Cyber Security Headlines: $190M crypto theft, T-Mobile store owner fraud, Missile maker extorsion

US crypto firm hit by $190 million theft

Researchers said Tuesday that threat actors have stolen $190 million worth of coins from US crypto firm, Nomad. The heist targeted Nomad’s “bridge” which allows users to transfer tokens between blockchains. Hackers moved roughly half of the stolen coins to three crypto wallets, and also moved a small proportion of the luit to a mixer to mask the trail of transactions. Nomad touts itself as a “security-first” business which keeps user funds safe. The company has notified law enforcement and is working with blockchain forensics experts to identify affected accounts and recover stolen funds.


T-Mobile store owner busted running phone unlocking scheme

A former owner of a Californian T-Mobile retail store has been found guilty of running a $25 million phone unlocking scheme. Allegedly, 44-year-old Argishti Khudaverdyan illegally accessed T-Mobile’s internal systems between 2014 and 2019 to hack employee accounts and unlock customer cell phones. This enabled the phones to be sold on the black market. Khudaverdyan promoted his unlocking services through sites like “,” spam email, and various brokers. In 2017, T-Mobile terminated Khudaverdyan’s contract for suspicion of his malicious activities. However, he partnered with another T-Mobile store owner in Los Angeles, to continue perpetrating the scheme. Khudaverdyan is scheduled for sentencing in October, where he could receive up to a total of 62 years in prison for committing wire fraud, money laundering, identity theft, and computer fraud. 

(Bleeping Computer)

EU missile maker denies breach but confirms extortion attempt

European missile manufacturer, MBDA, has refuted claims of a successful cyberattack on its infrastructure. However, MBDA clarified that bad actors have indeed acquired some of their data from an external drive used by the company’s Italian division. Hacking group, Andrastea, claims to have hacked MBDA’s network to steal 60 GB of data including info about employees, classified military projects, technical schematics, and contracts. Andrastea has leaked a sample of the data and demanded ransom payment. However, MBDA claims none of the leaked data is sensitive or classified and say they will not pay the ransom. Instead, the company plans to work with law enforcement to take action against the hackers.

(Bleeping Computer)

Flashpoint says MITRE’s CVE database is missing vulns

A new report from Flashpoint reveals that almost one third of the nearly 12,000 vulnerabilities it detected in the first half of 2022, were missed by MITRE’s Common Vulnerabilities and Exposures (CVE) database. Flashpoint also noted huge discrepancies in the severity and classification of vulnerabilities between its own VulnDB and those recorded in MITRE’s CVE database and NIST’s NVD database. Flashpoint also said the Common Vulnerability Scoring System (CVSS) over-rates many vulnerabilities. The report indicates that 10.0 rated bugs account for over 51% of total vulns in each of the last 10 years. Flashpoint recommends organizations use more comprehensive vuln database sources and to prioritize remediation for vulnerabilities that have a public exploit, are remotely exploitable, and are easily patchable.

(CSO Online)

Thanks to today’s episode sponsor, HYAS

Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement.

Take your cybersecurity investigations further than you ever thought possible with HYAS Insight.


Top universities are falling short on email security

According to Proofpoint, 97% of the top 10 universities in the UK, the US, and Australia are failing to adequately protect students and staff from email threats. Proofpoint examined the institutions’ Domain-based Message Authentication, Reporting & Conformance (DMARC) policies which can help defend against email threats such as phishing and business email compromise (BEC). While not full-proof, DMARC helps ensure that only authorized senders can send messages from registered domains. Unfortunately, nearly all of the universities had DMARC policies that were not securely configured or had no DMARC record at all.

(Infosecurity Magazine)

Semiconductor manufacturer hit by ransomware 

German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company’s network. Semikron has production sites in eight countries and its technology is used in 35% of wind turbines worldwide. The German Federal Office for Information Security alerted that the ransomware operators are blackmailing the company and threatening to leak stolen data. A ransom note found on one of Semikron’s encrypted systems indicates that attackers from the LV Ransomware gang stole 2TB worth of data.

(Bleeping Computer)

T-Mobile to offer data priority services to first responders

After analyzing many situations like the recent Uvalde Texas school shooting, T-Mobile has developed a new data priority strategy for all first responders across the US. The carrier will offer first responders a free network upgrade to Wireless Priority Service (WPS) free of charge. The service includes a minimum 512 kbps network speed and access to service in areas where T-Mobile is unavailable. This announcement makes T-Mobile the only wireless carrier to add data priority in collaboration with CISA and DHS.

(Cybersecurity Insiders)

Post-quantum encryption contender taken down in 1 hour

Last month, NIST selected four post-quantum computing encryption algorithms to replace current algorithms like RSA and Diffie-Hellman, which are unable to withstand quantum attacks. NIST selected four additional post-quantum encryption candidates to potentially add to the list pending further testing. However, during the fourth round of testing, crypto researchers from KU Leuven developed an attack that breaks one of those candidates, called SIKE, in just one hour using a single traditional computer. Although experts are surprised at the simplicity of the attack that broke SIKE, there is no impact on the algorithms already selected by NIST as approved standards.

(Ars Technica)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.