardly poolside. A crowd, sporting a mix of cryptocurrency-themed t-shirts and bikinis, lounged nearby on the ship's upper deck. One man, sweatpants sloshing in the water, steadied a tripod. The Bitcoin versus Bitcoin Cash debate was about to begin. It only took 37 seconds to spiral out of control. It was perhaps to be expected that the debate wouldn't go smoothly, but just how quickly it went off the rails surprised even those in attendance. Song, cowboy hat atop his head and microphone in hand, attempted to introduce the format of the event -- a "Lincoln-Douglas style debate" -- but was soon interrupted by Ver. Shouts of "no Roger" emanated from the crowd, as Ver told the audience to "calm down." It quickly spun out from there, with Song repeatedly telling Ver to "sit down" as Ver angled for the microphone. "Do you want to debate me or not," Song demanded. "OK then sit down," he repeated as he stood behind the podium. Bickering over whether or not Ver would get a one-minute introduction before the official start of the debate continued on, with Song addressing the crowd and Ver shouting at the top of his lungs. They heatedly yelled over each other as the crowd jeered. Three minutes had passed, and things were not going well. And then someone handed Ver a mic. You better believe Song wasn't having that, and so he stormed offstage saying he was "refusing to do the debate." Finally with the stage all to himself, Ver attempted to speak but was immediately shouted down by an angry, shirtless man yelling from the pool. And that's all just the first five minutes. The video is over 40 minutes long.

Read more of this story at Slashdot.

Crypto Update: Monday Selloff Drags Majors Lower

The cryptocurrency continues to show mixed short-term signs following last week’s Ethereum-led bounce, and the subsequent consolidation. Today, all of the majors sold off after the US open, triggering downgrades in our trend model, but the two largest coins, barely, retained their short-term buy signals, holding up above key support levels. Ethereum remained north of […]

The post Crypto Update: Monday Selloff Drags Majors Lower appeared first on Hacked: Hacking Finance.

Security Affairs: Greek authorities approved extradition of Russian hacker Alexander Vinnik to Russia

Greek authorities have approved the extradition of Russian Alexander Vinnik to Russia, Supreme Civil and Criminal Court of Greece overruled previous ones.

The Greek authorities have approved the extradition of Russian Alexander Vinnik to Russia, the decision has surprised the media because the man was expected to be extradited in the US or France as previously announces.

The decision of the Supreme Civil and Criminal Court of Greece has overruled previous ones that were taken by other Greek courts.

Russia, France, and the United States, where Vinnik is charged with different hacking crimes.

Greek Police have arrested the Russian national Alexander Vinnik (38) and they accuse the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency.

The police seized two laptops, two tablets, mobile phones, a router, a camera, and four credit cards.

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 million withdrawn.

According to the Greek media outlet the Daily Thess, the FBI tracked Alexander Vinnik for more than a year.

The man is charged by the US authorities with fraud and money laundering for more than $4 billion worth amount of Bitcoin (BTC) resulting from criminal activities, the US prosecutors requested his extradition in July 2017.

The Greek Supreme Court first opted out to extradite Vinnink to the US  to face with the charges with the operation of an unlicensed money service business, money laundering, conspiracy to commit money laundering, and engaging in unlawful monetary transactions.

Vinnik is also accused to be the responsible for the failure of the Japanese bitcoin exchange Mt. Gox.
Mt. Gox was the biggest Bitcoin exchange at the time of the shut down in 2014 that occurred after the platform was the victim of a series of cyber heists for a total of $375 million in Bitcoin.

The U.S. authorities speculate the Russian man stole funds from Mt. Gox, with the help of an insider. The stolen funds were transferred to a wallet managed by Vinnik and funds were laundered through his platform BTC-e-service during a three-year period.

In July 2018 there was a twist, a Greek lower court agreed to extradite Vinnik to France to face with charges with hacking, money laundering, extortion and involvement in organized crime.

The Russian Foreign Ministry criticized the ruling and said the country will look to a response.

“Several days after taking an unfriendly decision to expel Russian diplomats and to deny entry to several Russian citizens, they have adopted a decision to extradite Russian citizen Alexander Vinnik to France,” Russia’s Foreign Ministry wrote in a statement. “It is obvious that Russia cannot leave these actions unanswered.”

AlexanderVinnik

The Russian government officially asked the Greek government to extradite Vinnik to Russia, where he is facing around $10,000 worth of fraud charges, practically nothing compared the charges in the US and France.

Now, the decision of the Greek Supreme Court is disconcerting, Vinnik is going to be extradited to Russia.

The Supreme Court will analyze France’s request for extradition on September 19, but its decision could be overrun by the Greek Minister of Justice.

Pierluigi Paganini

(Security Affairs –  (Vinnik, BTC-e Bitcoin exchange)

The post Greek authorities approved extradition of Russian hacker Alexander Vinnik to Russia appeared first on Security Affairs.



Security Affairs

Greek authorities approved extradition of Russian hacker Alexander Vinnik to Russia

Greek authorities have approved the extradition of Russian Alexander Vinnik to Russia, Supreme Civil and Criminal Court of Greece overruled previous ones.

The Greek authorities have approved the extradition of Russian Alexander Vinnik to Russia, the decision has surprised the media because the man was expected to be extradited in the US or France as previously announces.

The decision of the Supreme Civil and Criminal Court of Greece has overruled previous ones that were taken by other Greek courts.

Russia, France, and the United States, where Vinnik is charged with different hacking crimes.

Greek Police have arrested the Russian national Alexander Vinnik (38) and they accuse the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency.

The police seized two laptops, two tablets, mobile phones, a router, a camera, and four credit cards.

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 million withdrawn.

According to the Greek media outlet the Daily Thess, the FBI tracked Alexander Vinnik for more than a year.

The man is charged by the US authorities with fraud and money laundering for more than $4 billion worth amount of Bitcoin (BTC) resulting from criminal activities, the US prosecutors requested his extradition in July 2017.

The Greek Supreme Court first opted out to extradite Vinnink to the US  to face with the charges with the operation of an unlicensed money service business, money laundering, conspiracy to commit money laundering, and engaging in unlawful monetary transactions.

Vinnik is also accused to be the responsible for the failure of the Japanese bitcoin exchange Mt. Gox.
Mt. Gox was the biggest Bitcoin exchange at the time of the shut down in 2014 that occurred after the platform was the victim of a series of cyber heists for a total of $375 million in Bitcoin.

The U.S. authorities speculate the Russian man stole funds from Mt. Gox, with the help of an insider. The stolen funds were transferred to a wallet managed by Vinnik and funds were laundered through his platform BTC-e-service during a three-year period.

In July 2018 there was a twist, a Greek lower court agreed to extradite Vinnik to France to face with charges with hacking, money laundering, extortion and involvement in organized crime.

The Russian Foreign Ministry criticized the ruling and said the country will look to a response.

“Several days after taking an unfriendly decision to expel Russian diplomats and to deny entry to several Russian citizens, they have adopted a decision to extradite Russian citizen Alexander Vinnik to France,” Russia’s Foreign Ministry wrote in a statement. “It is obvious that Russia cannot leave these actions unanswered.”

AlexanderVinnik

The Russian government officially asked the Greek government to extradite Vinnik to Russia, where he is facing around $10,000 worth of fraud charges, practically nothing compared the charges in the US and France.

Now, the decision of the Greek Supreme Court is disconcerting, Vinnik is going to be extradited to Russia.

The Supreme Court will analyze France’s request for extradition on September 19, but its decision could be overrun by the Greek Minister of Justice.

Pierluigi Paganini

(Security Affairs –  (Vinnik, BTC-e Bitcoin exchange)

The post Greek authorities approved extradition of Russian hacker Alexander Vinnik to Russia appeared first on Security Affairs.

Trade Recommendation: Status

The Status/Bitcoin (SNT/BTC) pair bounced off a low of 0.00000471 on September 12, 2018. At that price level, the market was down by almost 90% from the 2018 high of 0.00004406. With such a tremendous loss, investor confidence is most likely shattered at this point. However, one of the best times to invest in an […]

The post Trade Recommendation: Status appeared first on Hacked: Hacking Finance.

Bitcoin Price Stable Near $6,500; Path of Least Resistance Higher

Bitcoin’s price traded within a narrow range on Monday after failing to make new highs over the weekend, a sign that the bulls were dialing back their optimism of an imminent breakout. However, the technical charts suggest that slow and steady upside is the path of least resistance in the short term, barring any new […]

The post Bitcoin Price Stable Near $6,500; Path of Least Resistance Higher appeared first on Hacked: Hacking Finance.

Good Crypto News: What It All Means

It was another one of those weeks.  Crypto prices hit rock bottom around $186 billion. Goldman Sachs backs away from it plans to offer a crypto trading desk.  Vitalik Buterin tells Bloomberg how little he thinks of Ethereum. Technical analysts give us little hope for getting bullish anytime soon. But that was before The New […]

The post Good Crypto News: What It All Means appeared first on Hacked: Hacking Finance.

Trade Recommendation: Populous

The Populous/Bitcoin (PPT/BTC) pair took out resistance of 0.00056 on August 16, 2018. The breach triggered the breakout from the large falling wedge on the daily chart. The breakout looks valid because it was followed by a surge in volume and price. PPT/BTC managed to climb to as high as 0.00108 on August 17. Unfortunately, […]

The post Trade Recommendation: Populous appeared first on Hacked: Hacking Finance.

Bitcoin Could Have Smooth Sailing from Here, Technical Oscillator Suggests

While the Ethereum price is only beginning to show signs of recovery, the bitcoin price has managed to hold above key support in the wake of industry setbacks. When the bitcoin price jumped from $6,300 to $6,500 a few days ago, the whole market was watching, including Michael Novogratz, founder of Galaxy Digital.  He was […]

The post Bitcoin Could Have Smooth Sailing from Here, Technical Oscillator Suggests appeared first on Hacked: Hacking Finance.

Crypto Update: Ethereum Hits 9-day High as Altcoin Bounce Continues

The cryptocurrency segment continued to show signs of short-term strength so far this weekend with the severely oversold altcoins leading the way higher. Ethereum is still in the epicenter of the moves, with the second largest coin pushing higher towards the $235 resistance level as expected. Despite the ongoing bounce, several coins are stuck in […]

The post Crypto Update: Ethereum Hits 9-day High as Altcoin Bounce Continues appeared first on Hacked: Hacking Finance.

Bitcoin Price: Whales, Not Bears, Are In Control

Bitcoin’s price charted a narrow uptrend on Saturday, as calm returned to the market following a mysterious collapse that has many in the cryptocurrency community theorizing about a potential cause. As the author previously reported, bitcoin’s sudden collapse after weeks of sustained growth was a sign that a whale, and not the bears, was dictating […]

The post Bitcoin Price: Whales, Not Bears, Are In Control appeared first on Hacked: Hacking Finance.

Trade Recommendation: Waltonchain

The Waltonchain/Bitcoin pair (WTC/BTC) took out resistance of 0.00044 on August 23, 2018. The breach triggered the breakout from the large falling wedge on the weekly chart. This enabled the market to rally to as high as 0.0007997 on August 31. In a little over a week, the market grew by over 80%. The rally, […]

The post Trade Recommendation: Waltonchain appeared first on Hacked: Hacking Finance.

Trade Recommendation: Decred

The Decred/Bitcoin (DCR/BTC) pair came off lows of 0.0054 on September 13, 2018. At that price level, the market was down by almost 70% from the 2018 high of 0.0177. The good news is it appears that DCR/BTC has bottomed out. We have the charts to support our view. Technical analysis shows that DCR/BTC is […]

The post Trade Recommendation: Decred appeared first on Hacked: Hacking Finance.

Canadian town forced to pay Bitcoin after nasty ransomware attack

By Uzair Amir

The town of Midland, Ontario, Canada, has decided to pay cybercriminals after its servers were targeted and infected with a nasty ransomware on Saturday, September 1, at approximately 2 a.m. The total amount of ransom payment has not been disclosed but the demand from cybercriminals was that they must be paid in Bitcoin if the town wants […]

This is a post from HackRead.com Read the original post: Canadian town forced to pay Bitcoin after nasty ransomware attack

Spotlight Podcast: Flashpoint’s Allison Nixon on SIM Swapping and the Looming Online Identity Crisis

Your smart phone does double and triple duty: letting you do banking, buy a cup of coffee, board a plane or access a sensitive online account. But that doesn’t mean that your phone number is equally as trustworthy. In this Spotlight Podcast, we speak with Flashpoint* head of research Allison Nixon about how a recent rash of SIM swapping...

Read the whole entry... »

Related Stories

Dark Markets’ Weakness? Cashing out the Bitcoin to USD!

Over the years there has been an on-going battle between law enforcement and those who use technology-based anonymity to perform their illegal deeds.  Some of the FBI's tricks to break through the anonymity have created interesting challenges, such as the "Operation Pacifier" case, where the FBI used court orders to allow them to use hacking tricks to expose the true locations of members of a child sexual exploitation site with 150,000 members, leading to 350 US arrests and 548 international arrests.  In that case the FBI deployed "Network Investigative Techniques" (NITs) to learn the IP addresses of top members of a TOR protected .onion server.  To clarify the legality of that situation, Rule 41 of the Federal Rules of Practice and Procedure was amended in 2016 under some controversy, as we blogged about in "Rule 41 Changes: Search and Seizure when you don't know the Computer's location."

In the current case, "Operation: Dark Gold", perhaps as a demonstration that the old "Follow the Money" rule can work even in these modern times, law enforcement posed as cryptocurrency exchangers, offering attractive conversion rates to USD even for those clearly involved in criminal activity.  After Alexander Vinnik's BTC-e exchange was shuttered, with the owner accused of facilitating the laundering of $4 Billion in illicit funds, Dark Market vendors had a real problem!  How do you turn a few million dollars worth of Bitcoin into money that you can spend in "the real world?"



That's just the kind of problem that the Department of Justice's Money Laundering and Asset Recovery Section is happy to help criminals solve.  In a major operation, Special Agents from Homeland Security Investigations in New York posed as money launderers on various TOR-protected dark markets.  As the money launderers were able to drive conversations "off platform" they had the opportunity to refer cases around the nation and around the world.  So far, more than 90 cases have been opened, leading to investigations by ICE's HSI, the US Postal Inspection Service, and the US Drug Enforcement Agency.  65 targets were identified and 35 Darknet vendors have been arrested so far.  At least $20 million in Bitcoin and other cryptocurrencies was seized, as well as 333 bottles of liquid opioids, 100,000 tramadol pills, 100 grams of fentanyl, 24kg of Xanax, 100 firearms, including assault rifles and a grenade launcher, five vehicles, and $3.6 million in cash and gold bars.  They also seized 15 pill presses, and many computers and related equipment.

Powell and Gonzalez (BonnienClyde)


The case against Nicholas Powell and Michael Gonzalez really explains the background of some of these cases well. 

"In or about October 2016, HSI NY, USPIS, the USSS, and the NASA Office of Inspector General, apprehended a Cryptocurrency Exchanger/Unlicensed Money Remitter herein rferred to as Target Subject-1. With TS1's cooperation, agents began investigating TS1's customers.  From the limited subset of customers for whom TS1 saved any kind of personal information (such as the names and addresses to which TS1 had shipped the customers' cash), agents identified a number of vendors selling illegal goods and services on the dark net." (Gar-note: NASA OIG has one of the coolest most proactive cybercrime teams in Federal government.  Little-known FACT!)

"With TS1's permission, agents took control of TS1's online accounts and identity, initiating an undercover operation using that identity to create new accounts (the "UC Vendor Accounts") targeting dark net drug vendors who utilized TS1's services to launder their illicit proceeds.  Since January 2017, agents have advertised the UC Vendor Accounts' services on AlphaBay, HANSA, and other dark net marketplaces, which has led to hundreds of bitcoin-for-cash exchanges.  Because TS1's original business model involved sending cash to physical addresses, each UC Vendor Account transaction has provided agents with leads on the identities and locations of their counterparties.  Individuals who used the UC Vendor Account were charged a fee notably higher than the fee charged by Bitstamp or other exchanges with Know  Your Customer protocols.  This and other evidence helped establish that many of these "customers" were likely dark net vendors or controlled substances or other illicit goods.  Furthermore, and as explained below, in some instances, agents have successfully utilized undercover buyer accounts on dark net marketplaces to conduct undercover drug buys from vendors believed to be the UC Vendor Accounts' customers."

In this case, Law Enforcement first caught up with Michael Gonzalez in Parma, Ohio.  He claimed Nicholas Powell was the mastermind, and the only got paid to help with shipping and packaging of "a few orders."  His job was to measure out 500 gram bags of Xanax powder and handle the shipping.  Powell was found and interviewed in his home at 5283 Bevens Ave, Spring Hill, Florida on May 22, 2018.  Powell confirmed that he had begun selling steroids and weed on the dark net. Later he became a drop shipper, arranging shipments from China to be delivered domestically.  Powell started on Silkroad 2, using the name BCPHARMA, selling steroids and GHB that he purchased from China.  He sold on Agora and AlphaBay as BONNIENCLYDE or BNC.  Later he also used that alias on Evolution Markets.  He also shifted later to selling Xanax and steroids on AlphaBay.  He claimed he physically destroyed the computer he used for this work, and later also destroyed two Apple computers. 

Powell confirmed that he used TS1 to convert between $10,000 and $40,000 in crypto currencies to cash at a time, and would receive the packages via USPS Express.  He claims a Canadian vendor wanted to buy his online identity, and that he made $100,000 by transferring the "BONNIENCLYDE" id to the Canadian. 

Powell willingly signed over to agents $438,000 worth of cryptocurrencies.

TrapGod 

TrapGod was an online vendor alias shared by  Antonio Tirado, 26 and Jeffrey Morales, 32, of Bronx, New York.  An affidavit from Antonio's search warrant shows he was growing marijuana and packaging and shipping both LSD and Cocaine.

Here's a photo of some of TrapGod's goods for sale on one dark market.

The 2050 means that 2,050 people have rated this vendor's services, giving an average review of 4.79 out of 5 stars.  Even the "bad" reviews, show that Trapgod was good to do business with.  One says "Vendor has been top notch. Then got some really sub-par stuff.  Contacted vendor. He said he'll take care of me next time. Will post again..."  Comments include things like "Great shipping, good stealth." and  "Stealth was good, my package was well hidden and secure.  Quality is good, after testing I found that the product is about a 80/20 cut as described!  I like honesty, plus seller put a little extra in my order!!"  "Shipment was delayed, quality not so good. However vendor sent an additional shipment to make up for it.  The price is good, but I'd rather pay more for higher quality."

Unfortunately, Morales and Tirado either weren't the only ones behind the Trapgod alias, or they are continuing to sell while out on bail.  Morales and Tirado's homes both got hit July 20, 2018, but there were fresh reviews posted yesterday (July 3, 2018).

Qu/Wu/Weng/Tseperkas/Akkaya

The next group were worked as a single case (1:18-mj-05193-UA) also in New York, and involved raids on three houses in Flushing and Mt. Sinai, New York.  Charges are brought against Jian Qu, Raymeond Weng, Kai Wu, Dimitri Tseperkas, and Cihad Akkaya.

Kai Wu and Jian Qu were in one home, where $200,000 in cash, 110 kg of marijuana, and "680 grams of unidentified powders" were seized.

Residence-2 yielded 12kg of Alprazolam, 10kg of marijuana vape cartridges, 570 grams of ecstasy, "12kg of unidentified powder" and four pill presses, used to press powders into ecstasy tablets.  There were also at least 2 kg of THC gummies.



Residence-3 was the home of Dimitri Tseperkas and Cihad Akkaya, where law enforcement recovered $195,000 in cash, 30kg of marijuana, and three loaded shotguns and 100 shotgun shells.


Videos recovered from the cell phones of Wu and Weng (who was not home, but has been observed repeatedly at Residence-1) reveal they also have at least two marijuana grow houses.

Farace/Swain

Ryan Farace, who the indictment makes clear "has no known medical education, qualifications, or licensing in the State of Maryland or elsewhere", yet he and his partner were manufacturing and distributing serious amounts of Xanax.  So much so that the indictment calls for them to forfeit $5,665,000 in cash as well as a Lincoln Navigator, a  GMC pick-up truck, and 4,000 Bitcoins (which currently would be the USD equivalent of more than $26 MILLION dollars!

Not bad for the former parking lot attendant of a Home Depot ... according to Ryan's Facebook, where both of the named vehicles are featured:



The indictment charges the pair with "Conspiracy to Manufacture, Distribute, and Possess with Intent to Distribute Alprazolam" (aka Xanax) (21 USC section 846) as well as "Maintaining Drug-involved Premises" (21 USC section 856) and "Conspiracy to Commit Money Laundering" (18 USC section 1956).

CANNA_Bars:

Jose Robert Porras III and his girlfriend, Pasia Vue, were selling marijuana and crystal meth, as well as Xanax and Promethazine-codeine cough syrup (Lean).  The HSI agent noticed on their Dream Market account that they shared their rating from Hansa.  Big mistake.  The Dutch High Tech Crimes Unit has the seized servers from Hansa and is happy to do lookups for law enforcement.  This revealed that "CANNA_BARS" had earned about 56 bitcoins on Hansa, selling crystal meth in quantities as large as 1 pound bars!  They described the product there as "this crystal is directly from manufacturers in mexico so it is made with the highest qaulity products that cant be found in the us. expect the highest qaulity on hansa for the cheapest."  The same criminal also couldn't spell "qaulity" right on Dream Market, which was further confirmation this might be the same guy.  From Dream Market "whats up we are canna_bars a vendor of top qaulity weed we offer qps to multiple pounds we are operating out of northern california and have direct relationships with many growers so expect good qaulity for cheap prices."

By searching for this signature typo, "qaulity" for "quality", the agent was also able to confirm that CANNA_BARS was the same person that sold as THEFASTPLUG on Wall Street Market, another dark net marketplace.  They completed 60 orders there between Feb 2018 and May 13, 2018.

One of his loyal customers, y***h,  is apparently wishing him well after learning of the arrest ... in the comments section for THEFASTPLUG on Wall Street Market, they made this July 2, 2018 comment:





In one photograph shared by CANNA_BARS, his hands are shown, palms up, holding marijuana buds.  The fingerprints of the open palms were so clear that they could easily be used to run a fingerprint match:


The HSI Forensic Document Laboratory returned a fingerprint match confirming that the image showed the fingerprints for Jose Robert Porras III, who had prints on file.

CANNA_BARS offered "free samples" of marijuana, which the agent asked for and had shipped to another state.  The package arrived and was confirmed to contain marijuana. (The inner package was wrapped in fabric softener sheets, presumably to stop drug-sniffing dogs?)

HSI surveillance was used to follow Porras and Vue to a US Post Office where they shipped packages, a Bank of America branch where they had accounts, and to a storage unit, where they maintained their inventory.  Undercover purchases from CANNA_BARS of two pounds of marijuana, and THEFASTPLUG of three pounds of "og kush" marijuana were able to be observed in the gathering and shipping end of the surveillance, providing "end-to-end" proof of the identity of the criminals.

Some of the bitcoin that was used by CANNA_BARS was able to be linked via blockchain analysis to accounts that had a bit of KYC information attached.  This revealed four accounts at one exchanger, including one each for VUE (using the email "pasiavue57@gmail.com" and (916) 228-1506) and PORRAS.  These further linked to several bank accounts, two in the name of Pasia Vue, one in the name of Marcos Escobado (a brother(?) of Porras, and another in the name of Julie Hernandez.  Escobado was arrested in Oregon for possession of methamphetamine and had received $11,000 from the bitcoin exchanger in four transactions.

After TS1's money exchanger service was taken over by the feds, the couple did four more transactions, receiving $56,000 in cash shipped from New York to their drops in Live Oak and Sacramento, California.

In addition to the Drugs and Money laundering charges, Porras was charged with Felon Possessing a Firearm:



Sam & Djeneba Bent

Less details are revealed in the Vermont indictment against Sam & Djeneba Bent.  Same used dark markets to sell Ecstasy (MDMA), LSD, marijuana, and cocaine, and used the TS1 money exchanging service to cash out more than $10,000 from bitcoin to USD.


They are charged with using a false return address on a package shipped through the postal service.

(Just joking, I know this got long and I wondered if anyone had read this far, haha.)


Daniel Boyd McMonegal 

McMonegal became a dark market vendor in or around December 2016, which might be how he chose his vendor name, Christmastree.  McMonegal, according to the affidavit by Homeland Security Investigations, incorporated a "medical marijuana delivery dispensary" in December 2, 2016 under the name "West Coast Organix" in San Luis Obispo, California, and almost immediately started selling the drugs via interstate postal delivery via Dream Market using his Christmasstree vendor name.

From June 15, 2017 to May 12, 2018, Christmastree sold 2,800 packages and earned a 4.98 rating on Dream Market!


The rave reviews from buyers make it clear Christmastree really knew his stuff with high ratings on his Blue  Dream, OG Kush, Super Silver Haze, Blackberry Kush, and many others.  

Like the others, McMonegal's downfall was getting his Bitcoin turned into cash.  After the time the federal agents controlled TS1's exchange business, McMonegal used it to cash out at least $91,000 which was shipped to him in Mariposa, California in six shipments between April 2017 and March 2018.



IMMIGRATIONS AND CUSTOMS ENFORCEMENT

For all the crap that is in the news recently about ICE, Homeland Security Investigations, the team that was at the lead of many of these investigations, are using technology and brilliant investigators to help shut down some of the worst crimes on the Internet.  If you know an ICE or HSI agent, make sure to let them know you appreciate what they are doing for us all!


(For more of this press conference, please see this YouTube video: "Officers arrest 35 in dark web bust, seize guns and drugs")

Threat Report: Don’t Join Blockchain Revolution Without Ensuring Security

On May 19 researchers discovered a series of vulnerabilities in the blockchain-based EOS platform that can lead to remote control over participating nodes. Just four days prior, a mining pool server for the IOT platform HDAC was compromised, impacting the vast majority of miners. In January the largest-ever theft of cryptocurrencies occurred against the exchange Coincheck, resulting in the loss of US$532 million in NEM coin. Due to its increased popularity and profitability cybercriminals have been targeting all things blockchain. McAfee Advanced Threat Research team analysts have now published the McAfee Blockchain Threat Report to explain current threats against the users and implementers of blockchain technologies.

What is Blockchain?

Even if you have not heard of blockchain, you have likely heard of cryptocurrencies, namely Bitcoin, the most popular implementation. In late 2017 Bitcoin reached a value of $20,000 per coin, prompting a lot of interest in the currency—including from cybercriminals. Cryptocurrencies are built on top of blockchain, which records transactions in a decentralized way and enables a trusted “ledger” between trustless participants. Each block in the ledger is linked to the next block, creating a chain. Hence, the system is called a blockchain. The chain enables anyone to validate all transactions without going to an outside source. From this, decentralized currencies such as Bitcoin are possible.

Proof-of-work blockchain. Source: https://bitcoin.org/bitcoin.pdf.

Blockchain Attacks

Attackers have adopted many methods targeting consumers and businesses. The primary attack vectors include phishing, malware, implementation vulnerabilities, and technology. In a phishing scheme in January, Iota cryptocurrency lost $4 million to scams that lasted several months. Malware authors often change their focus. In late 2017 to early 2018 some have migrated from deploying ransomware to cryptomining. They have been found using open-source code such as XMRig for system-based mining and the mining service Coinhive.

Source: McAfee Labs

Implementation vulnerabilities are the flaws introduced when new technologies and tools are built on top of blockchain. The recent EOS attack is one example. In mid-July 2017 Iota suffered an attack that essentially enabled attackers to steal from any wallet. Another currency, Verge, was found with numerous vulnerabilities. Attackers exploiting the vulnerabilities were able to generate coins without spending any mining power.

Known attacks against the core blockchain technology are much more difficult to implement, although they are not unheard of. The most widely known attack is the 51% attack, or majority attack, which enables attackers to create their own chains at will. The group 51 Crew targeted small coins, including Krypton, and held them for ransom. Another attack, known as a Sybil attack, can allow an attacker to completely control a targeted victim’s ledger. Attempts have been made for larger scale Sybil attacks such as one in 2016. 

Dictionary Attacks

Blockchain may be a relatively new technology but that does not mean that old attacks cannot work. Mostly due to insecure user behavior, dictionary attacks can leverage some implementations of blockchain. Brain wallets, or wallets based on weak passwords, are insecure, yet people still use them. These wallets are routinely stolen, as was the case with the nearly BTC60 stolen from the following wallet:

This wallet recorded two transactions as recently as March 5, 2018. One incoming and one outgoing transaction occurred within roughly 15 minutes. Source: https://blockchain.info.

Exchanges Under Attack

The biggest players, and targets, in blockchain are cryptocurrency exchanges. Cryptocurrency exchanges can be thought of as banks in which you users create accounts, manage finances, and even trade currencies including traditional ones. One of the most notable incidents is the attack against Mt. Gox between 2011‒2014 that resulted in $450 million of Bitcoin stolen and led to the liquidation and closure of the company. Coincheck, previously mentioned, survived the attack and began reimbursing victims for their losses in March 2018. Not all recent exchanges fared so well. Bitcurex abruptly closed and led to an official investigation into the circumstances; Youbit suffered two attacks, leading the company into bankruptcy.

An advertisement for the shuttered Polish exchange Bitcurex.

Conclusion 

Blockchain technologies and its users are heavily targeted by profit-driven cybercriminals. Current attackers are changing their tactics and new groups are entering the space. As more businesses look to blockchain to solve their business problems and consumers increasingly rely on these technologies, we must be diligent in understanding where the threats lie to achieve proper and tailored risk management. New implementations must place security at the forefront. Cybercriminals have already enjoyed successes against the users and implementations of blockchain so we must prepare accordingly.

The post Threat Report: Don’t Join Blockchain Revolution Without Ensuring Security appeared first on McAfee Blogs.

It’s a Zoo Out There! Data Analysis of Alleged ZooPark Dump

In early May, researchers disclosed a Mobile malware campaign by a group focused on Middle Eastern targets. This actor was found to be an evolving and sophisticated group using fake Android apps, namely Telegram, to trick users into installing malicious software. They have been active since 2015 and evolved over several campaigns into 2018. On May 14, a Reddit post linked to LamePT, claiming to have leaked their infrastructure including a database containing victim information.

Figure 1 – Screenshot of the site hosting the leaked data

The current leaked assets include:

  • MYSQL database
  • Audio recordings
  • The old C2 server and assets
  • AppData folder (presumably of the C2 server)
  • Current C2 server and control panel

Further leaked documents are behind a paywall payable to a fresh bitcoin address. The first payment was made on May 13th, 2018 leaving a balance of $1,110.87. It’s difficult to verify if someone paid to have the first dataset released or the actor paid themselves to appear more authentic. With that said, the authenticity of the data is still in question as we have some significant doubts on at least a portion of the data. For example, the following SMS caught our attention:

“Wife.how she knew the time of murder exactly”.

This text can be found in an SMS spam dataset used for training spam engines. Many other English based SMS messages can also be found here. “will be office around 4 pm. Now I am going hospital” is another example. Universities tend to use these datasets to teach computer science concepts. In this case, the concept is likely related to machine learning techniques for categorizing messages into spam. One university came up often when searching for these messages based on its Computer Science I: Fundamentals homework postings. Other messages could be found in cached websites.

“Credit shuma ka mast jahat ezdiad credit ba hesab tan shumarai 222 ra dair namoda w aba taqeeb aan code 14 raqami ra dakhel nomaed .”

This translates to “Credit card is not available for sale at 222 days or less than 142 days.” and found cached in a language translation site. This particular phrase was being translated from Turkish to Urdu. Not all of the messages were found publicly online. Most of the messages were in Middle Eastern languages presenting its own challenges. Other sources were found such as Facebook posts; however, sources for the vast majority of the SMS message have not yet been located. For these reasons, we remain skeptical of the authenticity of the data.

Figure 2 – Facebook post with the same text as an SMS message

Other data such as the recordings do not appear to be publicly available. After sampling 100 of these files we’ve found them to sound like authentic recordings. The majority are in 7 minute 59 second .3gpp files. Most appear to be ambient conversations and daily activities and not phone calls as was expected. Searching for public audio is difficult but we can verify that the hashes of the 100 are not publicly indexed by major search engines nor are the file names themselves.

Until we know for certain whether the data is authentic we cannot grantee that this data dump represents ZooPark and its capabilities but we can look at what they could be up to. After reviewing the leaked MySQL database we’ve learned much about the ZooPark’s potential operations.

Tables Included:

  • Appinfotracking
  • Audiotracking
  • Calltracking
  • Emailtracking
  • geolog
  • gpslocation
  • phonebookaccess
  • phototracking
  • recordcall
  • registration
  • sales_user_info
  • settings
  • smstracking
  • urltracking

From the table names alone, we can infer a lot of the access ZooPark had to user devices and the data they were after. Call tracing, phonebook access, and SMS tracking are unfortunately very common to collect amongst malicious app developers. However, audio tracking caught our attention. While we are still analyzing the dataset, the database records indicate over 102,571 recordings have been uploaded to their C2 server between 2015 and 2018. The dump contains approximately 3,887 of these, jeopardizing private and potentially highly sensitive conversations. Our sampling of these files indicate that the audio was recorded in roughly 8-minute blocks. Most, but not all audio files took place with time gaps between them. There was at least one group conversation that continued on for at least 3 recorded blocks. A surprisingly low number of phone numbers generated these recordings. Only eight phone numbers are part of the recording available through this data dump.

Other conversations were also captured such as SMS texts although portions of these have been found publicly in open datasets. Conceivably, these could have been generated by researchers investigating the malicious Android apps but it’s more likely they were generated by the data leaker to sell the dump. The SMS texts contain much of what you expect such as general chat, and advertisements. However, it’s also riddled with embarrassing or explicit texts which could be used against the users should they prove legitimate. Additionally, we’ve found cleartext two-factor authentication messages from major services such as Google and LinkedIn, and popular chat apps such as Telegram. ZooPark could have used these to gain access to additional services unbeknownst to the victims. After attempting and failing to rebuild several English based conversations we have little confidence that the entire data set came from ZooPark. However, It does exemplify the real danger of sensitive conversations being collected by Zoopark and available for their operations.

Another surprising find is in the Appinfotracking table, where there are 1541 unique apps listed, indicating a very large campaign. Here are a few notable ones:

  • Youtube
  • Wikipedia
  • WhatsApp
  • WinZip
  • Weather
  • VLC
  • Twitter
  • Telegram
  • TrueCaller
  • Tango
  • Pinterest
  • ICQ
  • Flashlight
  • Facebook
  • DUO
  • Dropbox
  • Crunchyroll

There were relatively few games listed compared to other social and utility apps, perhaps suggesting a more utilitarian or professional target. Approximately, 92 phone numbers are listed in relation to the apps. Of the GPS coordinates we’ve checked the middle east is still the main focus, with a significant footprint in Egypt.

While the data leakers request is for Bitcoin payment, we believe they are primarily interested in acquiring Monero coin. Once payments are made the actors use a popular tool called ShapeShift to turn the Bitcoin into Monero (XMR). Shapeshift allows the actors to pay in from one cryptocoin and receive a payout in another without creating an account for the service. The added Monero features enable them to maintain greater anonymity during the transfer. It is anonymity that usually motivates cybercriminals to move to Monero.  Monero coins are of interest due to their improved anonymity and privacy-related improvements, making it difficult to for law enforcement and security researchers to trace.

Shapeshift Transaction from BitCoin (BTC) to Monero (XMR)

The actor who leaked this data is obviously motivated by money as evidenced by the requested payment for further data leaks. Fake datasets, especially those that contain credit card information, email addresses and passwords, have been known to be for sale to scam other cybercriminals. It’s a distinct possibility that this could be the case with the current data dump but it has yet to be determined. However, competition also can play a primary motivator. Many times competing bad actors will attempt to sabotage others in the space. Altruism can play a role as well. Some vigilante actors may believe that their motivations are for the greater good regardless of the laws they break and collateral damage. Whatever the motivations are, data leaks like these can be embarrassing, damaging and in some cases dangerous for the victims whose information it may contain.
Other points of interest:

  • There are a surprisingly low number of unique victim numbers in the database with only 169.
  • The latest URL record is as recent as May 12,2018
  • The latest SMS record is as recent as May 8,2018
  • 81 unique numbers had 47,784 records of GPS data stored

Bitcoin Address:

  • 1AUMs2ieZ7qN4d3M1oUPCuP3CH9WGQxpbd

The post It’s a Zoo Out There! Data Analysis of Alleged ZooPark Dump appeared first on McAfee Blogs.

Cyber Security Roundup for January 2018

2018 started with a big security alert bang after Google Security Researchers disclosed serious security vulnerabilities in just about every computer processor in use on the planet. Named 'Meltdown' and 'Spectre’, when exploited by a hacker or malware, these vulnerabilities disclose confidential data. As a result, a whole raft of critical security updates was hastily released for computer and smartphone operating systems, web browsers, and processor drivers. While processor manufacturers have been rather lethargic in reacting and producing patches for the problem, software vendors such as Microsoft, Google and Apple have reacted quickly, releasing security updates to protect their customers from the vulnerable processors, kudos to them.

The UK Information Commission's Office (ICO) heavily criticised the Carphone Warehouse for security inadequacies and fined the company £400K following their 2015 data breach, when the personal data, including bank details, of millions of Carphone Warehouse customers, was stolen by hackers, in what the company at the time described as a "sophisticated cyber attack", where have we heard that excuse before? Certainly the ICO wasn't buying that after it investigated, reporting a large number Carphone Warehouse's security failures, which included the use of software that was six years out of day,  lack of “rigorous controls” over who had login details to systems; no antivirus protection running on the servers holding data, the same root password being used on every individual server, which was known to “some 30-40 members of staff”; and the needless storage of full credit card details. The Carphone Warephone should thank their lucky stars the breach didn't occur after the General Data Protection Regulation comes into force, as with such a damning list of security failures, the company may well have been fined considerably more by ICO, when it is granted vastly greater financial sanctions and powers when the GDPR kicks in May.

The National Cyber Security Centre warned the UK national infrastructure faces serious nation-state attacks, stating it is a matter of a "when" not an "if". There also claims that the cyberattacks against the Ukraine in recent years was down to Russia testing and tuning it's nation-state cyberattacking capabilities. 

At the Davos summit, the Maersk chairman revealed his company spent a massive £200m to £240m on recovering from the recent NotPeyta ransomware outbreak, after the malware 'totally destroyed' the Maersk network. That's a huge price to pay for not regularly patching your systems.

It's no surprise that cybercriminals continue to target cryptocurrencies given the high financial rewards on offer. The most notable attack was a £290k cyber-heist from BlackWallet, where the hackers redirected 700k BlackWallet users to a fake replica BlackWallet website after compromising BlackWallet's DNS server. The replica website ran a script that transferred user cryptocurrency into the hacker's wallet, the hacker then moved currency into a different wallet platform.

In the United States, 
the Federal Trade Commission (FTC) fined toy firm VTech US$ 650,000 (£482,000) for violating a US children's privacy laws. The FTC alleged the toy company violated (COPPA) Children's Online Privacy Protection Rule by collecting personal information from hundreds of thousands of children without providing direct notice.

It was reported that a POS malware infection at Forever21 and lapses in encryption was responsible for the theft of debit and credit card details from Forever21 stores late last year. Payment card data continues to be a high valued target for cyber crooks with sophisticated attack capabilities, who are willing to invest considerable resources to achieve their aims.

Several interesting cybersecurity reports were released in January,  the Online Trust Alliance Cyber Incident & Breach Trends Report: 2017 concluded that cyber incidents have doubled in 2017 and 93% were preventable. Carbon Black's 2017 Threat Report stated non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite the proliferation of malware available to both the professional and amateur hackers. Carbon Black also reported that ransomware attacks are inflicting significantly higher costs and the number of attacks skyrocketed during the course of the year, no surprise there.  

Malwarebytes 2017 State of Malware Report said ransomware attacks on consumers and businesses slowed down towards the end of 2017 and were being replaced by spyware campaigns, which rose by over 800% year-on-year. Spyware campaigns not only allow hackers to steal precious enterprise and user data but also allows them to identify ideal attack points to launch powerful malware attacks. The Cisco 2018 Privacy Maturity Benchmark Study claimed 74% of privacy-immature organisations were hit by losses of more than £350,000, and companies that are privacy-mature have fewer data breaches and smaller losses from cyber-attacks.

NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

REPORTS

Cyber Security Roundup for December 2017

UK supermarket giant Morrisons, lost a landmark data breach court case in December after a disgruntled Morrisons employee had stolen and posted the personal records of 100,000 co-workers online, the supermarket chain was held liable for the data breach by the UK High Court. The High Court ruling now allows those affected to claim compensation for the "upset and distress" caused. Morrisons said it believed it should not have been held responsible and would be appealing against the decision. If the appeal is lost it could open up the possibility of further class action lawsuits cases by individuals. Pending the GDPR becoming law in May 2018, such a court ruling sets a legal precedent for individuals to claim damages after personal data losses by companies through the courts as well. After May 2018, the GDPR grants individuals the right sue companies for damages following personal data breaches. So we can expect 'ambulance chasers' lawyers to pick up on this aspect of the GDPR, with class action lawsuits following data breaches, it well could become the new "P.P.I. industry"

Any businesses or individuals using Kaspersky should be aware the UK National Cyber Security Centre has warned government agencies against using the Russian supplier’s products and services, which follows a ban by US government departments in November. Barclays responded to the warning by stopping their free offering of Kaspersky anti-virus products to its customers. 2017 saw Cyber Security become a political football, so it is no real surprise that the UK and US once again blamed North Korea for the devasting WannaCry attacks earlier in the year, personally, I blame poor patch management and hackers, not the North Korea cyber army!

Nadine Dorries MP got herself in hot water after trying to defend now former political colleague Damian Green, following claims of Mr.Green accessed porn on his Parliment computer. This was activity was reported by a retired Police officer, which was said to be a breach of the data protection act. Nadine tweeted "my staff log onto my computer on my desk with my login everyday" to suggest anyone could have used Damian Green's PC to access the illicit websites. This led to widespread condemnation and a warning by ICO to MPs on password sharing. 

The fact illicit websites were not blocked by Parliament systems is one concerning lack security issue, but the flagrant disregard for basic cybersecurity by government MPs is gobsmacking, especially when you consider they are supposed to be understanding the risk and setting laws to protect UK citizens from cyber attacks and data breaches. Its another "slap palm on head" after the last UK Prime Minister announced he wanted to ban encryption.

2017 has seen huge rises in cryptocurrencies values, which has placed cryptocurrency brokers and user crypto coin wallets in the sights of cybercriminals. This month mining platform NiceHash was breached by hackers, who stole £51 million worth of Bitcoin and Bitcoin exchange Youbit, which lets people buy and sell Bitcoins and other virtual currencies, shut down and filed for bankruptcy after losing 17% of its assets in the cyber-attacks. I think we can expect further cryptocurrencies attacks in 2018 given the cryptocurrency bubble is yet to burst.

Faked LinkedIn profiles are nothing new, however, the German Intelligence Agency (BfV) said it had spotted China were using faked LinkedIn profiles to connect with and gather information on German officials and politicians, which is an interesting development.

Finally, Hackers were reported as taking advantage of poorly secured systems at UK private schools, and it was claimed hackers could turn off heating systems at UK schools and military bases.

NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

Weekly Cyber Risk Roundup: Bitcoin Attacks Dominate Headlines, New Phishing Warnings

Several cryptocurrency exchanges were among the week’s top trending cybercrime targets due to a variety of different currency thefts, data breaches, and warnings from researchers.

2017-12-8_ITT.png

The most impactful incident occurred at the bitcoin mining platform and exchange NiceHash, which said on Wednesday that its payment system was compromised and the bitcoin in its wallet was stolen. NiceHash said it is “working to verify the precise number of BTC taken”; however, news outlets reported that a wallet linked to the attack obtained around 4,736 bitcoin, which is valued at more than $72 million based on Saturday’s price. The company has not released many details about the attack other than that it began after an employee’s computer was compromised.

In addition, researchers warned this week that the increased valuation of bitcoin has led to it becoming one of the top 10 most targeted industries for DDoS attacks. On Monday, Bitfinex said that its services were disrupted by a DDoS attack. On Thursday, Coinbase warned that the explosion of interest in digital currencies was creating “extreme volatility and stress” on its systems and warned its users to invest responsibly as any future downtime could impact their ability to trade.

News outlets also reported that some Bittrex customers who go through the company’s manual verification process but are rejected have received customer support emails that contain the passports details and photographs of other users, although Bittrex has not confirmed the reports.

Finally, the SEC announced that it obtained an emergency asset freeze to halt the Initial Coin Offering PlexCorps after it raised up to $15 million from thousands of investors by falsely promising a 13-fold profit in less than a month’s time.

2017-12-8_ITTGroups

Other trending cybercrime events from the week include:

  • TIO Networks announces breach: PayPal announced a breach at TIO Networks, a payment processor it acquired in July, that affects approximately 1.6 million customers. City Utilities (CU) and Duke Energy have since notified customers that their personal information was compromised due to the breach, as TIO was the provider of the operating system for CU’s payment kiosks and mobile payment app, in addition to being used to process Duke Energy’s in-person payments.
  • Payment card breaches: The Image Group is notifying customers of a temporary vulnerability on its eCommerce platform, Payflow Pro, that made some payment card numbers susceptible to interception while in transit to PayPal. JAM Paper & Envelope is notifying customers of a payment card card breach affecting its website due to unauthorized access by a third party. A payment card breach involving the Royal National Institute for the Blind’s web store affects as many as 817 customers, and around 55 individuals have already reported fraudulent activity as a result of the incident.
  • Extortion attacks: The Alameda County Library is notifying its users that their personal information may have been compromised after it received an extortion email that claimed hackers had gained access to the library’s entire database of users and may sell that information if they weren’t paid a five bitcoin ransom. The Mecklenburg County government in North Carolina said that its computer systems were infected with ransomware that is demanding $23,000 for the encryption key. Mad River Township Fire and EMS Department in Ohio said that years of data related to residents who used EMS or fire services was lost due to a ransomware infection. The fertility clinic CCRM Minneapolis said that nearly 3,300 patients may have had their information compromised due to a ransomware attack.
  • Other notable incidents: The Center for Health Care Services in San Antonio is notifying 28,434 patients that their personal information was stolen by a former employee. The County of Humboldt is notifying current and former employees that the Humboldt County Sheriff’s Office recovered payroll documents from the county. Pulmonary Specialists of Louisville is notifying patients their information may have been compromised due to possible unauthorized access. Virtual keyboard developer Ai.Type, bike sharing company oBike, Real Time Health Quotes, and Stanford University all had data breaches due to accidental data exposure. Baptist Health Louisville, Sinai Health System, and The Henry Ford Health System notified patients of employee email account breaches.
  • Law enforcement actions: Authorities reportedly shut down Leakbase, a service that sold access to more than two billion credentials collected from old data breaches. The Justice Department announced a software developer at the National Security Agency’s Tailored Access Operations has pleaded guilty to removing classified NSA data and later having that data stolen from his personal computer by Russian state-sponsored actors. A Michigan man pleaded guilty to gaining access to the Washtenaw County computer network and altering the electronic records of at least one inmate in an attempt to get the inmate released early. A Missouri man has been sentenced to six years in prison for hacking his former employer, American Crane & Tractor Parts, in order to steal trade secrets.

SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of those “newly seen” targets, meaning they either appeared in SurfWatch Labs’ data for the first time or else reappeared after being absent for several weeks, are shown in the chart below.

2017-12-8_ITTNew

Cyber Risk Trends From the Past Week

2017-12-8_RiskScoresPhishing concerns were highlighted once again this past week due to a newly announced vulnerability that allows malicious actors to spoof emails, as well as warnings that phishers are making efforts to appear more legitimate.

A researcher has discovered a collection of bugs in email clients, dubbed “Mailsploit,” that circumvents spoofing protection mechanisms and, in some cases, allows code injection attacks. The vulnerabilities were found in dozens of applications, including Apple Mail, Mozilla Thunderbird, Microsoft Outlook 2016, Yahoo! Mail, ProtonMail, and others.

The bug has been fixed in 10 products and triaged for 8 additional products, the researcher said. In addition, Mozilla and Opera said they won’t fix the bug as they consider it to be a server-side problem; however, Thunderbird developer Jörg Knobloch told Wired that a patch would be made available. DMARC spoofing protection is not attacked directly using Mailsploit,  the researcher said, but rather bypassed by taking advantage of how the clients display the email sender name.

In addition, researchers said that nearly a quarter of all phishing websites are now hosted on HTTPS domains, up from three percent a year ago. The increase is due to both an increased number of HTTPS websites that can be compromised and used to host malicious content, as well as phishers registering HTTPS domains themselves due to their belief that the “HTTPS” designation makes a phishing site seem more legitimate to potential victims. An informal poll conducted by PhishLabs found that more than 80% of the respondents incorrectly believed the green padlock associated with HTTPS websites indicated that a website was either legitimate or safe — when in reality it only means that the connection is encrypted.

Individuals and organizations should be aware that malicious actors continue to leverage exploits like Mailsploit along with more secure-looking websites in order to dupe potential victims via phishing attacks with the goal of installing malware, gaining access to networks, or stealing sensitive data.

Cybercrime Surges in Q3

young man with glasses sitting in front of his computer, programming. the code he is working on (CSS) can be seen through the screen.

PandaLabs Q3 Report indicates that incidences of cybercrime continue to increase, with 18 million new malware samples captured this quarter – more than 200,000 samples daily.

The Quarter at a Glance

Cybercrime continues to grow at an exponential rate, fuelled by the opportunity for large financial rewards.

Hackers have taken to developing new variants of successful Ransomware such as Locky, and the development of a model known as Ransomware-as-a-Service (RaaS), whereby developers create Ransomware for distributors, these distributors then target and infect victims – allowing both parties to achieve greater profits.

Another key development was the occurrence of DDoS attacks. Most natably that of Cyber Security journalist Brian Krebs. Krebs exposure of vDoS lead to the arrest of its key members and subsequently made Krebs’ site the target of a massive DDoS attack that saw Google step in to restore the site. As one of the largest attack of its kind, hackers leveraged IoT devices to send 620GB of data per second – at its peak – to the site.
graphs_cabecera-mediacenter
This quarter cyber-attacks targeted multiple gaming sites, gaining access to millions of users’ personal information. These attacks were largely launched using botnets composed of smartphones, and effected users of Overwatch, World of Warcraft and Diablo 3. Further attacks saw more than 3.5 million users exposed when Dota 2 and mobile game Clash of the Kings were targeted. These highlight just a few incidences in the Gaming world in the last 3 months.

The Banking sector remained a target for hackers as attacks on ATM’s, POS terminals and Bitcoin wallets continue to become more frequent and more advanced.

A Taiwanese ATM attack this quarter indicated just how advanced cybercriminals have become when they were able to hack the banks internal network and withdraw over R28 million without even touching the ATM itself.

Another big victim was Yahoo – one of the biggest attacks of its kind revealed this quarter indicated that 500 million user accounts had been comprised in a 2014 attack.

Finally, Q3 saw the largest Bitcoin robbery to date, when R 84 billion worth of Bitcoin was stolen by hackers.

View the full PandaLabs Q3 Report for more detail on specific attacks and find out how you can protect yourself and your business from the advanc

The post Cybercrime Surges in Q3 appeared first on CyberSafety.co.za.