US Takes Action Against “Criminal Exchange” Bitzlato, Arrests Founder
Bitzlato founder charged for helping criminals launder illicit funds
US Department of Justice announced a major international law enforcement action against Hong Kong-based crypto exchange Bitzlato accused of laundering $700 million worth of illicit funds, including ransomware payments. Bitzlato’s founder, 40-year-old Russian national Anatoly Legkodymov, was apprehended and charged for money laundering.
NortonLifeLock customer accounts breached via a credential-stuffing attack
Gen Digital, formerly Symantec Corporation and NortonLifeLock has warned its clients about a security incident where hackers tried to hijack Norton accounts, and possibly password managers, using stolen credentials bought on the Dark Web.
CircleCI said the recent data breach was caused by malware on employee laptop
Software company CircleCI shared new details on a data breach disclosed in early January. According to the company’s incident report, the attacker broke into its network through an engineer’s laptop infected with an info-stealing malware used to steal a valid, 2FA-backed SSO session. This malware was not detected by CircleCI antivirus software.
2022 saw a 62% decrease in stolen payments cards
Roughly 60 million compromised payment card records were posted for sale on Dark Web marketplaces in 2022, which is, actually, a significantly lower number compared to almost 100 million in 2021.
Newsletter service Mailchimp hacked twice in less than a year
Intuit-owned email marketing and newsletter service Mailchimp said it was hit with a social engineering attack where a threat actor gained access to Mailchimp’s internal tools for customer support and account administration and used compromised employee credentials to access select Mailchimp accounts.
