#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Bitcoin | Breaking Cybersecurity News | The Hacker News

‘DarkLeaks’ Black Market — Anonymously Selling Secrets for Bitcoins

'DarkLeaks' Black Market — Anonymously Selling Secrets for Bitcoins

Feb 20, 2015
An all new anonymous online underground black market website, DarkLeaks , has been introduced on the Internet where Whistleblowers, blackmailers, hackers and any individual can trade/sell sensitive and valuable data/secrets anonymously in exchange for Bitcoin payments . DarkLeaks is a decentralized underground blackmarket which is built on top of the Bitcoin Blockchain technology and is available on the Internet to download as a free software package together with its source code published openly on code-sharing site Github . TRADE INFORMATION ANONYMOUSLY DarkLeaks underground black market website is masterminded by the members of crypto-anarchist collective System. " There is no identity, no central operator and no interaction between leaker and buyers, " the developers' statement says. " DarkLeaks is a decentralized black market where you can sell information ," according to the blog post about the new site. " It has a mechanism for trust-less authent
MegaNet — New Decentralized, Non-IP Based and Encrypted Network

MegaNet — New Decentralized, Non-IP Based and Encrypted Network

Feb 18, 2015
The Famous Internet entrepreneur and former hacker Kim Dotcom , who introduced legendary Megaupload and MEGA file sharing services to the World, has came up with another crazy idea — To start his very own Internet that uses the "blockchain". Just last month, Kim Dotcom, a German millionaire formerly known as Kim Schmitz , launched the public beta of its end-to-end encrypted video and audio chat service called " MegaChat ", which it says gives better protection than alternatives such as Skype and Google Hangouts. Now, his latest series of tweets referred to Kim Dotcom's supposed " MegaNet " which, he believes, would be immune to the global mass surveillance conducted by governments or corporations and would not be based on IP addresses. MegaNet would be a decentralized, non-IP based network in which the blockchain used by Bitcoin will play an " important role ". Decentralizing the Internet means to take the power of the Web
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
 $1.75 Million in Bitcoin Stolen from Chinese BTER Bitcoin Exchange

$1.75 Million in Bitcoin Stolen from Chinese BTER Bitcoin Exchange

Feb 16, 2015
The most popular Chinese Bitcoin exchange BTER announced that it has been hacked on Valentine's Day and lost more than £1.1 Million-worth ($1.75 Million; one BTC is about $270) of the digital currency. The Bitcoin Exchange hasn't revealed more details about suspects behind the breach or how the cold wallets were compromised, except that 7,170 Bitcoin cryptocurrency was stolen from the company's " cold wallets ," a way of storing the digital currency offline. " All wallets have been shut down and withdrawals of unaffected coins will be arranged later, " the official website of BTER Bitcoin exchange states. Internet sleuths are already on the hunt to trace the missing Bitcoin. Because of the way the digital currency works, it is possible to trace any transaction or funds easily by using public available service, called " blockchain ." According to the announcement, the stolen Bitcoin cryptocurrencies were broadcast through the trans
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Silk Road founder Ross Ulbricht Convicted of All 7 Charges; Faces Life In Prison

Silk Road founder Ross Ulbricht Convicted of All 7 Charges; Faces Life In Prison

Feb 04, 2015
A jury has found Silk Road founder Ross Ulbricht  a.k.a Dread Pirate Roberts  guilty on all seven counts and faces Life In Prison for running an underground black market i.e.  Silk Road . Ross Ulbricht, a San Francisco 30-year-old web developer was arrested by FBI in a sting operation in October 2013 accusing him of being the criminal mastermind running Silk Road, where hundreds of millions of dollars in illegal goods were traded. Ross Ulbricht had claimed that he had built Silk Road, but he was not the site's notorious ringleader " Dread Pirate Roberts. " The trial went on for just over three weeks and today the jury of six men and six women charged Ross Ulbricht with seven counts including money laundering, drug trafficking and computer hacking among other things. " The supposed anonymity of the dark web is not a protective shield from arrest and prosecution ," according to Manhattan U.S. Attorney Preet Bharara in a statement after the verdict. Prose
New Cryptowall 3.0 Ransomware Communicates over I2P Anonymous Network

New Cryptowall 3.0 Ransomware Communicates over I2P Anonymous Network

Jan 15, 2015
We have seen a series of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware last year, we saw more subtle in design, including " Cryptolocker " that was taken down along with the " Gameover ZeuS " botnet last June. As a result, another improved ransomware packages have sprung up to replace it — CryptoWall . Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Since last year, criminals have generated an estimated US$1 million profits. Now, the infamous Cryptowall ransomware is back with the newest and improved version of the file-encrypting ransomware program, which has been spotted compromising victims by researchers early this week, security research
Silk Road Reloaded Switches from Tor to I2P Anonymous Network

Silk Road Reloaded Switches from Tor to I2P Anonymous Network

Jan 13, 2015
Multiple successors of the original Silk Road have come and all have been taken offline in recent years, but aside from selling illegal goods and services, they all have had one thing in common – they've all relied on the Tor network. A new version of the anonymous online black market Silk Road, has re-appeared on the dark web, but this time the website doesn't rely on the now infamous Tor network and neither it deals in only Bitcoins. The new version of the notorious online black market, dubbed " Silk Road Reload​ed ", launched Sunday on the little-known " I2P " anonymous network, dealing with a range of cryptocurrencies including the meme-inspired Dogecoin. In short, apart from the name, there is no connection between the original Silk Road website and the newly launched Silk Road Reloaded . Silk Road Reloaded is only accessible by downloading the special software called I2P (Invisible Internet Project) , or by configuring your systems
Bitstamp Bitcoin Exchange Hacked, $5 Million Stolen in Hack Attack

Bitstamp Bitcoin Exchange Hacked, $5 Million Stolen in Hack Attack

Jan 06, 2015
One of the biggest, reliable and most trusted Bitcoin exchange — Bitstamp — on Monday announced that it has been a target of a hacking attack, which lead to the theft of " less than 19,000 BTC" (worth about $5 million in virtual currency; one BTC is about $270). Bitstamp issued a statement on its official website in which the company warned its users not to deposit any Bitcoin to previously issued addresses, so as to prevent further losses. While the investigation is going on, the company has frozen its user accounts, blocked deposits as well as other transactions and suspended the trading business. After the Slovenian-based Bitcoin exchange suspected the security breach over the weekend that compromised one of Bitstamp's operational and active bitcoin storage wallets, the exchange suspended its service for the time being. The company reassured its users that the security breach only affected its " operational wallet ," i.e. only " a small fr
Hacker Hijacks ISP Networks to steal $83,000 from Bitcoin Mining pools

Hacker Hijacks ISP Networks to steal $83,000 from Bitcoin Mining pools

Aug 08, 2014
Till now, he have heard about " Bitcoin digital wallet hacked " or " Bitcoin website hacked ", but now a hacker has stolen cryptocurrency from mining pools and generated $83,000 in digital cash in more than four months by gaining access to a Canadian Internet provider. Bitcoin is a virtual currency that makes use of cryptography to create and transfer bitcoins. Users make use of digital wallets to store bitcoin addresses from which bitcoins are received or sent. Bitcoin uses public-key cryptography so that each address is associated with a pair of mathematically linked public and private keys that are held in the wallet. Researchers at Dell SecureWorks Counter Threat Unit (CTU) , a cyber intelligence company, have discovered a series of malicious activities in which a cryptocurrency thief used bogus Border Gateway Protocol ( BGP ) broadcasts to hijack networks belonging to no less than 19 Internet service providers, including Amazon and other hosting services like DigitalO
Facebook Takes Down Bitcoin Stealing Botnet that Infected 250,000 Computers

Facebook Takes Down Bitcoin Stealing Botnet that Infected 250,000 Computers

Jul 09, 2014
Once again Facebook is on The Hacker News ! This time not for any scam or surveillance, but for a different reason.  The social networking giant has managed to take down a Greek botnet that used Facebook to spread malware and infected 250,000 computers to mine crypto-currencies, steal bitcoins, email passwords and banking details. Facebook is always one of the favourite weapon of cyber criminals, cyber thieves and scammers due to its popularity among other social media platforms. This social networking platform, with more than one billion active users, provides special opportunities for people to connect and share information, as well as also serves a great platform for malware developers and scammers. The botnet, dubbed as Lecpetex , was around from December 2013 to last month and compromised around 50,000 Facebook accounts at its peak, under which users would receive spam Facebook messages that would typically like "lol" with a zip archive attachment . O
Ancient 'STONED' Virus Signatures found in Bitcoin Blockchain

Ancient 'STONED' Virus Signatures found in Bitcoin Blockchain

May 19, 2014
If you are dealing in cryptocurrency Bitcoin and have Microsoft's Security Essentials (MSE) installed on your system, then you could be infected by a virus called " DOS/STONED " from the Bitcoin BlockChain. With a number of high-profile cases of fraud, theft, and technical incompetence against the bitcoins, it seems like cyber criminals are looking to scam unsuspecting customers. Blockchain is Bitcoin's most popular bitcoin wallet and block explorer. It is a central part of the Bitcoin system that includes a log file in which all bitcoin transactions are recorded. It stores the wallet data in encrypted form and runs on privately owned dedicated hardware. In an discussion on the Microsoft discussion boards, a user go by the name ' edc678 ' claimed that  Microsoft's Security Essentials  is showing alerts of the signature of the STONED virus in the Bitcoin BlockChain, which could only allow an attacker to write small chunk of text to accomp
Silk Road Dealer Plead Guilty For Selling Illegal Drugs for Bitcoins

Silk Road Dealer Plead Guilty For Selling Illegal Drugs for Bitcoins

Apr 26, 2014
Last October, the ' Silk Road ' story broke when its owner Ross William Ulbricht , a 29-year-old who allegedly created and managed the Silk Road underground website, was arrested by the Federal Bureau of Investigation (FBI). The police seized the website that was considered one of the most popular Underground places on the Internet for buying drugs and other illicit goods and services. Just some days after the Shutdown of Silk Road , Authorities in Britain, Sweden, and the United States arrested eight more vendors who dedicatedly used to sell illegal drugs on Silk Road. Yesterday, Cornelis Jan Slomp , a 22-year old Dutch man who allegedly used the Silk Road underground black market website to sell illegal drugs for bitcoins worth millions of dollars has agreed to plead guilty in Chicago federal court to federal drug conspiracy charge filed against him, according to a statement issued by U.S. Attorney Zachary T. Fardon in Chicago and Slomp's lawyer. FBI CASHING OUT  SEI
Android Bitcoin-Mining Malware found on Google Play Store

Android Bitcoin-Mining Malware found on Google Play Store

Apr 25, 2014
Google always bound to face trouble over the wide and open nature of its app checking policies on Google Play Store, and despite so many security measures, the search engine giant mostly fails to recognize the Android malware that are lurking around its Google Play store in vast numbers. Recently, Google had offered users refund and additional credit of $5 for the bogus antivirus app ' Virus Sheild ' that potentially defrauded more than 10,000 Android users who have downloaded the app from the Google play store. The step taken by Google is really appreciated, as the refunding cost Google around $269,000. Now, it has been found that a number of malicious Android apps on the Google Play store secretly turn users' android devices into small rigs contributing to a large-scale crypto currency mining operation. CRYPTO MINER IN ANDROID APP Security researchers from an anti-malware firm Lookout have identified various malware apps at Google Play Store, which they dub
Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets

Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets

Apr 25, 2014
Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently. The malicious Chrome browser extension dubbed as ' Cryptsy Dogecoin (DOGE) Live Ticker ' which is available on Chrome Web store for free downloads and developed by " TheTrollBox " account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions. HOW CHROME EXTENSION STEALS CRYPTOCURRENCY It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users' web activity and looks for those users who go to Cryptocurrency exchange sites s
Dumb Ransomware Developer leaves Decryption Keys on Infected Computers

Dumb Ransomware Developer leaves Decryption Keys on Infected Computers

Apr 02, 2014
So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers' code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems. Believe me, it's not an April Fools' joke! A malicious software program that holds the victims' computer files hostage by wrapping them with strong encryption until the victim pays a ransom fee to get them decrypted, has a critical flaw in its malware code itself that it leaves the decryption key on the victim's computer. The Anti-virus firm Symantec examined a sophisticated malware program dubbed as CryptoDefense (Trojan.Cryptodefense) ransomware , which appeared in the end of the last month. CryptoDefense is one of the complex malware programs that include a number of effective techniques, including Tor anonymity tool usage and Bitcoin digital currency to extort money from victims. Cryp
Android Malware found on Google Play Store mines Cryptocurrencies

Android Malware found on Google Play Store mines Cryptocurrencies

Mar 28, 2014
Cyber criminals are more business-minded than you might expect. As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts. Security researchers at Lookout Mobile Security discovered that various apps uploaded to Google Play Store containing hidden Coinkrypt android malware, that can turn your mobile device into crypto-currency miners. As we know, coin mining is the key component for digital currencies, so the malware uses a botnet of infected Android Smartphones to mine for currency. Such malware does not steal data. Instead, they are capable of mining Bitcoin , Litecoin and Dogecoin using the victim's device. " Mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out. " researchers said. The Antivirus firm Trend Micro also spotted two apps named - ' Song
Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Mar 20, 2014
Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices. A Linux worm named Linux . Darlloz , earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin. Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year. Linux . Darlloz worm exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate and is capable to infect devices those run Linux on Intel's x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL. The latest variant of Linux . Darlloz equipped with an open source crypto currency mining tool called ' cpuminer ', could be use
MtGox Hacker tricks people to install Bitcoin Stealer

MtGox Hacker tricks people to install Bitcoin Stealer

Mar 15, 2014
This News will blow everyone's mind! If you are a bitcoins holder then you might be aware of  MtGox , Once the World's biggest Bitcoin exchange .  MtGox  filed for bankruptcy last month after saying it lost some 8,50,000 Bitcoins to hackers and suddenly went dark with no explanations. A few days ago, some unknown hacker breached into the personal blog and Reddit account of MTgox CEO,  Mark Karpeles  to level charges of fraud. But, Hackers are very clever to avail every eventuality they get. After compromising the MtGox CEO's blog, the hacker posted a 716MB ZIP file, MtGox2014Leak.zip , which contains the data dump and specialized software tools for remote access to MtGox data, but these software tools turned out to be a Bitcoin wallet stealing malware , according to the research carried out by the Kaspersky Lab Expert , Sergey Lozhkin. The application was actually a malware, which was created to search and steal Bitcoin wallet files from the victims' computer.
Cybersecurity Resources