DISC InfoSec blog

Another day, another De-Fi (decentralised finance) attack. This time, online smart contract company Harmony, which pitches itself as an “open and fast blockchain”, has been robbed of more than $80,000,000’s worth of Ether cryptocoins. Surprisingly (or unsurprisingly, depending on your point of view), if visit Harmony’s website, you’ll probably end up totally unware of the massive […]

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Data stolen from this kind of malware includes private keys, seed phrases, and […]

DeFi: A Planet-Burning Ponzi Scheme What’s the craic, you ask? Andrew Asmakov answers—“Crypto.com Suffers Hack for At Least $15M”: “Definitely worse”The platform has yet to confirm that it has indeed been attacked [but] Crypto.com announced it was pausing withdrawals after “a small number of users experienced unauthorized activity in their accounts.” … A household name in […]

North Korea-linked threat actors are behind some of the largest cyberattacks against cryptocurrency exchanges. North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges. According to South Korean media outlet Chosun, North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple […]

US Treasury says there was $590M in suspicious ransomware activity in H1 2021, exceeding the entire amount in 2020, when $416M was reported  —  Suspicious activity reports related to ransomware jumped significantly in 2021, according to the U.S. Treasury Department’s Financial Crimes Enforcement Network. There was $590 million in suspicious activity related to ransomware in […]

The pandemic, as well as users’ personal preferences, have helped enable the rapid emergence of digital payment applications and digital wallets, which compete with credit cards and cash as preferred payment options. The growing popularity of digital wallets such as Google Pay, Samsung Pay and Apple Pay is making them a bigger target for malicious […]

You must have had that happy feeling (happiest of all when it’s still a day or two to payday and you know that your balance is paper-thin) when you’re withdrawing money from a cash machine and, even though you’re still nervously watching the ATM screen telling you that your request is being processed, you hear […]

Remember Mt. Gox? Sure you do! Although it’s usually said aloud as “Mount Gox”, as if it were a topographic feature, it actually started life as MTGOX, short for Magic: The Gathering Online Exchange, where MTG fans could trade cards via the internet. The web domain was eventually repurposed for what was, back in 2014, the […]

If there is any moral to this, it’s one that all of my blog readers should already know: trust is essential to security. And the number of people you need to trust is larger than you might originally think. For an app to be secure, you need to trust the hardware, the operating system, the […]

Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day vulnerability, tracked as CVE-2021-24370, in the Fancy Product Designer WordPress plugin is actively exploited in the wild. Fancy Product Designer is a premium plugin that allows customers to design and customize any kind of product in their online stores, it is […]

Microsoft announced that Microsoft Defender for Endpoint, its commercial version of Windows 10 Defender antivirus, implements a new mechanism that leverages Intel’s Threat Detection Technology (TDT) to block cryptojacking malware using Cryptojacking malware allows threat actors to secretly mine for cryptocurrency abusing computational resources of the infected devices. The Intel TDT technology allows sharing heuristics and telemetry with […]

Cryptocurrencies are a topic that touches many areas; not only finance and investing but technology and even political arenas. Although apolitical in itself, it is the structure behind these cryptocurrencies that make them a much talked about subject amongst political purists from across the political spectrum. This structure can be boiled down to the following; think of […]

Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Such kind of attacks was reported at least since the end of 2020, when some software developers reported the malicious activity on their repositories. “I was attacked by a github user that crafted a […]

Since cryptocurrency transactions are virtually anonymous, cybercriminals use them in dark markets for illicit trading. Through ransomware attacks like WannaCry, Petya, Locky, and Cerber, hackers receive a lot of money. Moreover, we learn about cryptocurrency trading hack every so often, wherein attackers steal thousands of dollars in Bitcoin. But how they cash out or convert stolen […]

Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched network-attached storage (NAS) devices. via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507) Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the vendor in October 2020. The flaws affect QNAP […]

Let us start with a scenario. Whenever there is an election, we always hear the rumor that there is rigging in the election. In the end, the result is either re-election or a recount of the votes. This whole process is a waste of time and money. If we cannot believe this system the first […]

Nvidia, the graphics chip company that wants to buy ARM, made a unusual announcement last week. The company is about to launch its latest GeForce GPU (graphics processing unit) chip, the RTX 3060, and wants its users know that the chip is “tailored to meet the needs of gamers and those who create digital experiences.” Nvidia says: Our […]

More than 30 major Japanese firms will begin experiments next year towards issuing a common, private digital currency to promote digitalisation in one of the world’s most cash-loving countries, the group’s organising body said on Thursday. Source: Japan Inc to begin experiments issuing digital yen Japan experimenting with digital yen!

Hackers can now reverse-engineer updates or write their own custom firmware. Source: In a first, researchers extract secret key used to encrypt Intel CPU code