BleepingComputer reports that decentralized finance cryptocurrency exchange dYdX had its older v3 trading platform’s website recovered after being breached in an intrusion believed to be part of the DNS hijacking attacks against DeFi platforms with Squarespace-registered domains.
With the impacted site potentially still being cached, users have been urged by dYdX to ensure that their browsers are restarted and caches cleared before visiting the website. “A fix to the DNS resolution has been implemented. However, due to caching, the issue may not be fixed for every user yet,” said dYdX, which noted that the incident has not compromised smart contracts and funds on v3. Such a disclosure comes after Google Domain-registered web domains that transitioned to Squarespace were reported by cybersecurity researchers samczsun, Andrew Mohawk, and Taylor Monahan to have been taken over by threat actors through a vulnerability that deactivated management accounts’ multi-factor authentication protections. Additional details regarding the domain hijacking process remain a mystery.
SC Staff
Aside from deferring the delivery of breach notifications two months later, Visionworks also did not sufficiently defend its systems, resulting in the exfiltration of customers’ names, birthdates, Social Security numbers, home and email addresses, financial details, and medical information, alleged the lawsuit.
SC Staff
Cybernews reports that MetLife was claimed to have been compromised by the RansomHub ransomware-as-a-service operation, which alleged the theft of 1 TB of data from the major global insurance company’s systems. The insurance company, however, denied that its systems were compromised, saying an Ecuador-based subsidiary was impacted by a “cyber incident.”
SC Staff
While Google Groups and LinkedIn reports noted the campaign to have commenced in early December, such an attack may have been tested since March as evidenced by command-and-control subdomains discovered by BleepingComputer.
By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.
Related Terms
You can skip this ad in 5 seconds
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use.
About The Author
More Stories
Anatomy of a Scam
Climate and Environmental Sustainability Within the IETF and IRTF
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation