Andre Cronje, the creator of Yearn.Finance, has recently made security audits of his project publicly available. He explained to Cointelegraph that he had been previously withholding these audits, which were completed months ago, so as to not give users a false sense of security: I always refused to publish the audits because I don't want people to get a false sense of security because of them. Yesterday, Cronje published five audits on the project's GitHub repository. The audits were performed between February and July by leading auditors, such as Certik and Quantstamp. Some of the vulnerabilities that were discovered are …

Ethereum Classic (ETC) accelerator Ethereum Classic Labs announced a plan to protect the blockchain from further attacks. On Aug. 19 the organization proposed taking immediate action in implementing long-term changes to the network architecture over the next three to six months. The accelerator decided to focus their efforts on improving the network’s security after recent attacks on the blockchain. The immediate measures proposed by Ethereum Classic Labs include a “defensive mining” cooperation with mining pools and miners to maintain a consistent hashrate and gain the ability to increase it when needed. A higher hashrate would render a 51% attack against …

According to a study published by Guardicore Labs, a malware botnet known as FritzFrog has been deployed to ten millions of IP addresses. The malware has largely targeted governmental offices, educational institutions, medical centers, banks, and telecommunication companies, installing a Monero (XMR) mining app known as XMRig. Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers. That’s where an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. After it gets in it proceeds to run a separate process named “libexec” to execute XMRig. “It has successfully …

Ransomware gang REvil, known also as Sodinokibi, claims to have mounted a successful attack against the U.S. wine and spirits giant, Brown-Forman Corp — but the company claims otherwise. The company is the official manufacturer of Jack Daniels whiskey. According to cybersecurity services provider, AppGate, the famous alcoholic beverages manufacturer did fall victim to an attack but refused to pay the ransom demanded by REvil. However, Brown-Forman Corp told Infosecurity-Magazine in a statement they had successfully prevented cybercriminals from encrypting its files. This does not necessarily mean the gang’s claim to have compromised the internal network and stolen sensitive data …

The Tokyo District Court has issued Japan’s first ever crypto seizure. $46,000 worth of Bitcoin (BTC) was expropriated in relation to a hack suffered by the Coincheck exchange in 2018. Kyodo reported that police have already seized the BTC, which was held by a doctor from Hokkaido and an executive from the Osaka Prefecture. The two men were arrested in connection with the hack. They are accused of knowingly purchasing the stolen NEM (XEM) through a dark web market, violating organized crime laws in the country. As Cointelegraph reported in January 2018, Coincheck suffered a record-breaking hack when $534 million …

A report unveiled by the U.S. Army reveals that North Korea now has more than 6,000 hackers stationed in countries such as Belarus, China, India, Malaysia, Russia, among others. The operations of four sub divisions are overseen by Bureau 121, the cyber warfare guidance unit of the hermit nation. The report, named North Korean Tactics, suggests the hackers do not exclusively launch cyberattacks from North Korea itself, as the country lacks the IT infrastructure to deploy the massive campaigns. Financial crimes division The “financial crime division” called the Bluenoroff Group has around 1,700 members and is dedicated to crypto crimes …

The now notorious project, Yam.Finance, was launched without a proper code audit just like many other projects in the space. Richard Ma, the CEO of blockchain security company Quantstamp, told Cointelegrpah that many DeFi projects are launched unaudited in order to capitalize on reverse psychology: “Not having an audit is currently seen as a good way to use reverse-psychology to do marketing.” He added, “It creates the perception that these projects are so in-demand, and that you're getting in on it at the ground floor, before other people have heard of it.” According to Ma, many popular projects like Yearn …

Avaddon, a new ransomware-as-a-service, or RaaS, protocol, is the latest to jump on the crypto extortion bandwagon. Similar to ransomware from groups like Maze and REvil, the Avaddon project offers revenue-sharing for users who successfully deploy the software on unsuspecting victims. According to research by the cyber intelligence firm, DomainTools, RaaS development allows hackers to focus their efforts on malware development, rather than finding new places to deploy their attacks. Developers instead rely on third-party individuals who are looking to generate income by launching their own ransomware campaigns. Speaking with Cointelegraph, Tarik Saleh, senior security engineer and malware researcher at …

Facial recognition can help prevent future Bitcoin (BTC) scams like those that hit Twitter and YouTube, said Rod Hsu, president and co-founder of virtual currency platform Coincurve. During an interview with Cointelegraph, Hsu said Bitcoin is an electronic form of currency that is non-reversible and somewhat anonymous, “coupled with this gap in understanding makes it appealing for scam artists.” But because of the negative publicity the cryptocurrency got with the scams, it may have discouraged many from adopting it. “Due to the nature of this, people may see scams and Bitcoin being synonymous. In either traditional payment methods or Bitcoin, …

Year after year, the ransomware landscape changes dramatically. In 2019, a new resurgence of attacks occurred as businesses and government institutions became the main targets of ransomware, given their capacity to yield larger payouts. The most recent attack was against Garmin, a navigation systems company, on July 23. Due to the attack, many of its online services such as customer support, website functions and company communications were affected. Reportedly, the Russian cybergang Evil Corp launched the attack, demanding $10 million in cryptocurrency to restore access to Garmin’s services. Overall, according to a report by anti-malware software firm Malwarebytes, there was …

The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …

Multinational corporation Canon reportedly fell victim to a ransomware attack launched by Maze group against its email and storage services and its United States website on July 30. Maze has threatened to leak the pics and data if a crypto ransom is not paid. The image.canon site was out for six days, during which it showed updates. It went back into service on Aug. 4. Canon put out a statement that day about the attack, saying there had been no leak of image data, nor thumbnails of the photos stored in its cloud service. However, the severity of the attack …