Scammers Arrested for Running $575 Million Crypto Ponzi Scheme
Scammers Arrested for Running $575 Million Crypto Ponzi Scheme
According to Bleeping Computer, the scam ring helps them launder victims’ funds by pooling them together through a complex network of shell corporations (suspected of selling mining machines), bank accounts, virtual asset services, and cryptocurrency wallets.
To avoid customer chargebacks when equipment cannot be delivered on time, scam gangs trick customers who have paid for mining hardware into signing up for remote mining through a new cryptocurrency mining service called HashFlare (launched in February 2015) Contract (“Cloud Mining”).
Judging from the content of the indictment, the gang promised that some customers who agreed to “cloud mining” would obtain mining rights from a centralized remote mining, and could obtain a certain percentage of profits. But HashFlare profit returns and balances are fake, HashFlare Potapenko and Turõgin just run it as a massive Ponzi scheme.
Bookmaker DraftKings suffers massive credential stuffing attack, costing more than $300,000
On November 21, DraftKings, a sports betting company, said on Twitter that some users were subjected to a credential stuffing attack by a hacker group, which resulted in losses of up to $300,000. DraftKings is currently investigating customer account issues and rectifying the affected accounts.
What all hijacked accounts have in common, according to the investigation, may have been an initial $5 deposit, then the attackers changed their passwords, utilized two-factor authentication (2FA) on a different phone number, and made withdrawals from the victims’ online banking accounts.
Many victims took to social media to express their dissatisfaction that they were unable to get in touch with anyone at DraftKings and had to watch the attackers repeatedly withdraw money from their bank accounts.
Hundreds of thousands of malicious emails are sent every day, the notorious malware Emotet is active again
After disappearing for about 4 months, the old malware Emotet is making a comeback. Since early November 2022, Emotet has returned to the realm of email attacks, sending hundreds of thousands of phishing emails a day, making it one of the highest numbers of attackers observed, according to security firm Proofpoint.
Emotet was last active in July 2022, and this new campaign is an indication that Emotet is returning to full functionality as a major malware family. This time, their main target regions include the US, UK, Japan, Germany, Italy, France, Spain, Mexico and Brazil.
In this new round of attacks, phishing emails sent by Emotet often contained Excel attachments or password-protected zip attachments that also contained Excel files. Excel files contain XL4 macros to download Emotet payloads from several built-in URLs. But thanks to the recent announcement by Microsoft to start disabling macros by default in Office documents downloaded from the Internet, a lot of malware has started migrating from Office macros to other delivery mechanisms, such as ISO and LNK files.
Government of India publishes draft Personal Data Protection Bill 2022
The Indian government released the draft of the Personal Data Protection Bill 2022 on November 18, which is the fourth time the Indian government has revised the draft since it was first proposed in July 2018.
The draft Personal Data Protection Bill 2022 aims to ensure the security of personal data, with the consent of users, indicating the purpose for which the information is collected and the exact classification. The draft will be open for public comment until December 17, 2022.
With more than 760 million active internet users in India, this requires data generated and used by online platforms to comply with privacy rules to prevent misuse, while enhancing accountability and increasing user trust
Middle Eastern countries double phishing attacks ahead of World Cup
According to Trellix, the number of phishing emails targeting Middle Eastern countries has doubled in the lead-up to the World Cup
The emails pretended to be FIFA service teams or ticket service personnel, as well as a team’s manager and logistics department, and defrauded customers by notifying customers that their accounts had been banned by FIFA.
Follow us to get the latest crypto and cyber security news:
Website, Linkedin, Twitter, Telegram Channel, Auth Lab Community
