Cryptocurrency Platform Celsius Breached, Customers Hit With Phishing Attacks
Google Project Zero adds 30 days to vulnerability disclosure cycle, Facebook users urged to take legal action in Europe over data leak, Reddit goes public with bug bounty programs, more
Check out Metacurity’s special edition today on the Biden administration’s plans to restrain and sanction Russia for its SolarWinds hack, and take a look at my column on the same subject in CSO.
Cryptocurrency rewards platform Celsius Network disclosed a security breach it experienced through a third-party marketing server that exposed customer information that led to a phishing attack.
Using the stolen customer list, the threat actors impersonated Celsius Networks in phishing texts and emails that promoted a new Celsius Web Wallet. As an incentive to get people to visit the site, the text states Celsius is offering $500 in the CEL cryptocurrency if they create a wallet and enter a special promo code. The threat actor used a registrar in Sweden that is a favorite for certain threat actors, such as the Fancy Bear and Cozy Bear Russian hacking groups. (Lawrence Abrams / Bleeping Computer)
Related: Coindesk, Decrypt, Celsius
Google’s Project Zero has added an extra 30-day period to its v…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.