Once again, cryptocurrency has monetized cybercrime. Scams are substantially easier and harder to trace properly with crypto, helping cybercrime to scale up to this insane level we see today.
Looking at how I can prevent this from happening to myself, am I missing something?
Why didn't their email-service's anti-virus pick up on virus?
In the case that it was in a zip, why didn't said anti-virus extract the zip & scan?
In the case of a password-protected zip, why didn't the computer scan the file upon extraction?
In the case of a scan upon extraction, why was it missed? Outdated definitions or zero day?
Linus also spoke about invalidating sessions. This is something that requires careful planning. We can't do it due to our teams switching VPNs so often.
We do enable Impossible Travel in Okta by default for our clients.
Any part of the system can be spoofed; virtual machines exist. In addition, once you have a session token, you don't even need to involve a browser, you can just make requests to the server directly.
From the perspective of a browser, it seems like a better mitigation would be to make it harder to steal these tokens in the first place. Cookies have to be persisted to disk in order to survive browser restarts, but maybe some cookies could be identified as password-equivalents and get stored in the system's keyring.
And of course, from the perspective of a server, they could probably be more credulous when they see a session token trying to make account management actions from a new IP.
I wonder if there could be a new secure cookie/session token standard that makes use of hardware security keys like TPM/Secure Enclave to prevent them from being exfiltrated. They could be domain scoped for access like Passkeys are. Maybe DNSSEC could prevent MITM attacks of it as well.
Still, they should've gotten warning prompts for running an untrusted exe when they opened it, wouldn't they? I mean I know people are pretty well conditioned to ignore those, especially gamer geeks who are used to using dubious tools.
I believe the name the program reports for those prompt can be different than the actual filename, allowing an attacker to use the name of adobe reader or some other popular PDF reader instead. If the malicious script launches the actual PDF reader with a legitimate-looking PDF after executing its payload it could be hard to detect
IMHO Pretty great of dbrand to step in and sponsor a topically sensitive video on short notice as well as provide a pretty big carrot to bring in a flood of traffic. Just ordered a matte black skin for my MBP 14". I have no relation to dbrand other than being an occasional customer.
Thanks, bitcoin.