OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Cybercriminals exploited bugs in the world’s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users. Users of OpenSea, the world’s largest digital-collectible marketplace, have found…

Twitch Leak Included Emails, Passwords in Clear Text: Researcher

A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees’ emails; and more. Twitch users, if you haven’t…

Twitch Leak Included Emails, Passwords in Clear Text: Researcher

A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees’ emails; and more. Twitch users, if you haven’t…

4 Key Questions for Zero-Trust Success

Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust. Historically, securing remote access was primarily done using VPNs. However, as enterprises have begun…

Twitch Gets Gutted: All Source Code Leaked

An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch’s source code, comments going back to its inception and more. An attacker claims…

How to Build an Incident-Response Plan, Before Security Disaster Strikes

Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack. In a startling discovery, a recent report found that…

Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please

The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users – then threatened to dox the recipients. Compound, an Ethereum-based decentralized finance…

Tips & Tricks for Unmasking Ghoulish API Behavior

Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity. I was analyzing one of my customer’s API traffic…

SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware

Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. Researchers have discovered a campaign delivering a previously unknown backdoor…

Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others. Cybercriminals are using Telegram bots to steal one-time password tokens (OTPs)…