Reading Time: ~2 min.
Hackers Breach Private Keys to Steal Cryptocurrency
A possible coding error allowed hackers to compromise at
least 732 unique,
improperly secured private keys used in the Ethereum blockchain. By
exploiting a vulnerability, hackers have successfully stolen 38,000 Ethereum
coins so far, translating to over $54 million in stolen funds, though the
current number is likely much higher. While uncommon, such attacks do show that
the industry’s security and key-generation standards have plenty of room for
improvement.
Prominent Malware Reverse Engineer Faces Jail Time
The malware researcher Marcus
Hutchins, who successfully reversed and stopped the WannaCry
ransomware attacks in 2017, is facing up to six years of jail time for prior
malware creation and distribution. Hutchins’ charges all tie back to his
involvement in the creation of Kronos, a widespread banking Trojan that’s caused
significant damage around the world.
Data Exposed for Thousands of Rehab Patients
Personally identifiable data belonging to nearly 145,000
patients of a Pennsylvania rehab facility have been found in a
publicly available database. After a Shodan search, researchers discovered the
database that contained roughly 4.9 million unique documents showing information
ranging from names and birthdays to specific medical services provided and
billing records, all of which could be used to to steal the identity of these thousands
of individuals.
Study Finds Password Security Still Lacking
After this year’s review of password
security it may come as no surprise that the top five passwords
still in use are simple and have remained at the top for some time. Using a
list generated from past data breaches, researchers found the password “123456”
was used over 23 million times, with similar variations rounding out the top five.
Several popular names, sports teams, and bands like blink182 and Metallica are
still in use for hundreds of thousands of accounts. While these passwords may
be easy to remember, they are exceedingly simple to guess. Stronger passwords should
include multiple words or numbers to increase the complexity.
Bodybuilding Site Breached through Phishing Campaign
The website bodybuilding.com has announced they were the
victim of a data breach stemming from an email
phishing campaign in July 2018 that could affect many of the site’s
clients. Fortunately, the site doesn’t store full payment card data, and the
data it does store is only stored at the customer’s request, leaving little
data for hackers to actually use. The site also forced a password reset for all
users issued a warning about suspicious emails coming from bodybuilding.com, noting
they may be part of another phishing campaign.
The post High Value Cryptocurrency Stolen by Hackers appeared first on Webroot Blog.