US Treasury to offer free cybersecurity intelligence to crypto firms
The U.S.
Financial
20 articles
Android Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
Android banking trojan linked to Cambodia scam compounds uses forced labour to target users in 21 countries, bypassing security to steal funds.
EngageLab SDK bug threatened expansive Android crypto wallet compromise
Popular third-party Android software development kit EngageLab SDK has been impacted by an already addressed intent redirection flaw, which could have been e...
High-value crypto asset theft sought by novel notnullOSX macOS malware
Attacks with the nascent notnullOSX malware for macOS have been targeting cryptocurrency wallets containing over $10,000 in Taiwan, Vietnam, and Spain as par...
Advanced STX RAT sets sights on financial services industry
Advanced STX RAT sets sights on financial services industry Infosecurity Magazine reports that highly sophisticated tactics have been employed to covertly de...
Chrome 146 introduces device bound session credentials to combat info-stealing malware
DBSC works by cryptographically linking a user's session to their hardware, utilizing the Trusted Platform Module (TPM) on Windows.
Global crypto scam disrupted, $12 million recovered in Operation Atlantic
The week-long initiative, named Operation Atlantic, was a joint effort involving the US Secret Service, the UK National Crime Agency, and Canadian police for...
Senator launches inquiry into 8 tech giants for failures to adequately report CSAM
The inquiry follows reports from the National Center for Missing and Exploited Children (NCMEC) that allege the tech giants are deficient in their reporting ...
Bessent, Powell met privately with top bankers over impact of Claude Mythos on cybersecurity
Security pros say companies that spend less money than most large banks on cyber should take this as a warning to get moving.
‘It reads like a spy novel’: $280 million theft from Drift involved North Korean fake companies, cutouts
Drift officials said the operation began six months ago, when they were approached at a cryptocurrency conference by members of a company claiming to focus o...
Zephyr Energy loses £700,000 in payment fraud attack
The incident, disclosed in a regulatory filing, involved a business email compromise attack where cybercriminals likely infiltrated email or accounting syste...
Cryptographers bet on quantum computing's impact on encryption
This bet stems from the ongoing debate about when quantum computers will become powerful enough to decrypt data secured by legacy algorithms, a threat that t...
Storm-2755 Uses AiTM Hijacking to Divert Employee Salaries
Hackers are abusing adversary-in-the-middle (AiTM) session hijacking to steal employee salaries in a new “payroll pirate” campaign tracked by Microsoft as St...
EngageSDK Vulnerability puts millions of crypto wallets at risk
A newly disclosed vulnerability in the widely used Android library EngageSDK has raised serious concerns across the cryptocurrency ecosystem, potentially exp...
Capability-centric governance redefines access control for legacy systems
Govern business actions — not entitlements — to reduce risk and improve access control on z/OS and IBM i.
Microsoft: Canadian employees targeted in payroll pirate attacks
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate a...
Poisoned “Office 365” search results lead to stolen paychecks
A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into ...
Why most zero-trust architectures fail at the traffic layer
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access pol...
EngageLab SDK flaw opens door to private data on 50M Android devices
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft resear...
Apiiro CLI turns AI coding assistants into full-stack security engineers
The Apiiro CLI brings the Apiiro platform to your terminal and to your AI coding assistants, giving them six native security capabilities: scanning, risk man...