Plus: U.S. Treasury sanctions Iran after the latter hacked Albania
| Part of  Network | |
 Presented by  |
The U.S. government has seized $30M in cryptocurrency. The cryptocurrency was stolen from the infamous Axie Infinity breach. More: - North Korea-backed Lazarus Group stole over $600M in crypto from Axie Infinity a few months ago. Hackers stole over 173,000 ETH in a breach considered the largest of its kind.
- The group managed to steal the cryptocurrency by breaching the Ronin Network, a sidechain that leverages Ethereum to serve players extra features.
- To hide the transaction, the hackers used Tornado Cash, a U.S.-sanctioned cryptocurrency mixer that makes it harder for authorities to track transactions in the blockchain.
- The recovered $30M represents 10% of the total stolen sum. Authorities did not confirm whether they have a lead on the rest of the stolen funds.
- Researchers believe that since the U.S. sanctions on crypto mixers, the chances of threat actors getting away with hacking campaigns and money laundering have been significantly reduced.
| |
Portugal's NATO documents have been stolen by hackers and are being sold online. The country's officials did not track the breach until U.S. security agencies informed them. More: - Hackers specifically breached The Armed Forces General Staff agency of Portugal.
- The breach went unnoticed until the documents were leaked online.
- The U.S. Embassy in Lisbon managed to alert the Portuguese authorities, which resulted in an intervention from the National Security Office in Portugal.
- While the government has not commented on this cyberattack yet, researchers believe the breach is severe and that the unknown threat actor has managed to steal highly important documents.
| |
 A message from NORDLAYER NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. We help organizations of all sizes to fulfill scaling and integration challenges when building a modern secure remote access solution, within an ever-evolving SASE framework. Why NordLayer? - Quick and easy to integrate with existing infrastructure
- Hardware-free
- Designed with ease of scale in mind
NordLayer meets the varying growth pace and ad-hoc cybersecurity requirements of agile businesses and distributed workforces today. Try NordLayer
| |
Close to 200,000 North Face accounts have been hacked. Credential stuffing was used as a threat vector, while the threat actor responsible for the breach remains unknown. More: - According to the apparel company, hackers were able to steal the following information about its users:
- Full name
- Purchase history
- Billing address
- Shipping address
- Telephone number
- Account creation date
- Gender and
- XPLR Pass reward records
- The company claims that financial data such as credit card payments are not stored on the website; therefore, that information had not been stolen.
Zoom Out: - North Face was breached two years ago through a similar method.
| |
The U.S has sanctioned Iran for launching a cyberattack against Albania weeks ago. The sanctioned institution is specifically Iran's Ministry of Intelligence and Security. More: - The sanctions were carried out by the U.S. Treasury.
- The Treasury's Department of Foreign Asset Control claims that the sanctioned institution has been a persistent threat actor on numerous occasions and that the recent hacking campaign against Albania's digital infrastructure system, E-Albania, was undeniably carried out by actors that had their support.
- E-Albania is used to complete administrative tasks such as applying for a new passport, car document, healthcare record, etc.
- NATO and the U.K. also denounced the cyberattack, while Albania has cut all diplomatic ties with Iran.
| |
 A message from SECURITY COMPASS Discover an automated, scalable, developer-centric approach to threat modeling. So what differentiates a developer-centric threat modeling platform from more traditional threat modeling tools? A holistic developer-centric threat modeling platform offers a solution that covers the entire process—from analysis to implementation to measurement and reporting. It will help you release secure software faster by: - Automatically generating threat modeling diagrams
- Identifying required threat countermeasures and security controls
- Engaging key stakeholders (especially developers)
- Ensuring developers implement the required controls
- Measuring the effectiveness of the program
- Maintaining audit trails and data
- Understanding a change in risk profile
Read Developer Centric Software Threat Modeling Powered by Automation, a comprehensive guide on why developer-centric threat modeling is critical for your business. Get the guide
| |
A WordPress bug is being actively exploited. The flaw allows hackers to steal all data from a single website or user in the form of a backup. More: - Researchers are tracking the flaw as BackupBuddy.
- BackupBuddy has a CVSS score of 7.5 and is officially known as CVE-2022-31474.
- Nearly 5 million hacking attempts have been made by a threat actor whose goal is to exploit the flaw further.
- The bug affects versions 8.5.8.0 to 8.7.4.1, while the company has suggested all users update to the newest versions.
- So far, researchers have been unable to track the threat actor responsible for the hacking campaign.
| |
Quick Hits: - Origin Investments’ IncomePlus Fund has seen its 27th consecutive month of positive returns, generating 18.7% over the past 12 months.*
- WeTransfer is being used by hackers as a tool to spread malware named Lampion. Hackers are using phishing as a threat vector.
- Coinbase has filed a lawsuit against the U.S. government after the latter sanctioned the cryptocurrency mixer service Tornado Cash.
- The Vice Society hacker group is claiming that it has hacked the second largest district school in Los Angeles, the LAUSD.
*This is sponsored content.
| |
Upcoming events at Inside:
- September 14 - What Do Developers Think of Threat Modeling? (feat. security experts from Security Compass, Dell, and Tricentis) (Register Here) *
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Vibha Chapparike is a Freelance Writer & Editor at Inside.com. With her post-graduation in Management and Finance completed, Vibha is expanding her knowledge in Venture Capital, Business, and Startups. Previously, she had a career in Public Relations and Communications with Women in Cloud - an organization on a mission to create $1B in economic access for female technology entrepreneurs. An ardent reader and writer currently residing in Singapore, you can follow Vibha on Twitter @VChapparike. | |
| |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
