CTRL + ALT + SEC

Tag: Coinbase

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/4/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hacker extradited to US for stealing $3.3 million from taxpayers

The article details the successful extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to the U.S., where he faces charges related to a sophisticated hacking and fraud scheme. The core of his alleged criminal activity involved spearphishing attacks targeting U.S. tax preparation businesses. By gaining unauthorized access to these businesses’ computer systems, Amachukwu and his co-conspirators were able to steal the personal data of thousands of American citizens. This stolen information was then used to file fraudulent tax returns and Small Business Administration (SBA) loan applications, resulting in over $3.3 million in confirmed losses to the U.S. government. The extradition underscores the international cooperation necessary to combat cybercrime and demonstrates a commitment by law enforcement to pursue and prosecute individuals who exploit digital vulnerabilities for financial gain, regardless of their physical location.

Beyond the tax and loan fraud, the article highlights Amachukwu’s alleged involvement in a separate, parallel scam. This second scheme involved a fake investment opportunity where victims were convinced to invest millions in non-existent standby letters of credit. This dual-pronged criminal activity paints a picture of a perpetrator who engaged in multiple forms of financial deception, exploiting both technological vulnerabilities and human trust. The indictment against Amachukwu reflects the seriousness of his alleged crimes, with charges including conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft. The potential penalties, including a mandatory two-year consecutive sentence for aggravated identity theft and up to 20 years for each wire fraud count, illustrate the severe legal consequences for such offenses.

The extradition and subsequent court appearance of Amachukwu serve as a significant development in the case, moving it from international pursuit to domestic prosecution. The fact that he was apprehended and extradited from France, where he was presumably located after the alleged crimes took place, showcases the global reach of U.S. law enforcement and its ability to work with international partners to bring suspects to justice. While a trial date has yet to be scheduled, the article makes it clear that the U.S. government is not only seeking a conviction but also the forfeiture of all proceeds from his criminal activities. This aggressive legal approach aims to both punish the perpetrator and recover the stolen funds, providing a comprehensive response to the financial and personal damage caused by his fraudulent schemes.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Whitepapers
- CrowdStrike 2025 Threat Hunting Report
Articles
- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign – Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
- Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies – PXA Stealer pilfers data from nearly 40 browsers, including Chrome
- North Korea sent me abroad to be a secret IT worker. My wages funded the regime – Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
- Cisco Says User Data Stolen in CRM Hack – Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
- What the Coinbase Breach Says About Insider Risk – The lesson from the breach is not just about what went wrong — but what could have gone right.
- PBS confirms data breach after employee info leaked on Discord servers – PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
- Hacker used a voice phishing attack to steal Cisco customers’ personal information – A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday.
- Air France and KLM disclose data breaches impacting customers – Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
Podcasts
- Smashing Security – 428: Red flags, leaked chats, and a final farewell
- The 404 Media Podcast – How AI is being used by hackers and criminals
August 11, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/2/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Largest ever data leak exposes over 4 billion user records

The recent exposure of over 4 billion user records in China represents an unprecedented cybersecurity catastrophe, highlighting the extreme vulnerability of personal data in the digital age. This colossal leak, comprising 631 gigabytes of unsecure data, contained a vast array of sensitive information, including financial details, WeChat and Alipay records, residential addresses, and potentially even communication logs. The sheer scale and diversity of the exposed data — ranging from over 800 million WeChat IDs to 630 million bank records and 610 million “three-factor checks” with IDs and phone numbers — strongly suggest a centralized aggregation point, possibly for surveillance, profiling, or data enrichment purposes. This incident underscores a critical failure in data security, leaving hundreds of millions of individuals susceptible to a wide range of malicious activities.

With access to correlated data points on residential information, spending habits, financial details, and personal identifiers, threat actors could orchestrate large-scale phishing scams, blackmail schemes, and sophisticated fraud. The inclusion of Alipay card and token information further raises the risk of unauthorized payments and account takeovers, potentially leading to significant financial losses for users. Beyond individual exploitation, the possibility of state-sponsored intelligence gathering and disinformation campaigns cannot be overlooked, given the perceived nature of the data collection as a comprehensive profile of Chinese citizens. The swift removal of the database after discovery, coupled with the anonymity of its owners, further complicates efforts to understand the breach’s origins and implement protective measures for impacted individuals.

The inability to identify the database’s owners or provide direct recourse for affected users exemplifies the precarious position individuals find themselves in when their data is compromised on such a grand scale. While China has experienced significant data breaches in the past, this incident stands as the largest ever recorded, dwarfing previous exposures.

Projects
- TryHackMe – Hashing Basics – In Progress
Papers
- Research on insider threat detection based on personalized federated learning and behavior log analysis
Articles
- ‘Russian Market’ emerges as a go-to shop for stolen credentials – The “Russian Market” cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware.
- Cartier discloses data breach amid fashion brand cyberattacks – Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers’ personal information after its systems were compromised.
- Meta stopped covert operations from Iran, China, and Romania spreading propaganda – Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms.
- Victoria’s Secret hit by outages as it battles security incident – Fashion retail giant Victoria’s Secret said it is addressing a “security incident,” as its website and online orders face ongoing disruption.
- Crooks fleece The North Face accounts with recycled logins – Outdoorsy brand blames credential stuffing
- Coinbase breach tied to bribed TaskUs support agents in India – A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.
- Scattered Spider: Three things the news doesn’t tell you – With the recent attacks on UK retailers Marks & Spencer and Co-op, so-called Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption — currently looking like hundreds of millions in lost profits for M&S alone.
- Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs – Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.
- FBI: Play ransomware breached 900 victims, including critical orgs – In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023.
- Largest ever data leak exposes over 4 billion user records – In what’s likely the biggest data leak to ever hit China, billions of documents with financial data, WeChat and Alipay details, as well as other sensitive personal data, were exposed to the public. Worryingly, there’s little that impacted users can do to protect themselves.
Podcasts
- Smashing Security 419: Star Wars, the CIA, and a WhatsApp malware mirage
June 9, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/12/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Broadcom employee data stolen by ransomware crooks following hit on payroll provider

This serves as a reminder of the risks inherent in supply chains, particularly concerning sensitive data like payroll information. The fact that a ransomware attack on Business Systems House (BSH), a Middle Eastern partner of ADP, led to the theft of Broadcom employee data highlights the vulnerabilities that can exist even when an organization outsources critical functions. The timeline is particularly noteworthy: the initial ransomware attack occurred in September 2024, BSH/ADP became aware of data exfiltration in December 2024, yet Broadcom wasn’t informed until May 2025. This significant delay underscores the challenges in incident detection, investigation, and notification across multiple entities, leaving affected individuals in the dark for an extended period and hindering their ability to take timely protective measures. The article also subtly emphasizes the importance of vendor security assessments and the need for robust contractual agreements outlining breach notification timelines and responsibilities.

The attribution of the attack to the El Dorado ransomware group, with potential links to the BlackLock group, adds another layer of complexity and intrigue for threat intelligence followers. The rapid emergence and rebranding (or suspected rebranding) of ransomware groups are common tactics to evade law enforcement and maintain operational continuity. The report of infostealer data compromising employee accounts and potentially leading to wider third-party breaches through stolen credentials further illustrates the multi-faceted nature of modern ransomware attacks. The mention of Hudson Rock’s findings regarding compromised accounts and the potential impact on 35 additional companies underscores the lateral movement capabilities that attackers often exploit after initial access. This emphasizes the need for organizations to not only secure their own perimeters but also to implement strong internal segmentation and monitoring to limit the blast radius of any potential compromise originating from a third-party incident.

Finally, the types of data potentially stolen – including national IDs, financial account numbers, salary details, and home addresses – represent a high-value target for cybercriminals and pose significant risks to the affected Broadcom employees. The advice given by Broadcom to enable multi-factor authentication and monitor financial records is standard but crucial in the aftermath of such a breach. ADP’s attempt to distance itself by emphasizing that their own systems were not compromised and that only a “small subset” of clients were affected highlights the reputational damage and legal liabilities that can arise from third-party breaches. The case also underscores the complexities of the double extortion model, where data is both encrypted and exfiltrated, leaving victims with little incentive to pay a ransom if the attackers have already demonstrated a willingness to publish stolen information. For cybersecurity professionals, this incident serves as a valuable case study in understanding supply chain risks, incident response challenges, and the evolving tactics of ransomware actors.

Projects
- TryHackMe – Cryptography Basics – In Progress
Articles
- Google will pay a $1.375 billion settlement to Texas over privacy violations – Texas had filed two lawsuits against Google for how it handled users’ geolocation, incognito search, and biometric data.
- FBI warns that end of life devices are being actively targeted by threat actors – Cybercriminals install malware on compromised devices, set up a botnet, and sell proxy services or launch coordinated attacks.
- Education giant Pearson hit by cyberattack exposing customer data – Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.
- Ukraine arrests two over alleged Hungarian spy plot – Ukraine says it has uncovered a spy network being run by the Hungarian state to obtain intelligence about its defences near their shared border.
- Russian spy ring leader jailed in UK for nearly 11 years – One of their operations was a plan to intercept mobile phone signals at Patch barracks, a U.S. base near Stuttgart where Ukrainian troops were believed to be training to use surface-to-air Patriot missiles
- Government webmail hacked via XSS bugs in global spy campaign – Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations.
- FBI: US officials targeted in voice deepfake attacks since April – The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April.
- Cybersecurity firm Proofpoint to buy European rival for over $1 billion as it eyes IPO – Cybersecurity firm Proofpoint is acquiring European rival Hornetsecurity for north of $1 billion to strengthen its European presence as it explores a return to public markets.
- Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data – Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand.
- Details on 89M Steam Accounts Leaked, Valve Says Systems Not Breached – Valve says the leak features phone numbers that previously received a one-time passcode, but they’re not associated with a Steam account, password, or other personal data.
- Broadcom employee data stolen by ransomware crooks following hit on payroll provider – Tech giant was in process of dropping payroll biz as it learned of breach
Podcasts
May 19, 2025