Bitcoin 'Mixer' Fined $60 Million

FinCEN: Helix and Coin Ninja Sites Violated Anti-Money Laundering LawsThe Treasury Department has fined the owner of two bitcoin “mixing” sites $60 million for violating anti-money laundering laws. It’s the first time the department’s Financial Crimes Enforcement Network has issued a civil monetary penalty against the operator of a cryptocurrency site. Source: Bank Info Security […]

Continue Reading

Tom Kellermann on the Price of Digital Transformation

Analysis of Latest Global Incident Response Threat ReportVMware Carbon Black is out with its latest Global Incident Response Threat Report, which describes “the perfect storm” for increasingly sophisticated attacks heading into 2021. Cybersecurity strategist Tom Kellermann discusses what that means – and how these trends should inform our defensive strategies. Source: Bank Info Security Tom […]

Continue Reading

Trickbot Rebounds After 'Takedown'

CrowdStrike: Botnet’s Activity Has Already Picked UpThe recent “takedown” of Trickbot by Microsoft and others had only a temporary effect; the botnet’s activity levels have already rebounded, according to Crowdstrike and other security firms. Source: Bank Info Security Trickbot Rebounds After 'Takedown'

Continue Reading

Shipping dangerous goods, (Wed, Oct 21st)

For the past several months, I've been tracking a campaign that sends rather odd-looking emails like this The sender (from) address on these emails is usually impersonating an existing shipping or logistics company. The ships mentioned in the emails actually exist, and according to marinetraffic.com, the vessels are in fact traveling in the area and […]

Continue Reading

CVE-2020-4755 (spectrum_scale)

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595. Source: NIST Vulnerability CVE-2020-4755 (spectrum_scale)

Continue Reading

CVE-2020-4749 (spectrum_scale)

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure […]

Continue Reading