Categories
Security

Cameo’s CEO fell victim to the latest Bored Ape NFT heist

Non-fungible token, or NFT, thefts aren’t uncommon, but they continue to be a little mind-boggling— a bizarre combination of high risk and massive financial losses. The latest high-profile target is Steven Galanis, the CEO of celebrity video platform Cameo. Galanis reported over the weekend that he’d gotten his Apple ID hacked, and as a result, he lost a variety of NFTs. Most prominently, that included a Bored Ape Yacht Club ape that he bought for nearly $320,000 in January.

Galanis tweeted about the theft of Ape #9012 on Saturday, following a bot reporting the NFT being resold. Galanis originally purchased the ape for 100 Ethereum — around $319,500 at the time of purchase — and the alleged thief flipped it to a new owner for 77 Ethereum, which is now worth around $130,000. Galanis tweeted that he’d also lost several other crypto assets, including BAYC-adjacent Otherside tokens and around 9,000 ApeCoin cryptocurrency tokens, currently worth around $66,000. As of this writing, OpenSea has frozen the ape in question, preventing the new owner — who goes by MonroeSaintJames — from selling it through the platform.

The exact hack mechanics aren’t clear from Galanis’ tweets. Some Twitter users suggested he’d kept a copy of his seed phrase (essentially a security key that can be used to get access to a crypto wallet) in a service that uses iCloud backups, giving the hacker access after his account was compromised. Galanis didn’t immediately reply to a Twitter direct message seeking confirmation from The Verge.

But plenty of other NFT owners have been hacked, sometimes for extraordinary sums. Actor Seth Green had an ape (which was also the star of an upcoming TV series from Green) hacked from his crypto wallet, then purchased it back for around $300,000. More egregiously, a hacker stole over $1 million in tokens by compromising the official BAYC Instagram account and phishing NFT owners. It’s theoretically easy to trace these transactions but essentially impossible to reverse them short of arranging a transfer with the new owner like Green did. So far, Galanis hasn’t done so — but if he wants the ape back, he may have no other choice.



Repost: Original Source and Author Link

Categories
Computing

Victim of Zoombombing? Here’s How to Collect Your Payout

If you’re a Zoom user, you could be entitled to a minimum $15 payment for your troubles over the company’s security flaws that enabled the practice of “Zoombombing.”

The payment amount comes after Zoom announced earlier this year that it had reached an agreement of $85 million to settle the privacy issues at the heart of the class-action lawsuit.

Amazon

Zoombombing emerged as a result of lax security protocols inside Zoom’s videoconferencing and collaboration app, which gained popularity as a work tool during the global pandemic. Outsiders were able to hijack and disrupt private video calls as a result of Zoom’s security practices at the time. Disruptions could potentially involve vulgar, racist, pornographic, or otherwise objectionable conten.

The company has since made changes to how Zoom operates to prevent Zoombombing disruptions.

Even if you have never experienced Zoombombing, you can still be entitled to compensation as part of the class-action settlement terms. At the minimum, the agreement will pay you $15 for a claim if you ever registered, used, opened, or downloaded the Zoom Meeting App in the period between March 30, 2016 and July 30, 2021.

If you are a paid user of the Zoom Meetings App, you may eligible for a larger $25 settlement. Paid users can submit a claim for the larger amount of either $25 or up to 15% of the subscription cost before any optional features were tacked on, according to Zoom’s settlement agreement.

The bad news is that if you are a government user or an owner of an enterprise-level account, you’re excluded from making any claims.

If you qualify for either compensation level, you can make an online claim. The claim form must be completed by March 5, 2022. According to The Verge, the preliminary settlement has been approved by the court, but the final approval is subject to a final hearing scheduled for April 7, 2022.

Zoom has denied any wrongdoing as part of its settlement agreement.

As a result of the nuisance created by Zoombombing, the company has since made changes to the platform, including alerting users and hosts when meeting participants join from third-party apps, providing users with privacy training, and fixing its end-to-end encryption technology to make video calls more secure.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

Oxford lab studying the coronavirus was victim of a cyberattack

Oxford University disclosed on Thursday that one of its research labs dedicated in part to studying COVID-19 suffered a cyberattack, following an investigation from Forbes indicating external access to a number of the lab’s systems.

The lab is part of Oxford’s Division of Structural Biology, known as “Strubi.” There’s no indication the lab or its research had any direct connection to ongoing COVID-19 vaccine development conducted by the Oxford Vaccine Group and the Jenner Institute. But it’s unclear exactly what data may have been compromised.

Forbes says it was shown proof of the intrusion by Alex Holden, the chief technology officer of a cybersecurity firm called Hold Security, who provided screenshots showing access to lab equipment with active intruders as recent as February 14th. It’s not clear if the intent was to steal valuable lab data or to potentially sabotage ongoing research.

“We have identified and contained the problem and are now investigating further,” an Oxford University spokesperson tells Forbes. “There has been no impact on any clinical research, as this is not conducted in the affected area.”

Oxford confirmed to Forbes that some of the machines that were accessed included purification devices for handling biochemical samples, some of which included proteins used in ongoing coronavirus research. Forbes reports that the attackers may not have been connected to any nation-state and instead may have been seeking out valuable research to sell on underground markets.

Oxford contacted the UK’s National Cyber Security Center (NCSC), which now says it’s conducting an investigation. “We are aware of an incident affecting Oxford University and are working to fully understand its impact,” an NCSC spokesperson told Forbes.

Repost: Original Source and Author Link

Categories
Security

Cyberpunk 2077 studio falls victim to ransomware attack, data leak threatened

CD Projekt says it’s been hacked by attackers who’ve been able to access its internal network, encrypt some devices, and collect “certain data” from the Polish video game company. The Cyberpunk 2077 developer says it will not give in to the demands or negotiate with the attacker, and does not believe any personal data of players or service users has been compromised.

In a tweet disclosing the hack, the company shared the ransom note left by the hackers, who claim to have accessed the source code for Cyberpunk 2077, Witcher 3, Gwent, and an “unreleased version of Witcher 3.” The hackers are threatening to release the source code alongside internal legal, HR, and financial documents “if we will not come to an agreement.”

In its statement, CD Projekt says that it has secured its IT infrastructure, and has begun restoring its data from intact backups. It says it has informed the “relevant authorities” as well as IT forensic specialists.

The attack follows the developer’s troubled launch of Cyberpunk 2077. The game released with numerous bugs and performance issues on PC, and was almost unplayable on older consoles. Sony subsequently pulled the game from the PlayStation Store and offered refunds to players, while Microsoft is also offering refunds.

CD Projekt has been subjected to intense criticism for releasing the game in what critics claim is an unfinished state. The company has vowed to address Cyberpunk 2077’s performance issues with a series of patches. It’s now facing a lawsuit from investors who claim they were misled about the game’s performance prior to release. The developer has also been criticized over reports that its employees were forced to work long hours in the months leading up to the game’s release.



Repost: Original Source and Author Link