Connect with us

Security

QuickBit Exchange Had a Security Breach

M. Ali

Published

on

QuickBit the Swedish cryptocurrency exchange had a security breach that caused the leakage of some of it’s users details. QuickBit released a press release acknowledging the security incident that affected 2% of it’s customers. The leaked database includes it’s clients name, address, e-mails and truncated credit cards information.

QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools.

During the delivery period, a database has been exposed with information about name, address, e-mail address and truncated (not complete) card information for approximately 2% of QuickBit’s customers.

QuickBits technicians have immediately taken steps to ensure that all servers are protected behind firewalls, and prevent the possibility of similar incidents. We want to emphasize that the data that has been accessed cannot be used to harm either the Company or its customers.

Daily cryptocurrency trader, miner, technology enthusiast and a full time IT consultant.

Continue Reading
Comments

Security

Hackers Targeted Coinbase Employees

M. Ali

Published

on

By

Coinbase revealed that its employees were targeted by sophisticated hack attacks leveraging two Firefox 0-day vulnerabilities, spear phishing, and social engineering.

The attacks started on June 17, where Coinbase’s employees received emails from Gregory Harris, a Research Grants Administrator at the University of Cambridge contained a web link that, when opened in Firefox, would install malware capable of taking over someone’s machine. The attacks were detected and blocked by Coinbase’s security team.

The attackers seems to be highly skilled and experienced in writing exploit codes as they used unpublished Firefox 0-days, they hacked two Cambridge university email accounts, created created a landing page with exploit code at the University of Cambridge official domain and they could bypass Coinbase spam filters.

Coinbase team reached out to Cambridge University to assist in securing their infrastructure and to collect more information about the attacker’s behavior.

Coinbase is a cryptocurrency exchange headquartered in San Francisco, California. Coinbase is considered to be the largest cryptocurrency exchange in USA.

A screen shot from the emails that coinbase stuff received. Image credits to Coinbase

Continue Reading

Security

Smominru Malware Hijacked Half-Million PCs to To Mine Monero

M. Ali

Published

on

By

Over half million Windows based PCs have been infected with Smominru malware that installs a custom version of XMRig is to mine Monero. This was revealed in a recent report that was published recently by Carbon Black Security.

Smominru also steals information from vulnerable targets ( including external IP addresses, internal IP addresses, domain information, usernames and passwords) and send it over to a command and control server (C&C or C2) owned by Smominru’s operators. Access to the hacked systems are being sold on Dark Web at a rate of $6.75 each.

Smominru operators are using different techniques to infect machines. They mainly rely on the use of the EternalBlue (CVE-2017-0144) exploit, but they’ve also deployed EsteemAudit (CVE-2017-0176), both aimed at taking over machines running unpatched Windows OS.

Smominru is not a new malware, it has been around for almost three years now. Last year, Smominru made around $2.3 million for it’s operators (source).

Continue Reading

Exchanges

Binance’s Users KYC Data Reportedly Leaked Online

M. Ali

Published

on

By

It seems that some of Binance exchange’s KYC (Know Your Customer) documents have been hacked and leaked online including selfies of individuals holding up a piece of paper with the word Binance and the date the image was taken, there are literally thousands of KYC identities on a telegram group Find Your Binance KYC.

Some examples of the leaked documents were shared online by a Reddit user, faces and IDs censored for privacy of personal info.

Binances CEO tweeted right after the alleged data was shared online, asking users not to FUD.

Binance exchange issued a statement about the KYC leak stating that Binance was approached by unidentified individual who demanded 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data.

KYC means “Know Your Customer”. It is a process by which some cryptocurrency exchanges obtain information about the identity and address of the customers. This process helps to ensure that exchanges services are not misused. The KYC is required by large exchanges like Binance.

Continue Reading

Trending