steal

Israel is not only attacking Iran with missiles. He also just steal 90 million dollars in cryptocurrencies

by

It is not much less cryptocurrency theft more large in historybut those 90 million dollars are especially significant for whom they are involved and why. Those involved They are Israel and Iran. And why, unfortunately, The war that they maintain both nations. Israel hacking to Iran. The war between Israel and Iran is intensified, and does not only New and striking tactics On the battlefield. It also does it through cyber warmen. A group called Gonjeshke Darande, (predatory sparrow, in a translation from the Persian) Hackeo has been attributed of the Iranian market of Cryptodivisas Nobitex. Possible link to Israel. There is no definitive evidence of a direct link between the Government of Israel and this grip hacker, Sophos experts indicate. Rafe Pilling, Director of Intelligence of Threats in that firm, explained that the cyber attack had all the characteristics of an attack supported by a government. 90? Millions of dollars. The Hacker Group has achieved according to The Guardian steal 90 million dollars, although the page of the Wikipedia Persian edition It indicates that the robbery amounted to 3.76 billion rials, about 47 million dollars, although that money may be stolen from one of the two troonscan wallets destination From Gonjeshke Darende they have also threatened to publish both the company’s internea information and the source code of its cryptodivsis purchase platform. The final amount is not entirely clear, and According to Cointegraph It is exceeding 81.7 million dollars. Cold purses, safe. The attack, They support Nobitexhas allowed to steal the cryptocurrencies of the “hot” purses of the platform, used to facilitate daily transactions. He has not affected cold, safer purses. Nubitex blocked access to the platform as soon as they and those responsible say that “all damages will be compensated through the insurance fund.” In a later message They have revealed that the impact of the attack is “more complex than it was initially estimated.” And above, Internet cuts. From Nobitex they explain that their capacity to respond to cyber attack has also been affected by the cuts in the country’s internet infrastructure, “together with limited access to the facilities due to the current national crisis.” They hope to recover and restore their services in the next 4 or 5 days, but in the meantime the platform is still unable to be accessed. A hacking with political motivation.Yehor Rudytsia, security researcher at the Hacken firm, said in Cintelegraph how this cyber attack is more “a political statement than a robbery with economic motivation.” In fact, according to The Guardian the hackers have “burned” those funds storing them in custom addresses (“Vanity Addresses“) that they do not have a known private password or possibility of recovering. For example, a purse such as” 0x0000000000000000000000000000000000000000000000 Transferring cryptocurrencies to this type of addresses is actually destroying them voluntarily by leaving them blocked forever. The hackers have used directions with variations of the term “Jo *** Osterrorists”. Image | Wikipedia | Art Rachen In Xataka | Iran and Israel are starting another war in the background: that of the false images created with AI

The Supreme Court has just resolved who is responsible when you steal all your money for Phishing: the bank

by

The Supreme Court has just failed in favor of users and against banking in one of the most recurrent issues in recent years: Scams through the Internet. He declares that banking is the main responsible in these cases of fraud, being forced to immediately replenish all money stolen from the client. It is not a user thing. The Supreme Court has confirmed A sentence issued on April 9in which the Civil Chamber rejected the appeal filed by Ibercaja against a resolution issued by the Provincial Court of Zaragoza in November 2022. In this sentence 571/2025 it is underlined that good banking practices require the activation of systems capable of detecting suspicious activities, as well as blocking or verifying high -risk operations. Almost 60,000 euros, back to pocket. Unless it can be demonstrated that the client acted negligently, the bank is obliged to assume responsibility and return the money immediately. In this case, Ibercaja Banco SA must reintegrate a client 56,474.63 euros stolen from his account through Sim Swappinga system to supplant our identity stealing the telephone number. Judge Manuel Almenar Belenguer uses the European Directive before payment servicesas well as the Spanish regulations, concluding that if there is no negligence, the user’s only obligation is to notify the bank about any type of unauthorized operation. The new jurisprudence. This case feels a fundamental precedent since it establishes that, from now on, the banking entities will be the main responsible in cases of Phishing banking. Consequently, they must respond for user -unauthorized operations, thus marking a significant change in customer protection against electronic fraud. “The advances of current technology make relatively easy to design ideal computer systems or applications to detect certain anomalies in the provision of payment services. Operations that, in the case of companies or companies with a concrete corporate purpose, can be described as ordinary, must immediately raise suspicions and give rise to an answer when they affect natural persons outside of such activity.” Banks will no longer have an excuse. Based on Judisprudence, it is stated that contractual clauses that exempt the banking entities of their responsibility with users regarding unauthorized operations must be declared knots. Until now, banks could hide in alleged bad practices carried out by the user, such as having introduced their data on websites or malicious links. After this sentence, they are responsible for any unauthorized operation. A plague with which the government tries to end. Scams per call and SMS are a plague. So much, that the Ministry of Digital Transformation It has been trying to put a brake over a year. He End of commercial calls It arrived in February 2025 under ministerial order, but this is just a tiny part in the cybethaf cake. False calls, Scams by WhatsApp, malware in stores like Google Play, Identity Supplant by SMS… tactics change and evolve to continue having an affectation and result. Recently, The Civil Guard dismantled a network of cybers allegedly led by a 19 -year -old student. User’s responsibility. Despite the additional protection that the clients of the entities will enjoy in case of cybetafa, it falls on the roof of the user not to fall into practices that can end up being considered as negligence. These have not established themselves, but it is worth not introducing our phone, personal email on the websites whose origin we are not clear. In case of using Android, we are also responsible for what we download and where we download it, as well as the permits that we give to the applications. Protecting goes beyond possible money subtractions: it is especially easy to end up giving all our data to cybers. In Xataka | Cybethafa with Word documents as a Trojan horse: how it works and how to protect your personal and financial data

There is a person who knows more than anyone in the world about password robberies. And they just steal his

by

Troy hunt It has been for years warning us of the dangers of the passwords. It happened so often that it ended up turning those warnings In a project that has become a reference: Have I Been Pwned. And despite everything he knows, he has just fallen into a theft of credentials with the most common method of all: A Phishing email. Can happen to anyone. Hunt had in his blog how it fell into a very well elaborate trap: a phishing email that pretended to come from Mailchimpthe platform you use to distribute your newsletter. In the notice he was informed that he had received a spam complaint and that his shipping privileges in the service would be restricted. To solve it, yes, I could click on a button with a link. Why did that phishing work? As this expert explained, “I have received a ton of similar messages that I have always identified quickly”, but there was a critical factor that played against him: the moment in which he received it and read it. Hunt had Jet Lag and was very tired when he received the message, and did not think enough that something was not right. Difficult indications to identify. After clicking on the link, Hunt also noticed how his password manager did not autocomplete the details of his account (user and passwords, usually). This could have been an indication that the domain from which those credentials were requested was suspicious, but he himself indicated that many platforms record you in a domain (which the password manager keeps) and then authenticate you in another. Theft of their subscribers. Phishing’s attack caused the attackers to steal 16,000 records that belong to people who subscribed but also that he had already discharged from his Newsletter. Mailchimp keeps those registers for some reason. In these data, email, IPS and latitude and length addresses are included, however they do not point to the subscriber location. He has also been “Pwned”. The creator of the Have Ien Pwned site ended up adding the theft of his data to the database he uses on this platform, as was of rigor. As he pointed out in his blog, not to do it “it would have been a hypocrisy.” He also had the success of telling what had happened to him right away. If a message is super urgent, suspect. Phishing attacks usually always take advantage of being written with an urgency tone or message. If you don’t act, they try to tell you, something bad can happen to you. That is precisely why in these messages it is to try to keep the head cold and clear and not act instinctively or immediately. It is probably the great lesson that can be taken from this event. Passkeys help. Traditional passwords remain a potential threat to phishing attacks, but there is a method that helps us avoid that threat in particular: Passkeys or Paso Keyswhich make use of safe biometry. Its implementation, yes, is quite fragmentedbut we deposit confidence in a passkeys provider (such as Google either Applefor example) are undoubtedly An important element To add a remarkable safety layer, as well as the authentications in two steps (2FA) have been so far. Image | Saksham Choudhary In Xataka | There are users who pass from passwords. And they go to “I forgot my password” to generate them again and again

They are being used to cheat and steal information

by

Surely this situation is familiar: You have a PDF file and you need to turn it into .doc To edit it in Word. An option would be to pay the Premium version of Adobe Acrobat, which allows you to do it, but most likely we seek to “convert PDF to Word” into Google, we access an online tool and upload the PDF without the slightest prevention. Well, this action, so innocent in appearance, can end up regular, as they have warned from the FBI. What happened. The FBI office in Denver has issued an official statement in which they claim that their agents “are increasingly detecting Related scams With free online document conversion tools. “The modus operandi is relatively simple:” criminals use free tools for online document conversion to load malware in victims computers, giving rise to incidents such as ransomware. “ How do they. From the agency they explain that cyberdelicuents are using free conversion or unloading tools. Although they do not give concrete names, they do notice that the attack vector can be a website that promises to convert a PDF to Word or Combine several images in PDFor a tool to download videos and/or convert MP4 into MP3. It is easy to imagine examples of these tools. They work, but they go with a bug. These tools can work and comply with what is promised, but nothing guarantees that the returned file is not infected. PDFs can contain malwaresuch as a JavaScript code that exploits vulnerability or sets a process through commands on our PC. An MP3 can also be infected, although not infecting itself, but exploiting vulnerability in a player, for example. That is, the options are varied. In an online file converter you have to take into account which files returns us and what we do with those we have uploaded Who is looking at. Beyond returning an infected file, these tools can obtain valuable information from us another way: seeing the files we have uploaded. If we have uploaded a PDF with our mail and telephone number (we think of a CV), it is possible that whoever is behind the malicious website uses this information for little lawful purposes. Let’s not talk about bank information, passwords, photos in which we leave, etc. The importance of going with an eye. It should be noted that not all online tools are malicious, much less. That a website has a privacy policy where they clearly explain what they do with your files, contact information and that is known is already a good indicative. When in doubt, it is always a good idea to pass the files generated by a platform as Virustotal. Cover image | NaO Triponez and Markus Spiske edited by Xataka In Xataka | If you use cable headphones, you are vulnerable: they are a caramel for hackers

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.