US arrests alleged 'Bitcoin Fog' boss, who is accused of laundering millions
U.S. federal agents on Tuesday arrested the alleged operator of Bitcoin Fog, a cryptocurrency-obfuscation service that the dark web's most notorious marketplaces have reportedly used to move tens of millions of dollars. Roman Sterlingov, a Russian-Swedish national, was arrested in Los Angeles and charged with money laundering for his alleged role as Bitcoin Fog's mastermind, according to court documents. READ MORE...
Experian API Exposed Credit Scores of Most Americans
Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau. READ MORE...
Etsy-owned musical instrument marketplace Reverb suffers data breach
The online musical instrument marketplace Reverb has suffered a data breach which has exposed the personal details of 5.6 million users. Security researcher Bob Diachenko, who has a long track record of uncovering databases left unsecured on the internet, came across an unsecured Elasticsearch server earlier this month which allowed anyone to access information about millions of Reverb's users - no password required. READ MORE...
DigitalOcean data breach exposes customer billing information
Cloud hosting provider DigitalOcean has disclosed a data breach after a flaw exposed customers' billing information. An email sent out to affected customers by DigitalOcean states that a "flaw" allowed an unauthorized user to access customers' billing details between April 9th, 2021, and April 22nd, 2021. "An unauthorized user gained access to some of your billing account details through a flaw that has been fixed. This exposure impacted a small percentage of our customers," reads the email sent to customers. READ MORE...
Chase Bank Phish Swims Past Exchange Email Protections
Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios. Researchers from Armorblox recently discovered the attacks, one of which claims to contain a credit card statement, while the other informs users that their online account access has been restricted due to unusual login activity, according to a post on the Armorblox blog posted Tuesday. READ MORE...
Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks
A phishing campaign, discovered by researchers at Cofense, is draping itself in a Microsoft Office SharePoint theme and successfully bypassing security email gateways (SEGs). In a post on Tuesday, the firm said that this is an example of why it's not always prudent to share documents via Microsoft's hugely popular, widely used SharePoint collaboration platform. READ MORE...
DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down
The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General (OAG) on a server controlled by the cybercriminal group. The move came after ransom negotiations between the two parties broke down following a ransomware attack earlier this month, on April 10. The leaked files include not only public information from court cases handled by the Illinois OAG, but also private documents that aren't a part of the public record. READ MORE...
New stealthy Linux malware used to backdoor systems for years
A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices. The backdoor, dubbed RotaJakiro by researchers at Qihoo 360's Network Security Research Lab (360 Netlab), remains undetected by VirusTotal's anti-malware engines, although a sample was first uploaded in 2018. READ MORE...
Google Chrome V8 Bug Allows Remote Code-Execution
Google's Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user's browser. The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as "insufficient data validation in V8" but is keeping other details close to its vest. READ MORE...
Michael Collins, who piloted the Apollo 11 command module, has died
Michael Collins-a two-time astronaut who piloted the command module during the historic Apollo 11 mission that landed the first humans on the Moon-died on Wednesday after battling cancer, his family said. He was 90 years old. "He spent his final days peacefully, with his family by his side," the family said in a statement. "Mike always faced the challenges of life with grace and humility, and faced this, his final challenge, in the same way. We will miss him terribly." READ MORE...
- ...in 1429, a military convoy led by Joan of Arc arrives in Orléans, France to relieve the six-month-long siege.
- ...in 1951, professional racing driver Dale Earnhardt is born in Kannapolis, NC.
- ...in 1970, actress Uma Thurman ("Kill Bill", "Dangerous Liasons") is born in Boston, MA.
- ...in 1980, English film director Alfred Hitchcock ("Psycho", "North by Northwest") dies in his home in Los Angeles, CA.
