Search This Blog

Showing posts with label 000. Show all posts

Sussex-Based Couple Loses £15,000 to Scammers


Loreta and Mindaugas from Horsham, Sussex, were lured in a fake bonus offer from a fraudster who seemed to be working for Coinbase Platform - shortly before the site was listed as a public company.

Mindaugas, an executive at a UK-based company, received an email on March 24, 2021, that purportedly came from Coinbase, claiming that he was eligible for a bonus on Coinbase. The victim tried to claim a £60 bonus supposedly offered by Coinbase and in just nine minutes, £ 15,000 were deducted from the couple’s crypto savings. 

“At first, we thought it might be some kind of mistake or a glitch. But since their knowledge base had no option that covered any bugs or glitches, we decided to inform Coinbase that my husband’s account has been compromised. But all we got back was a password reset request,” Loreta said. 

Coinbase is a popular stock trading website used for buying and selling Cryptocurrency with over 56 million users and worth $ 99.6 billion. 

Double Fraud

Shortly after changing his account password, Mindaugas received a second call from the supposed Coinbase support agent. The scammer told him that Coinbase was answering to the open support ticket concerning his compromised account and promptly began to question Mindaugas about the cyber fraud. 

After finishing the interrogation, the scammer offered Mindaugas two options.“Either we call the police, in which case there is no guarantee that we’ll ever get our money back, or they give us a refund without getting involved with the authorities. My husband was still in shock and rather disoriented, so at that moment, he agreed to proceed with the second option,” Loreta told CyberNews. 

“He said 'we see that you have an account at Binance and since Coinbase and Binance are sister companies' - and that’s when I saw he was trying to dupe us. Next thing I hear; he’s telling us to prove our identity either by transferring £5,000 from our Binance account to Coinbase or by giving them our Binance authentication code so that they can transfer the missing £15,000 to my husband’s Binance account" Loreta explained.

After spotting suspicious activity, Mindaugas and Loreta declined to trade and reported the fraud to the police. However, his case was promptly closed due to a ‘lack of evidence’. They also contacted Coinbase for help but they've had no response. 

"We’re still waiting for an answer. And since 'only' £15,000 was stolen, we’re not very hopeful that the police will do anything about it," Loreta said. 

The Cyber News investigation team began investigating the fraud after the couple contacted them for help. Researchers have identified that cryptocurrencies have been cleaned in an elaborate way Wallet network. This effectively makes stolen funds “untraceable” and helps scammers to prevent them from being caught. 

“Due to the anonymity of the crypto market, scams targeting the general public tend to be barely visible. In fact, phishing attacks are becoming more sophisticated, making it increasingly difficult to identify fake messages that appear to come from trusted people or brands. Companies like Coinbase need to be responsible for keeping their customers as safe as possible,” Edvardas Mikalauskas, Senior Researcher at Cyber News, stated. 

“They need to implement strict controls in detecting and blocking malicious or anomalous activity before criminals have the opportunity to steal cryptocurrencies. CyberNews always previews URLs before clicking links or buttons, pays attention to messages sent to your inbox, and tells consumers to use unique passwords and multi-factor authentication for their online accounts, and warned that the embedded link is a “serious danger signal,” Edvardas added.

GitHub Awards $25,000 Bug Bounty to the Google Employee


GitHub awarded $25,000 to the security researcher, Teddy Katz for discovering a bug and patching it. On March 17, bug bounty hunter and Google employee Teddy Katz published a note regarding a GitHub flaw discovered in the communication system between repositories and the organization’s workflow automation software, GitHub actions.

The security flaw was tracked as CVE-2022-22862 and was reported as an improper access control susceptibility that “allowed an authenticated user with the ability to fork a repository to disclose Action secrets for the parent repository of the fork.”

Katz identified the working method of GitHub and how it manages to pull requests. Every single pull request is meant to have a base branch, and this is often the main branch of a repository. Pull request designers can lay the base branch pointer. However, the bug bounty hunter recognized that it was possible to set branches to commits, and while this ended in errors due to merge conflicts, GitHub Actions converted the bug into something more dangerous. 

GitHub executes merge pull request stimulations to stop pull request creators from accessing repository secrets. According to Katz, this “breaks the GitHub actions permission model” and evades Actions secrets restrictions.

“Since the base branch is part of the base repository itself and not part of a fork, workflows triggered by pull_request_target are trusted and run with access to secrets. We just created a pull request where the base branch is a commit hash, not a branch. And anyone can create a new commit hash in the base repository since GitHub shares commits between forks,” Katz explained. 

An attacker could split public repositories that use GitHub Actions, design a pull request, and then set a malicious Actions workflow and separately commit to a fork – gaining access to repository secrets in the process.

“It would be difficult to conceal the malware for long – the malicious package would almost certainly be unpublished in a matter of hours or days depending on how fast the maintainers/npm security team were able to respond. Once it was exploited like this, the underlying GitHub vulnerability would probably have been noticed and fixed as well,” Katz stated.

Private Information of 50,000 French Healthcare Workers Stolen


French authorities unearthed a glut of stolen credentials on the dark web, apparently belonging to the healthcare workers. The authorities have alerted the healthcare department and advised them to remain vigilant. In recent weeks, threat actors have attacked several French hospitals – including hospitals in Dax and Villefranche-sur-Saone.

The French Ministry of Social Affairs and Health issued an alert this week stating, France Computer Emergency Response Team notified our department regarding the sale of a list of 50,000 user accounts on a cybercriminal platform which includes login/password credentials apparently belonging to French healthcare workers. 

The alert notes that “it is difficult to accurately describe the origin of this leak, but the impact that the use of login/agent password couples can have on the security of institutions’ information systems is more easily valuable. That includes attempts to connect to remote means of access, such as Outlook web access and VPN. Once the connection is successful, attackers can use all the resources allocated to the compromised account to break into the information system.”

The French health ministry also admitted that several healthcare facilities in the nation have been attacked by malware involving Emotet, TrickBot, and Ryuk and while explaining the same, it said that “particular attention should be paid to this because these three malwares are used in complex chains of attacks that have a strong impact on the activity of victims. Scan campaigns from the infrastructure of the TA505 (Clop ransomware activity cluster) and UNC1878 (Ryuk ransomware activity cluster) targeting health facilities were also reported.”

Mutuelle Nationale des Hospitaliers (MNH), the latest victim of a ransomware attack stated, “we spotted an intrusion into our data system on February 5 and our cybersecurity team quickly determined the potency of the cyber-attack. The computer systems were taken offline to negate the spread of the virus and to shield the personal information of our members, staff, and our partners.”

Threat actors are using the same tactics of attacking the healthcare department in France and other nations as well. For instance, last week in South Korea threat actors attempted to steal Covid-19 vaccine and treatment data from pharmaceutical maker Pfizer.

Bitcoin Slips 17% to $45,000 as Caution Sweeps Over Crypto


Bitcoin, the world’s largest cryptocurrency slumped as much as 17 percent to $45,000 on Tuesday, sparking concerns from investors over the cryptocurrency’s sky-high valuations and its volatility in an unpredictable market. The cryptocurrency traded 13% lower, at $47,608.24, as of 11:45 p.m. in New York.

The value of the cryptocurrency has soared in 2021, with the price more than doubling this year to reach a record $58,350.41. Elon Musk, CEO of Tesla invested $1.5 billion in cryptocurrency this month and helped bitcoin to reach its market value above $50,000 but this investment may now lead to pressure on Tesla’s stock price as it has become sensitive to movements in bitcoin.

Craig Erlam, senior market analyst at OANDA stated that “the kind of rallies we’ve been seeing aren’t sustainable and just invite pullbacks like this.” Ether, the world’s second-largest cryptocurrency by market capitalization also slumped more than 17% and last bought $1,461, down almost 30% from last week’s record high.

As per the reports of CoinDesk, last week bitcoin hit $1 trillion in market value for the first time in the history - though it has now slumped below $900 billion. It’s marked value surged up from the news of Wall Street bank and the investment of large firms like Mastercard and Tesla. According to an online tool from the researchers at Cambridge University, bitcoin’s network consumes more electricity than Pakistan and it has a negative impact on the environment as well.

Meanwhile, Sumit Gupta, Co-Founder & CEO of CoinDCX said that “after reaching an all-time high of $58,000, Bitcoin saw a price correction today. This was expected as markets go through such correction cycles. However, the market showed signs of recovery after falling nearly 17%. Investments in Bitcoin, like any other asset, should be from a long-term perspective as the fundamentals are still going strong. Hence it is advised that investors buy the dips and hold with a long-term perspective.”