Montenegro has extradited Terraform Labs co-founder Do Kwon to the US, where he faces charges related to investor deception and the collapse of the TerraUSD cryptocurrency. The Montenegrin interior ministry confirmed Kwon was handed over to US law enforcement at Podgorica airport.
Kwon, a South Korean national, was arrested in March 2023 while attempting to leave Montenegro. The Supreme Court recently ruled that legal conditions for extradition were met, prompting Justice Minister Bojan Bozovic to approve the US request. His legal team has appealed the decision at Montenegro’s Constitutional Court.
The former CEO of Terraform Labs is accused of misleading investors about TerraUSD’s stability. The cryptocurrency collapsed in May 2022, triggering an estimated $40 billion in market losses. Kwon and his company are also being sued by the US Securities and Exchange Commission over allegations of fraud involving TerraUSD and Luna.
Stablecoins are digital assets designed to maintain a fixed value, typically pegged to a fiat currency. TerraUSD’s failure undermined trust in their stability and shook the broader cryptocurrency market.
A US Army soldier, Cameron John Wagenius, has been charged with selling and attempting to sell stolen confidential phone records. Arrested on 20 December, Wagenius faces two charges of unlawfully transferring confidential information in a Texas federal court. His rank and station have not been disclosed, though he is reportedly based at Fort Cavazos in Texas.
Authorities allege that Wagenius, known online as ‘Kiberphant0m’, claimed involvement in hacking activities, including phone records linked to high-profile figures. The case is connected to a broader investigation involving hackers accused of stealing sensitive personal and financial information. Prosecutors have revealed the involvement of a hacking group targeting data storage firm Snowflake’s customers.
Cybersecurity researchers identified Wagenius after members of the group issued threats against them. Law enforcement acted swiftly following the tip-off, according to Allison Nixon of Unit 221B. The prosecution is being handled in Seattle, where two co-defendants, Connor Moucka and John Binns, face related charges for extensive data breaches.
The Department of Justice and the FBI have yet to comment on the case. Wagenius has been ordered to appear in Seattle, where the investigation continues.
Healthcare organizations in the US may face stricter cybersecurity rules to address the growing threat of data breaches. Proposals introduced by the Biden administration seek to prevent sensitive patient information from being leaked through hacking or ransomware attacks. Measures include mandatory encryption and compliance checks to enhance network security.
Data breaches have exposed the healthcare information of over 167 million people in 2023 alone, according to Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology. The updated standards, introduced by the Office for Civil Rights under the Health Insurance Portability and Accountability Act (HIPAA), are estimated to cost $9 billion in the first year and $6 billion annually in subsequent years.
Officials highlighted the rising danger of healthcare cyberattacks, with hacking and ransomware incidents increasing by 89% and 102% respectively since 2019. Hospitals often face operational disruption, while leaked data can lead to blackmail. A 60-day public comment period will allow stakeholders to provide input before finalising the rules.
The new standards are designed to safeguard healthcare networks and protect Americans’ private information, including mental health records. Strengthened cybersecurity is expected to reduce vulnerabilities and ensure the safety of critical healthcare systems.
A series of intrusions targeting Chrome browser extensions has compromised multiple companies since mid-December, experts revealed. Among the victims is Cyberhaven, a California-based data protection company. The breach, confirmed by Cyberhaven on Christmas Eve, is reportedly part of a larger campaign aimed at developers of Chrome extensions across various industries.
Cyberhaven stated it is cooperating with federal law enforcement to address the issue. Browser extensions, commonly used to enhance web browsing, can also pose risks when maliciously altered. Cyberhaven’s Chrome extension, for example, is designed to monitor and secure client data within web-based applications.
Experts identified other compromised extensions, including those involving AI and virtual private networks. Jaime Blasco, cofounder of Texas-based Nudge Security, noted that the attacks appear opportunistic, aiming to harvest sensitive data from numerous sources. Some breaches date back to mid-December, indicating an ongoing effort.
Federal authorities, including the US cyber watchdog CISA, have redirected inquiries to the affected companies. Alphabet, maker of the Chrome browser, has yet to respond to requests for comment.
AT&T and Verizon have confirmed cyberattacks linked to a Chinese hacking group known as “Salt Typhoon,” but assured the public on Saturday that their US networks are now secure. Both companies acknowledged the breaches for the first time, stating they are cooperating with law enforcement and government agencies to address the threat. AT&T disclosed that the attackers targeted a small group of individuals tied to foreign intelligence, while Verizon emphasised that the activities have been contained following extensive remediation efforts.
The attacks, described by US officials as the most extensive telecommunications hack in the nation’s history, reportedly allowed Salt Typhoon operatives to access sensitive network systems, including the ability to geolocate individuals and record phone calls. Authorities have linked the breaches to several telecom firms, with a total of nine entities now confirmed as compromised. In response, the Cybersecurity and Infrastructure Security Agency has urged government officials to transition to encrypted communication methods.
US Senators, including Democrat Ben Ray Luján and Republican Ted Cruz, have expressed alarm over the breach’s scale, calling for stronger safeguards against future intrusions. Meanwhile, Chinese officials have denied the accusations, dismissing them as disinformation and reaffirming their opposition to cyberattacks. Despite assurances from the companies and independent cybersecurity experts, questions remain about how long it will take to fully restore public confidence in the nation’s telecommunications security.
Hackers are using fake job offers from well-known crypto firms to trick victims into installing malware that grants them access to devices and wallets. According to blockchain expert Taylor Monahan, these scams begin with the hackers posing as recruiters offering high-paying roles, with salaries ranging from $200,000 to $350,000. Instead of sharing documents or software, victims are led through a series of steps to “fix” technical issues with their microphone and camera, which results in malware installation.
Monahan explained that the scam unfolds during lengthy interviews where the final step involves the victim being instructed to resolve an access issue. Following the given instructions prompts a fake browser update that compromises their system. The malware can provide attackers with backdoor access to steal crypto funds or cause other damage, and it works across Mac, Windows, and Linux platforms.
These fake recruiters approach victims on LinkedIn, freelancer platforms, and chat apps like Discord and Telegram, advertising roles at major crypto firms like Gemini and Kraken. Monahan advised those who suspect exposure to the malware to wipe their devices and urged everyone in the crypto space to remain vigilant against such tactics.
Hackers temporarily disrupted around ten official websites in Italy on Saturday, including those of the Foreign Ministry and Milan’s two airports, according to the country’s cybersecurity agency. The pro-Russian group Noname057(16) claimed responsibility on Telegram, describing the attack as a retaliation against what it called Italy’s ‘Russophobia.’
The attack, a Distributed Denial of Service (DDoS) operation, flooded networks with excessive data traffic, paralysing their functionality. Italy’s cybersecurity agency acted swiftly, mitigating the impact within two hours. A spokesperson confirmed that assistance was provided to affected institutions and companies.
Despite the disruptions, flights at Milan’s Linate and Malpensa airports were unaffected, and the airports’ mobile apps continued to operate normally, according to SEA, the company managing the airports. Authorities continue to investigate the incident, highlighting ongoing threats from cyber groups linked to geopolitical tensions.
A power provider in Siberia’s Irkutsk region has been caught illegally leasing land to crypto miners, with the plot originally designated for public utilities. The Irkutsk Region Prosecutor-General’s Office announced that the unnamed power company had facilitated the establishment of a crypto mining farm, leading to a fine of 330 thousand rubles (approximately $3,120) and an ongoing administrative case against the firm.
This case highlights the ongoing issue of illegal crypto mining in Russia, particularly in Siberia, where miners are drawn to cheap electricity and low temperatures that reduce cooling costs. However, the increased demand for power has led to grid instability and power outages in the region, prompting Moscow to implement temporary mining bans in some areas. Despite these measures, illegal mining continues to thrive, especially in Irkutsk.
Other parts of Russia, like Tyumen and the Komi Republic, are emerging as alternative hotspots for crypto mining, with new facilities being developed to attract miners. In addition to these developments, Russia’s largest industrial mining firm, BitRiver, is building a new 100MW data centre in Buryatia, set to become the largest in the Far Eastern Federal District. These moves reflect the growing demand for crypto mining infrastructure across the country, despite the regulatory challenges.
Manually created Windows 11 installer media for October and November 2024 patches could leave systems unable to install future security updates. The issue impacts USB or CD installers for version 24H2 and may affect businesses, schools, and PC enthusiasts.
Microsoft clarified that systems receiving October and November updates via Windows Update or the Update Catalog remain unaffected. However, media-created installations require rebuilding with the December 2024 update, followed by a full reinstallation. Microsoft recommends ensuring December’s patch is included in new installation media.
The company acknowledged the issue on its known problems page and is actively developing a permanent fix. Other bugs in version 24H2 have also emerged, affecting audio devices, Outlook with outdated Google Workspace Sync, and certain Ubisoft games.
New research by The Guardian reveals that ChatGPT Search, OpenAI’s recently launched AI-powered search tool, can be misled into generating false or overly positive summaries. By embedding hidden text in web pages, researchers demonstrated that the AI could ignore negative reviews or even produce malicious code.
The feature, designed to streamline browsing by summarising content such as product reviews, is susceptible to hidden text attacks—a well-known vulnerability in large language models. While this issue has been studied before, this marks the first time such manipulation has been proven on a live AI search tool.
OpenAI did not comment on this specific case but stated it employs measures to block malicious websites and is working to improve its defences. Experts note that competitors like Google, with more experience in search technology, have developed stronger safeguards against similar threats.
