Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks
Cryptocurrency security covers theft, fraud, ransomware payments, wallet compromise, and blockchain risks involving digital assets and transactions.
Search across headline titles and summaries.
Background for this topic.
Cryptocurrency is a digital asset secured by cryptography and recorded on a decentralized blockchain ledger. It enables peer-to-peer transactions without intermediaries, relying on consensus mechanisms like proof-of-work or proof-of-stake to validate and add transaction blocks. Users control funds through private keys, which are critical for accessing and transferring cryptocurrency.
From an information security perspective, protecting private keys is paramount, as their compromise leads to irreversible theft. Cryptocurrency exchanges and wallet software are frequent targets for hacking, requiring robust security controls and vulnerability management. Additionally, the pseudonymous nature of transactions can facilitate illicit activities, challenging efforts to trace funds and enforce compliance. Defenses include hardware wallets, multi-factor authentication, and secure key management practices to mitigate risks inherent in cryptocurrency operations.
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks
New scam identified by Check Point Threat Intelligence Blockchain system
Also: Kronos Loses $25 Million via API Breach; Regulators Charge KrakenThis week's cryptocurrency hack roundup features hackers stealing $87 million from Heco, Kronos reporting $25 million stolen via an API breach, regulators filing charges against Kraken, feds charging three people with stealing $10 million as well as seizing $9 million tied to a pig butchering scam.
Crypto funds are traced back to dozens of victims
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference.
Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret' The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "pig butchering" scams.…
Chief quits, pays own penalty after helping crooks launder cash, aiding sanctions evaders The world's largest cryptocurrency exchange just got a little smaller, with the US Department of Justice announcing Binance and its CEO Changpeng Zhao have both pleaded guilty to a multitude of financial crimes. As a result Binance will fork out $10 billion to Uncle Sam in fines and settlements.…
Cryptocurrency Platform Facilitated Sanctions Violations, Cyber Criminal ProceedsThe world's largest cryptocurrency exchange will withdraw from the U.S. market after now-former chief executive officer Changpeng Zhao pleaded guilty to felony money laundering charges in a U.S. court and the company agreed to pay $4.3 billion into federal coffers.
World's Largest Cryptocurrency Exchange Will Pay $4.3 BillionBinance Chief Executive Changpeng Zhao will plead guilty to violating anti-money laundering statutes in U.S. federal court in a settlement ending an investigation into illicit transactions at the world's largest cryptocurrency exchange. The company will pay $4.3 billion in fines and forfeiture.
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits
Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.