Non-Fungible Tokens | Breaking Cybersecurity News | The Hacker News

The U.S. Federal Bureau of Investigation (FBI) is warning about cyber crooks masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off. "Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project," the FBI  said  in an advisory last week. The replica websites urge potential targets to connect their cryptocurrency wallets and purchase the NFT, only for the threat actors to siphon the funds and NFTs to wallets under their control. "Contents stolen from victims' wallets are often processed through a ser...

Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a  phishing attack  against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs , short for non-fungible tokens, are digital tokens that act like certificates of authenticity for, and in some cases represent ownership of, assets that range from expensive illustrations to collectibles and physical goods. The opportunistic social engineering scam  swindled the users  by using the same email from OpenSea notifying users about the upgrade, with the copycat email redirecting the victims to a lookalike webpage, prompting them to sign a seemingly legitimate transaction, only to steal all the NFTs in one go. "By signing the transaction, an atomicMatch_ request would be sent to the attacker contract," Check Point researchers  explained . "From there, the atomicMatch_ would be forwarded to the OpenSea contract," leadi...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...