Someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users’ wallets.
The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from the official site didn’t match the hashes listed on it.
Following an immediate investigation, the Monero team today also confirmed that its website, GetMonero.com, was indeed compromised, potentially affecting users who downloaded the CLI wallet between Monday 18th 2:30 am UTC and 4:30 pm UTC.
At this moment, it’s unclear how attackers managed to compromise the Monero website and how many users have been affected and lost their digital funds.
According to an analysis of the malicious binaries done by security researcher BartBlaze, attackers modified legitimate binaries to inject a few new functions in the software that executes after a user opens or creates a new wallet.
Read more »
Researcher, Michał Bentkowski, of Securitum, recently discovered a surprisingly basic security flaw affecting Google’s implementation of the technology. The intention behind AMP4Email, called ‘dynamic email’ in Gmail, was to reduce tab-clutter and make viewing email more like viewing and interacting with web pages, by allowing, for example, filling out reservation forms or searching Pinterest from within an email.
For examples of what dynamic email looks like in Gmail, scroll through Google’s 2018 YouTube demo featuring AMP4Email examples taken from Doodle, Booking.com and Pinterest.
AMP4Email beats plain HTML hands down but from the start Google knew this could potentially open the door to a security wrangle – the more things an email can do, the more likely someone will abuse those capabilities maliciously.
That’s why dynamic email senders are required to use TLS encryption, as well as deploying email authentication using DKIM, SPF, and DMARC so not just anyone could spray users with empowered malicious spam. Read more »
A new keylogger called Phoenix that started selling on hacking forums over the summer has now been linked to more than 10,000 infections, researchers from Cybereason said today in a report.
Released in July on HackForums, the Phoenix Keylogger is a new threat that has slowly gained a following on the malware scene.
New malware distribution campaigns are being spotted every few weeks, according to threat intelligence shared on Twitter.
Read more »
Two critical security vulnerabilities discovered in Oracle’s E-Business Suite (EBS) could allow potential attackers to take full control over a company’s entire enterprise resource planning (ERP) solution.
“Over 21,000 global organizations use Oracle EBS for financial management, customer relationship management (CRM), supply chain management (SCM), human capital management (HCM), logistics, procurement and more,” according to Onapsis Research Labs.
Onapsis reported the issues to the Oracle Security Response Team in December 2018 and helped fix the vulnerabilities, with patches released as part of Oracle’s April 2019 Critical Patch Update Advisory.
Read more »