security operations Archives - TuxCare

U.S. Seizes $30 Million Worth of Crypto from North Korean Hackers

Chainalysis, a U.S. company, said it had worked with the FBI to recover more than $30 million in cryptocurrency stolen from online video game maker Axie Infinity by North Korea-linked Lazarus Group, marking the first time digital assets seized by the malicious attacker have been recovered.

The amount recovered is just a percentage of the estimated $600 million that the FBI alleges North Korean hackers stole from the makers of a popular video game that allows users to earn digital currency.

“The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains,” Erin Plante, senior director of investigations at Chainalysis said.

Plante, Chainalysis’ lead investigator said the seizure, which will not be the last, is a significant development for law enforcement, and investigators are working hard to seize the remaining loot.

According to Plante, the chain analysis was involved in the seizures, using “advanced tracking techniques to track stolen funds to withdraw ATMs, and working with law enforcement and industry stakeholders to quickly freeze funds.”

The Lazarus Group had access to five of the nine private keys owned by transaction validators for Ronin Network’s cross-chain bridge. Subsequently, the group facilitated two withdrawal transactions: one for 173,600 Ether (ETH) and the other for $25.5 million Coin USDC, noting that the Lazarus group pocketed these funds using “over 12,000 different crypto addressees to date.” Chainalysis stated the stolen ETH coins were mixed in batches with the popular Tornado Cash mixed service.

The sources for this piece include an article in TheHackerNews.

Hackers Actively Exploit WordPress Zero-day Flaw

Wordfence, a WordPress security company, has warned of a zero-day WordPress vulnerability that is now being exploited by attackers.

The bug is in a WordPress plugin called BackupBuddy. BackupBuddy is a plugin that allows users to back up their entire WordPress installation from within the dashboard, including theme files, pages, posts, widgets, users, and media files.

According to Wordfence, the vulnerability is rooted in the Local Directory copy function, which is designed to store a local copy of the backups. The vulnerability is the product of an insecure implementation that allows attackers to download arbitrary files to the server.

“This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information,” Wordfence said.

The bug affecting BackupBuddy is tracked as CVE-3022-31474 and has a severity of 7.5. While the bug affects versions 8.5.8.0 to 8.7.4.1, it was fixed in version 8.7. 5, which was released on September 2, 2022.

Wordfence stated that the active exploitation of CVE-2022-31474 began on August 26, 2022. Since then, the platform has been able to block nearly five million attacks, with the majority of intrusions attempting to read files such as /etc/passwd, /wp-config.php,.my.cnf, and .accesshash.

Details of the vulnerability remained secret to prevent further exploitation by attackers.

“This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation. This could include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd,” said the plugin’s developer, iThemes.

BackupBuddy users are advised to upgrade to the latest version to fix the bug and prevent it from being compromised by attackers. Those who are already compromised should reset the database password, change WordPress Salts, and rotate API keys stored in wp-config.php.

The sources for this piece include an article in TheHackerNews.

The Safest Browsers for Linux Users

Security remains a top priority for Linux users worldwide. Apart from security, users are interested in browsers that can guarantee privacy. especially in a world where third-party applications and social media platforms use their data secretly and without consent.

While many users want secure browsers that will keep them safe and prevent their browsers from being tampered with by third parties and cyberattacks, many are unaware of the browsers that can guarantee their security.

Linux is an operating system. An operating system is software that manages all hardware resources connected to a desktop or laptop.

Among the best browsers for Linux users that can offer maximum security are Ungoogled Chromium, GoLogin, Brave, Vivaldi, and Tor.

Ungoogled Chromium is an open source version of Google Chrome that offers Linux users independence from Google’s web services (Google Hotwording, Host Detector, URLs, tracking, Sage Browsing, etc), replaces Google’s web services with open source alternatives, blocks all pop-up windows in all tabs, and removes and replaces with custom alternatives binaries from source codes.

GoLogin is an anti-detect borrower that allows users to use multiple accounts at the same time. It offers a number of advantages, including the separation of customized profiles for each account, control of digital fingerprint, suitable for teamwork, anonymous surfing, installation on an unlimited number of devices, access to the TOR VPN network and free proxies’ inclusion.

Brave Browser provides users with a VPN to change their IP address. It also offers some other benefits, including the end of tracking and invasive advertising on every website visited, separation of incognito windows with private search, blocking cookies and reducing digital fingerprints, protecting users from malware and phishing, the anonymous browsing option on the Internet, and others.

Vivaldi can customize all settings to increase user security. Other advantages include blocking tracking, blocking all add-ons without extensions and plugins, regular updates, a user-friendly interface similar to Chromium, no recording of the user’s personal data by Vivaldi itself, end-to-end encryption for synchronized days, and others.

Tor offers remarkable benefits for all Linux distributions. Tor offers hefty benefits such as torrent prevention, user-friendly anonymous browsing, tracking protection, the ability to change geolocation and avoid censorship, and the ability to access the dark web.

The sources for this piece include an article in LINUXSTANS.

Why improving SecOps can save you money

Security operations is a critical element of the enterprise technology environment – but it can sometimes be left behind as organizations focus on adopting the latest technology solutions.

In a year like 2020 where there is so much change in the way work is performed and technology is delivered, security operations (or SecOps) can simply be left to the side – not getting the investment it needs.

Continue reading “Why improving SecOps can save you money”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching