A U.S.-sanctioned crypto mixer named previously known as Blender has reappeared with a different name. Researchers believe the mixer is being used to launder North Korean funds. More: - Blender was one of the crypto mixers used to clean a portion of the $620M worth of crypto that was stolen in the Axie Infinity hack in 2022.
- This breach is the largest hack in the history of crypto and was carried out by Lazarus Group.
- Researchers have concluded that Sinbad, the mixer's new name, is, in fact, the same as Blender because of several facts:
- The Bitcoin wallet that was used to pay the people who promoted Sinbad received money from the Blender operator's wallet.
- An address on the Sinbad website was shown to have received Bitcoin from a wallet tied with Blender.
- Most of the transactions that were initially conducted on Sinbad were sent from the suspected Blender operator's wallet.
- Both services are designed similarly.
| |
Microsoft has said that state-backed Chinese hackers are targeting South American diplomats with the Poison Plug malware. The threat actor behind the campaign is DEV-0147. More: - According to Microsoft, DEV-0147 is using tools such as ShadowPad, QuasarLoader, and Cobalt Strike to breach diplomats in South American countries.
- The hacking campaign uses Quasar Loader to load additional malware in the targeted network, while Cobalt Strike is used for data exfiltration.
- Microsoft stated that this is the first time this campaign has been used to target victims outside of Europe and Asia.
Zoom Out: - In early 2022, China-based threat actors were tracked as the operators behind a hacking campaign that breached U.S. state networks.
- ShadowPad has been previously used by threat actors in an attack targeting an ASEAN member foreign ministry by exploiting a vulnerable Microsoft Exchange Server.
| |
 A message from FINGERPRINT Engineering Teams Solve Big Problems With Device Identification Go beyond browser fingerprinting. Fingerprint enables engineering, fraud, and product teams to solve their toughest challenges quickly. Combine highly accurate user identification and a lightweight API to power your visitor recognition workflows. - The highest identification accuracy using fingerprinting, fuzzy matching, and server-side techniques to enable 99.5% accuracy
- The platform’s visitor identifier can remain the same for years, even with browser upgrades
- Lightweight and easy to implement, small teams can start for free
Join thousands of developers already preventing fraud and improving user experience. View Live Demo
| |
Hackers have breached Pepsi Bottling Ventures, stealing personal user information. The company has informed the victims of the breach, including the fact that hackers may have stolen financial information. More: - Pepsi stated that the breach happened on Dec. 23, 2022, but Pepsi learned about the attack on Jan. 10, 2023.
- Hackers have likely stolen information such as:
- Full name,
- Home address,
- Financial details,
- ID cards,
- Social Security numbers,
- Passport information, etc.
- The company is offering the victims one year of free access to identity monitoring services and financial fraud detection software.
- Security researchers claim that Pepsi's delayed response to the breach may have put its users at significant risk of having important personal data stolen.
| |
The U.S. Secret Service and the Spanish police have arrested a phishing hacker group that stole $5M. The hacker group was based in Madrid. More: - The hacker group used phishing, social engineering, and smishing to steal personal information from its targets.
- Law authorities stated that the group had hundreds of different bank accounts that were used to transfer its illegally acquired funds.
- U.S. authorities arrested one individual in Miami, while eight other individuals were arrested in Spain.
- Authorities have seized watches, 44 mobile phones, four laptops, three desktop computers, three tablets and monitors, luxury clothing, documents, bank cards, a compressed air gun, eight false passports, and jewelry.
| |
 A message from TRAVELBANK Automation is your finance team's best productivity strategy. Time is money. Automating manual tasks can minimize errors, enhance reporting and analytics, and strengthen the ways budget and financial forecasting tie into overall business strategy. In our checklist, get: - Tips for saving company money with automation
- Free online tools to get you started
- Next steps for 5 tasks your finance team can start automating today
Is your finance team automating these tasks? Download our checklist for 5 ways you can start automating in minutes, not months! Get your copy
| |
10,800 WordPress websites have been infected with malware through an ad fraud hacking campaign. This campaign has been deployed since September 2022. More: - The campaign aims to redirect visitors to compromised WordPress sites.
- By redirecting users to these websites, hackers aim to increase their AdSense revenue by tricking Google into believing that the website has organic traffic.
- The URL domains used in this hacking campaign are hosted on DDoS-Guard, a Russian internet infrastructure provider.
Zoom Out: - WordPress websites have been the target of several hacking campaigns. Only a few months ago, over 15,000 WordPress sites were breached through SEO-based malware.
| |
Quick Hits: - Athletic Brewing is pioneering a non-alcoholic craft beer revolution and donating 2% of sales toward protecting and restoring local trails.*
- The FBI, IC3, and other U.S. agencies have warned users to be aware of Valentine's Day scams that may target users by pretending to be romantically interested in them.
- Hackers have breached the website of Bahrain's international airport. A group named The Flood has taken credit for the breach.
- A clipper malware has been found in over 450 PyPi packages. The campaign aims to replace the crypto wallet address copied to the user's clipboard with wallet addresses that are controlled by hackers.
- According to reports, LockBit, the hacker group responsible for breaching Royal Mail, asked for a $79M ransom after breaching the company.
*This is sponsored content.
| |
Upcoming events at Inside: - February 16 - Inside Marketing w/ Kate Chernis (Lately) (Register Here)
- February 20 - Inside Marketing Coffee Break (Register Here)
- February 21 - Inside Startups Coffee Break (Register Here)
- March 01 - Webinar on the changing privacy landscape in the US by Vanta and Osano (Register Here) *
- March 02 - AI Quality Workshop: Driving ML Performance and Trustworthiness (Register Here) *
- April 18 - Human Resources Summit'23 (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Fingerprint is the premier device identity platform for high-scale applications. | |
Optimize costs and productivity with TravelBank, the all-in-one expense, travel, and card solution. | |
