Tether has revealed a ransomware demand in which threat actors are allegedly demanding 500 Bitcoin ($24 million). Over the weekend, the blockchain and cryptocurrency organization said on Twitter that a demand for payment had been made, on pain of documents being leaked online that would “harm the Bitcoin ecosystem.” The wallet address associated with the demand, at the time of writing, has $72 in BTC stored. Tether said that the payment deadline is March 1, but added, “We are not paying.” “It is unclear whether this is a basic extortion scheme like those directed at other crypto companies or people looking to undermine Tether and the crypto community as a whole,” Tether says. “Either way, those seeking to harm Tether are getting increasingly desperate.”
The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain’s records without valid authorization. In a blog post published on Sunday, Perl.com website editor Brian D. Foy said as much, noting that while Network Solutions has not confirmed this theory, he spoke with other domain owners who reported a similar scheme. Perl.com is a website focused on articles about the Perl programming language, overseen by managing editor David Farrell. The Perl Foundation (perl.org) is said to be involved in the .com site though Foy insists that’s not the case. The foundation’s post on the subject and Foy’s reply in the comments section suggests an arm’s length relationship between the two groups.
As vaccines are rolling out across the world, Twitter wants to curb misinformation related to it by introducing a new strike system. The company said repeated offenders — accounts with five strikes against them — will get banned permanently. Last December, Twitter said that it’ll start removing tweets with harmful misinformation related to the coronavirus vaccines; the company said today it has deleted 8,400 such posts to date. Starting today, the social network will begin to label tweets with vaccine misinformation. They’ll also point to curated content related to COVID-19 vaccines in the local context. Initially, human moderators will do this work, and the data will be used to train the company’s machine learning algorithms. Eventually, Twitter wants to use a combination of human and automated moderators.
Cybersecurity firm Qualys is likely the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. In December, a wave of attacks targeted the Accellion FTA file-sharing application using a zero-day vulnerability that allowed attackers to steal files stored on the server. Clop ransomware has been extorting these victims by posting the stolen data on their ransomware data leak site. As Accellion FTA devices are standalone servers designed to be outside the security perimeter of a network and accessible to the public, there have been no reported attacks on these devices leading to internal systems compromise. Before today, the known victims extorted by Clop include Transport for NSW, Singtel, Bombadier, geo-data specialist Fugro, law firm Jones Day, science and technology company Danaher, and technical services company ABS Group.
Fraudsters impersonating U.S. Border Patrol agents and other federal officials are trying to steal unsuspecting targets’ private financial information through a relatively new telephone-based scam, U.S. Customs and Border Protection warned this week. The alert came after the Homeland Security Department subcomponent received numerous reports from concerned individuals who encountered the unsolicited, scammy calls. On the other end of those calls is a pre-recorded message that, according to CBP, would specifically say “a box of drugs and money being shipped has your (resident’s) name on it and it has been intercepted.” Potential victims of the scam are then prompted to press #1 to speak with a CBP officer and subsequently told to enter their banking information.