Last Week In Blockchain and CyberSecurity News - April 16, 2019

A Hacker Has Dumped Nearly One Billion User Records Over the Past Two Months 

A hacker, named Gnosticplayers is responsible for the hacks of 44 companies and has reached a total of 932 million records dumped in the past few months. Data from companies such as Under Armour, MyHeritage, and GfyCat have been sold on dark web forums. Releases have been grouped in four rounds --Round 1 (620 million user records), Round 2 (127 million user records)Round 3 (93 million user records), and Round 4 (26.5 million user records). Last week Gnosticplayers put up “Round 5”- containing data of 65.5 million users. According to ZDNet, the information comes from six companies: “gaming platform Mindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women's fashion store Moda Operandi, and Apple repair center iCracked. Data included in Round 5 contain emails, passwords (MD5), cleartext passwords, Ip address, geo-location, and more. Gnosticplayers put this data up for sale for around $4,350.  

Read more

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support 

Last week, Microsoft confirmed to TechCrunch that a hacker or a group of hackers broke into a customer support account for Microsoft and used that to gain access to information related to customer email accounts. The hackers were able to access email content from a large number of MSN, Hotmail, and Outlook accounts. Information breached includes account email addresses, folder names, subject lines of emails, and the email addresses a user sent messages to. Microsoft notified some of its users about the security breach and confirmed via email that hackers have accessed information about their OutLook account between January 1st, 2019 and March 28, 2019. Microsoft also stated, “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.” 

Read more here

Binance Delists Bitcoin SV, CEO Calls Craig Wright a ‘Fraud’ 

On Monday, Binance announced that it would be delisting all BSV trading pairs on April 22. This announcement comes after a week of controversy around the cryptocurrency’s creator, Craig Wright. Binance CEO Changpeng Zhao (CZ) threatened to delist BSV if Craig Wright continued to harass users that state he is not Satoshi Nakamoto, the “original creator of Bitcoin.” In their delisting announcement, Binance states “we periodically review each digital asset we list to ensure that it continues to meet the high level of standard we expect,” citing several factors it weighs. In many tweets, CZ stated, “Craig Wright is a fraud,” and that “the real Satoshi can [simply] digitally sign any message” to prove legitimacy. However, Wright has continued to support his stance and has even sent legal cease-and-desist letters to other individuals claiming he is not Satoshi. It will be interesting to see if other exchanges will follow Binance’s steps. Binance will continue to support BSV withdrawals until July 22.

Get more information here

Malware Creates Cryptominer Botnet Using EternalBlue and Mimikatz 

A cryptojacking campaign detected by Qihoo 360’s research team has recently added the NSA-developed EternalBlue exploit and is actively attacking targets throughout Asia. The campaign is now combining the EternalBlue exploit and taking advantage of Living off the Land PowerShell-based scripts to drop Trojans and a Monero coinminer on compromised machines. Initially, the malware was only attacking Japanese computers; however, the targets moved onto other countries including “Australia, Taiwan, Vietnam, Hong Kong, and India.” The malware “drops multiple malicious components on machines it compromises by "trying a list of weak credentials to log into other computers connected to the network." If it gets in a machine using this technique, it will “change the firewall and port forwarding settings of the infected machines, setting up a scheduled task to download and execute an updated copy of the malware instead of sending itself onto the compromised computer.” Additional steps include dropping a Trojan strain, invoking a PowerShell implementation of a Mimikatz variant, and deploying an XMRig Monero crypto miner.  

Read more here
 

Coinbase Pro Adds EOS, Augur (REP), And Maker (MKR) 

Last week Coinbase Pro added three crypto assets, EOS (EOS), Augur (REP), and Maker (MKR) to its cryptocurrency exchange. EOS and REP will be available in all Coinbase-supported regions excluding NY, MKR will be available in all Coinbase-supported areas outside the US. 

Like previous launches, the launch of these crypto assets will be done in a four-step process. The phases are as follows: 

  • Transfer-only — Only deposits of the cryptocurrency 

  • Post-only — This phase will allow investors and clients of Pro to place limit orders for the XRP trading pairs. Order books will be in post-only mode for a minimum of one minute. 

  • Limit-only — This is the final stage before full trading. This phase will see Coinbase’s trading engine matching limit orders, but not market orders.  Order books will be in limit-only mode for a minimum of ten minutes. 

  • Full Trading — In the final stage, full trading services will be available, including limit, market, and stop orders. 

You can sign up for a Coinbase Pro account here to start trading. 

Read more here