South Korean cryptocurrency exchange Upbit was noted by its operator Dunamu to have had $30 million worth of assets stolen from its Solana wallet on Nov. 27 due to a security weakness that enabled private key inferencing, Cybernews reports.
Security Affairs reports that almost 2 million individuals were confirmed to have had their information stolen following the Qilin ransomware attack against major Japanese brewery firm Asahi Group Holdings in September.
Infosecurity Magazine reports that the North Korea-linked FlexibleFerret macOS malware had its attack chain revamped to enable increased stealth and long-term persistence in targeted systems as part of a Contagious Interview campaign.
The RelayNFC malware, described as lightweight and evasive, utilizes a Hermes-compiled payload with a JavaScript engine to stealthily capture and relay card data to attackers.
HackRead reports that the widely used coding tool Prettier Code formatter has been spoofed on the VSCode Marketplace to enable Anivia Stealer malware injections on Windows systems as part of an attempted Brandjacking attack.
Illicit Blender 3D files tapped to deliver StealC V2 infostealer Russia-linked threat actors have been using trojanized .blend files on CGTrader and other platforms to facilitate the distribution of the StealC V2 information-stealing malware as part of an attack campaign that has been ongoing for at least six months, according to Infosecurity Magazine.
Information-stealing payloads are being spread via bogus Windows update screens as part of a new ClickFix attack campaign that has targeted organizations in the U.S., EMEA, and Asia-Pacific and Japan regions between Sep. 29 and Oct. 30, according to The Register.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
