Latest news with #hack
The Sun
3 days ago
- General
- The Sun
Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'
Douglas Simpson Published: Invalid Date, EXPERT analysts have discovered a massive hack affecting Wi-Fi routers with thousands already compromised. Analysts who uncovered the hack said it has already impacted over 9,000 devices and is still ongoing. 3 3 So far only Asus routers have been hit by the hackers who seem to be adding the devices to their "army" after gaining control. It remains unclear what the internet crooks intend to do with the nearly 10,000 routers they have gained control over. The hack was detected by an AI system known as "sift" in March, this led analysts to investigate. Working for cybersecurity platform GreyNoise Enterprise, who designed the AI, analysts quickly identified and named the hack. The firm collects and analyses Internet-wide scan and attack data to provide insights into potential threats. The attack has been dubbed "ViciousTrap" by security experts who are monitoring the ongoing situation. Attackers stealthily accessed the routers over a period of time with their access seemingly immune to reboots and firmware updates. This gives the hackers control over the affected devices that is hard to block or remove. Despite the hack being identified the number of devices being affected is still rising indicating that the hack has not been stopped. Experts have said the hack is essentially invisible with little to no trace that devices have been affected. The reason why the attackers are building their army of routers is still a mystery. Asus has addressed the weaknesses that initially granted the hackers access to their routers. How to stay safe from hackers Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats. Use multi-factor authentication to reduce the impact of password compromises. Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly. Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions Prevent and detect lateral movement in your organisation's networks. A GreyNoise report on the hack said: "The techniques used reflect long-term access planning and a high level of system knowledge." Government authorities were notified of the hack shortly after it was discovered. Routers are always exposed to the Internet, and move significant amounts of highly valuable data, making them actively sought after targets for hacks. Experts are recommending performing a complete factory reset on Asus routers that may be affected. Following the reset experts are urging users to update their router firmware and reconfigure their devices manually. Updating routers to the latest firmware from or after May 27 can protect unaffected routers from falling victim to the hack and help remedy already affected routers. No source for the hack or a reason behind it have been identified yet.
CTV News
6 days ago
- CTV News
N.S. couple loses $30K, believes it's due to power utility's cybersecurity breach
A Nova Scotia couple says they lost thousands of dollars in what they allege was part of a cybersecurity hack involving Nova Scotia Power.
The Verge
21-05-2025
- The Verge
19-year-old student to plead guilty to huge school database hack
A 19-year-old college student will plead guilty to carrying out a massive hack against PowerSchool, a popular student information system used by schools around the country. On Tuesday, the Department of Justice said Matthew Lane of Massachusetts agreed to plead guilty to four counts, including cyber extortion, unauthorized access to protected computers, and aggravated identity theft. Though the DOJ doesn't identify PowerSchool by name, the details outlined by the DOJ line up with the attack, such as the hacker's threat to leak the names, email addresses, phone numbers, Social Security numbers, dates of birth, and medical information of tens of millions of students and teachers if the company didn't pay a $2.85 million ransom. A source close to the situation also tells NBC News that the company in question is PowerSchool. In January, PowerSchool said it became aware of a data breach involving the 'unauthorized exfiltration of certain personal information' from its customer support portal, PowerSource. The company later revealed that it paid the ransom in an attempt to keep the attacker from making its information public. However, PowerSchool customers later received additional threats to expose stolen data. 'As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us,' PowerSchool said. The DOJ accuses Lane of breaking into PowerSchool using stolen login credentials and transferring the information of students and teachers to a computer server in Ukraine. The agency also charged Lane with breaching and extorting another unnamed US-based telecom company. 'As alleged, this defendant stole private information about millions of children and teachers, imposed substantial financial costs on his victims, and instilled fear in parents that their kids' information had been leaked into the hands of criminals — all to put a notch in his hacking belt,' US Attorney Leah Foley said in the press release.
Malay Mail
20-05-2025
- Business
- Malay Mail
Last year, Dough Finance collapsed after losing US$2.5m from a hack — now their funders are behind Trump's personal push for crypto
BOSTON, May 21 — In May last year, Jonathan Lopez invested about US$1 million worth of cryptocurrency in Dough Finance, a small trading platform that made it easy to make risky bets using borrowed funds. Initially, the 31-year-old investor and motivational speaker from Miami did well. Part of Dough's appeal for users was 'looping,' where traders borrow against their crypto holdings to buy more of the same asset and then use that new asset as collateral to buy even more. Each 'loop' increases risk and Dough made those highly technical trades as easy as a few clicks. Lopez paid a 5 per cent fee on the crypto he deposited in Dough, and co-founder Chase Herro personally showed him how to use the platform and cheered him along, according to documents made public in subsequent litigation between the two men. 'We get reward(s) for the risks we take,' Herro wrote Lopez. 'Lfg,' he added, shorthand for 'let's fucking go.' But on July 12, 2024, Lopez's entire investment was gone, stolen by unidentified hackers who made off with about US$2.5 million, according to a post-mortem of the heist that Dough later posted online. 'We acknowledge our mistake and are deeply sorry,' Dough said in a post-hack report published on Medium on July 23, 2024 conceding vulnerability in the code that made the hack possible. 'We will continue to work diligently to protect our users and their assets, learning from this incident to enhance our security posture.' Two months later, Herro and co-founder Zak Folkman resurfaced with a brand new crypto venture, World Liberty Financial, and new partners: U.S. President Donald Trump and his three sons, Don Jr., Eric, and Barron. Herro and Folkman were introduced to President Trump and his two eldest sons by his current mideast envoy Steve Witkoff. The Trumps, Witkoff has said, were smitten by the two men's vision of decentralised finance and became partners in World Liberty, where President Trump is listed as 'Chief Crypto Advocate' and his sons are 'Web3 Ambassadors.' Now Lopez is suing Herro for fraud, misrepresentation, breach of fiduciary duties, and violating Florida's securities laws, seeking restitution and punitive damages as well as legal fees. Lopez did not respond to requests for comment. An attorney for Lopez, Joseph Pardo, told Reuters in February that Lopez had invested heavily in Dough based on Herro's representations, arguments echoed in the lawsuit Lopez filed against Herro in January. Pardo did not respond to requests for additional comment. Attorneys for Herro filed for dismissal or arbitration, calling Lopez a 'sophisticated' investor who should have understood the risky nature of looping and crypto and that the hack was out of Herro's control. The judge overseeing the case set a trial date for April 2026 in Miami federal court. 'We are proud of the entire team,' Trump Organization executive vice president Eric Trump said in an emailed statement in response to questions about Herro and Folkman's involvement in Dough and their role with World Liberty. 'They have overachieved our wildest goals and our current trajectory is nothing short of incredible.' A Reuters review of previously unreported correspondence unearthed by the lawsuit, combined with interviews with 10 former Dough customers and a review of social media posts, lays out for the first time how the crypto entrepreneurs walked away from their old venture just as they became entwined with World Liberty, a crypto project that has sent hundreds of millions of dollars to the family of President Trump. Prior to Dough Finance, Herro and Folkman were frequent collaborators as online sales and crypto entrepreneurs. Herro once called himself 'the dirtbag of the internet' in an address to investors about making money in crypto, in which he also said 'I do what's that I don't give a fuck'; Folkman early in his career founded 'Date Hotter Girls,' which proffered advice on how to pick up women. After the collapse of Dough, though, they hit it big with Trump's World Liberty; their cut of the company's revenues so far is at least US$65 million, according to their disclosed share of proceeds from the sale of more than US$550 million in tokens. The Trump family's share of those token sales is about US$400 million, Reuters has reported. Herro and Folkman, as well as Herro's attorneys and a spokesperson for World Liberty, did not respond to requests for comment for this story. Don Jr. and Barron Trump did not respond to requests for comment. The White House press office referred questions to the Trump Organization. World Liberty is part of an array of Trump family crypto ventures that have expanded during his new administration. These include a US $TRUMP meme coin, Trump Media & Technology Group's new crypto exchange-traded funds, a crypto mining operation called American Bitcoin, and USD1, a stablecoin pegged to the U.S. dollar from World Liberty. Those businesses are testing the norms of how U.S. officeholders are allowed to enrich themselves while in power. Beyond the crypto investments, the Trump family has unveiled plans for a new Trump hotel in Dubai and a new golf course in Qatar. Most recently, Trump has faced bi-partisan criticism for his desire to accept a US$400 million airplane from Qatar. In January, the Trump Organization announced the president's assets would be held in a trust managed by his children and he would play no day-to-day role. Funds stolen by hacking cryptocurrency platforms totalled US$2.2 billion in 2024, according to a report from Chainalysis in December. — Reuters pic 'I said we'd take care of it' The thieves made off with nearly all of Dough's deposits, but Folkman and Herro promised to work to recover lost funds. 'We will not stop until everyone is made whole,' Folkman wrote on the day of the breach in a Telegram channel for Dough users with around 2,700 members, reviewed by Reuters. Herro texted Lopez to assure him he would be reimbursed for the nearly 300 ether tokens he had lost, worth about US$833,133 at the time, according to Lopez's lawsuit. 'I said we'd take care of it,' Herro wrote. 'I'm letting the team sort this. They said give them the weekend.' Known for their frequent posts online about exotic cars and money-making strategies, the men abruptly stopped updating Dough's Telegram chat and account after August 18. Herro deleted another Telegram group for early Dough users, according to three former participants. Hacks have long plagued crypto. Funds stolen by hacking cryptocurrency platforms totalled US$2.2 billion in 2024, according to a report from Chainalysis in December. In February, cryptocurrency exchange Bybit was hit in a US$1.5 billion heist researchers called the biggest of all time. Decentralised finance or 'DeFi' platforms like Dough, which allow people to access financial services like borrowing and lending without intermediaries like banks, are particularly vulnerable to hacks. That's because they are typically new and offer novel features and code that are less battle-tested than those of larger, centralised exchanges. For users affected by the hacks, recovery of stolen crypto from the thieves themselves using forensic firms or law enforcement is usually the best option — if a highly uncertain one — because legal claims against exchanges are difficult to prove. Regardless, once a platform is hacked users often do not get their assets back. 'Most of these suits (Lopez's included) assert claims of negligence, likely because such a claim has a lower burden of proof than fraud-based claims,' said Jonathan Cogan, an attorney with Kobre & Kim who has worked on legal disputes involving stolen digital assets, in an email. Post-hack, crypto platforms and exchanges sometimes promise to make users 'whole,' but that's not necessarily binding given the subjective nature of the promise and lack of formalisation in a user agreement. ''Make whole' can be in the eye of the beholder,' said Joseph Cioffi, a partner with law firm Davis+Gilbert who has worked on large crypto bankruptcies and forfeiture proceedings. The Dough website includes various disclaimers, including that crypto technologies are 'novel, experimental, and speculative' and that there 'is significant uncertainty regarding the operation and effects and risks thereof.' But such language would not typically be enough to shield crypto companies from any liability. 'Courts may look into why and how the hack occurred and any obligations undertaken by the exchange to secure the assets,' Cioffi said. Looping is considered high-risk, even in the world of crypto, because it uses leverage to amplify bets — potentially juicing returns but also risking larger losses and forced liquidation of positions. Meir Dolev, CEO of Israel-based crypto security company Cyvers, which detected the Dough hack as it happened, said that looping-related code is what hackers exploited to break into Dough's systems. 'Their implementation of complex, high-risk strategies like looping and de-looping without sufficient safeguards suggests they took excessive risks,' Dolev said via email. Dough's post-hack report acknowledges the same root cause of the theft as Cyvers. Dough added that it would take preventive measures including auditing its code and enhancing security through monitoring. The Dough website is now effectively shut down, locked behind a password and has virtually no assets in it, according to crypto tracker DeFiLlama. World Liberty is part of an array of Donald Trump family's crypto ventures that have expanded during his new administration. — Reuters pic 'Worth nothing' On July 23, Dough announced on Medium that approximately US$281,000 of the stolen crypto assets had been recovered by a professional counter-hacking outfit, SEAL 911, and that the funds would be distributed back to investors on a pro-rata basis. An analysis by crypto security company CertiK shows that, in September, around US$180,000 worth of ether crypto coins in total was sent by a Dough account to 134 digital wallets. It's not clear how those accounts were selected; eight Dough users told Reuters that they received no such repayment. It was unclear what, if any, compensation Lopez has received for his Dough-related losses. Lopez's legal complaint on January 27 said that Herro had 'reneged' on his promise to reimburse Lopez for his nearly 300 ether tokens. Ten victims of the Dough hack contacted by Reuters spoke on condition of anonymity. One user, who said he lost about US$150,000 worth of ether, said he grew frustrated at the lack of communication and reported the hack to the FBI. He said he never heard back from the FBI, nor from Herro. The FBI did not respond to a request for comment. In August, Dough also announced that it would issue proprietary tokens equivalent to the remaining missing funds that could be exchanged for ether if any additional assets were recovered. 'What the hell am I supposed to do with that?' said another Dough user of the millions of Dough tokens he had received after the hack. Unless Dough gets more funds back, 'it's worth nothing.' Thus far, no additional recoveries have been announced. A 25-year-old man in Poland, who did not give his name, told Reuters that he had put most of his life savings, about US$12,000 worth of ether, into the Dough platform around May 2024. His account swelled to about US$25,000 around the time of the hack, said the man who shared screengrabs of his communications with Herro and Folkman via direct messages on The last he heard from Dough was a direct message from Folkman on January 13. 'We should have a solution this week,' he wrote to the Poland man, who said he never received any tokens, ether or other compensation. Days later, on January 20, the day of Trump's inauguration, Herro and Folkman were spotted in Washington, DC, celebrating at a black-tie ball. — Reuters
Reuters
19-05-2025
- Business
- Reuters
How Trump's crypto business partners left their old clients in the lurch
BOSTON, May 19 (Reuters) - (Note language in paragraphs 5 and 15 that readers may find offensive) In May last year, Jonathan Lopez invested about $1 million worth of cryptocurrency in Dough Finance, a small trading platform that made it easy to make risky bets using borrowed funds. Initially, the 31-year-old investor and motivational speaker from Miami did well. Part of Dough's appeal for users was 'looping,' where traders borrow against their crypto holdings to buy more of the same asset and then use that new asset as collateral to buy even more. Each 'loop' increases risk and Dough made those highly technical trades as easy as a few clicks. Lopez paid a 5% fee on the crypto he deposited in Dough, and co-founder Chase Herro personally showed him how to use the platform and cheered him along, according to documents made public in subsequent litigation between the two men. 'We get reward(s) for the risks we take,' Herro wrote Lopez. 'Lfg,' he added, shorthand for 'let's fucking go.' But on July 12, 2024, Lopez's entire investment was gone, stolen by unidentified hackers who made off with about $2.5 million, according to a post-mortem of the heist that Dough later posted online. acknowledge our mistake and are deeply sorry,' Dough said in a post-hack report published on Medium, opens new tab on July 23, 2024 conceding vulnerability in the code that made the hack possible. 'We will continue to work diligently to protect our users and their assets, learning from this incident to enhance our security posture." Two months later, Herro and co-founder Zak Folkman resurfaced with a brand new crypto venture, World Liberty Financial, and new partners: U.S. President Donald Trump and his three sons, Don Jr., Eric, and Barron. erro and Folkman were introduced to President Trump and his two eldest sons by his current mideast envoy Steve Witkoff. The Trumps, Witkoff has said, were smitten by the two men's vision of decentralized finance and became partners in World Liberty, where President Trump is listed as 'Chief Crypto Advocate' and his sons are 'Web3 Ambassadors.' Now Lopez is suing Herro for fraud, misrepresentation, breach of fiduciary duties, and violating Florida's securities laws, seeking restitution and punitive damages as well as legal fees. Lopez did not respond to requests for comment. An attorney for Lopez, Joseph Pardo, told Reuters in February that Lopez had invested heavily in Dough based on Herro's representations, arguments echoed in the lawsuit Lopez filed against Herro in January. Pardo did not respond to requests for additional comment. ttorneys for Herro filed for dismissal or arbitration , calling Lopez a 'sophisticated' investor who should have understood the risky nature of looping and crypto and that the hack was out of Herro's control. The judge overseeing the case set a trial date for April 2026 in Miami federal court. 'We are proud of the entire team,' Trump Organization executive vice president Eric Trump said in an emailed statement in response to questions about Herro and Folkman's involvement in Dough and their role with World Liberty. 'They have overachieved our wildest goals and our current trajectory is nothing short of incredible.' euters review of previously unreported correspondence unearthed by the lawsuit, combined with interviews with 10 former Dough customers and a review of social media posts, lays out for the first time how the crypto entrepreneurs walked away from their old venture just as they became entwined with World Liberty, a crypto project that has sent hundreds of millions of dollars to the family of President Trump. rior to Dough Finance, Herro and Folkman were frequent collaborators as online sales and crypto entrepreneurs. Herro once called himself 'the dirtbag of the internet' in an address to investors about making money in crypto, in which he also said 'I do what's legal…besides that I don't give a fuck'; Folkman early in his career founded 'Date Hotter Girls,' which proffered advice on how to pick up women. fter the collapse of Dough, though, they hit it big with Trump's World Liberty; their cut of the company's revenues so far is at least $65 million, according to their disclosed share of proceeds from the sale of more than $550 million in tokens. The Trump family's share of those token sales is about $400 million, Reuters has reported . Herro and Folkman, as well as Herro's attorneys and a spokesperson for World Liberty, did not respond to requests for comment for this story. Don Jr. and Barron Trump did not respond to requests for comment. The White House press office referred questions to the Trump Organization. ld Liberty is part of an array of Trump family crypto ventures that have expanded during his new administration. These include a $TRUMP meme coin , Trump Media & Technology Group's new crypto exchange-traded funds, a crypto mining operation called American Bitcoin, and USD1 , a stablecoin pegged to the U.S. dollar from World Liberty. hose businesses are testing the norms of how U.S. officeholders are allowed to enrich themselves while in power. Beyond the crypto investments, the Trump family has unveiled plans for a new Trump hotel in Dubai and a new golf course in Qatar. Most recently, Trump has faced bi-partisan criticism for his desire to accept a $400 million airplane from Qatar . n January, the Trump Organization announced the president's assets would be held in a trust managed by his children and he would play no day-to-day role. The thieves made off with nearly all of Dough's deposits, but Folkman and Herro promised to work to recover lost funds. 'We will not stop until everyone is made whole,' Folkman wrote on the day of the breach in a Telegram channel for Dough users with around 2,700 members, reviewed by Reuters. Herro texted Lopez to assure him he would be reimbursed for the nearly 300 ether tokens he had lost, worth about $833,133 at the time, according to Lopez's lawsuit. 'I said we'd take care of it,' Herro wrote. 'I'm letting the team sort this. They said give them the weekend.' Known for their frequent posts online about exotic cars and money-making strategies, the men abruptly stopped updating Dough's Telegram chat and account after August 18. Herro deleted another Telegram group for early Dough users, according to three former participants. acks have long plagued crypto . Funds stolen by hacking cryptocurrency platforms totaled $2.2 billion in 2024 , according to a report from Chainalysis in December. In February, cryptocurrency exchange Bybit was hit in a $1.5 billion heist researchers called the biggest of all time. ecentralized finance or 'DeFi' platforms like Dough, which allow people to access financial services like borrowing and lending without intermediaries like banks, are particularly vulnerable to hacks. That's because they are typically new and offer novel features and code that are less battle-tested than those of larger, centralized exchanges. For users affected by the hacks, recovery of stolen crypto from the thieves themselves using forensic firms or law enforcement is usually the best option – if a highly uncertain one – because legal claims against exchanges are difficult to prove. Regardless, once a platform is hacked users often do not get their assets back. "Most of these suits (Lopez's included) assert claims of negligence, likely because such a claim has a lower burden of proof than fraud-based claims," said Jonathan Cogan, an attorney with Kobre & Kim who has worked on legal disputes involving stolen digital assets, in an email. Post-hack, crypto platforms and exchanges sometimes promise to make users 'whole,' but that's not necessarily binding given the subjective nature of the promise and lack of formalization in a user agreement. ''Make whole' can be in the eye of the beholder,' said Joseph Cioffi, a partner with law firm Davis+Gilbert who has worked on large crypto bankruptcies and forfeiture proceedings. The Dough website includes various disclaimers, including that crypto technologies are 'novel, experimental, and speculative' and that there 'is significant uncertainty regarding the operation and effects and risks thereof.' ut such language would not typically be enough to shield crypto companies from any liability. ' Courts may look into why and how the hack occurred and any obligations undertaken by the exchange to secure the assets,' Cioffi said. ooping is considered high-risk, even in the world of crypto, because it uses leverage to amplify bets – potentially juicing returns but also risking larger losses and forced liquidation of positions . Meir Dolev, CEO of Israel-based crypto security company Cyvers, which detected the Dough hack as it happened, said that looping-related code is what hackers exploited to break into Dough's systems. 'Their implementation of complex, high-risk strategies like looping and de-looping without sufficient safeguards suggests they took excessive risks," Dolev said via email. Dough's post-hack report acknowledges the same root cause of the theft as Cyvers. Dough added that it would take preventive measures including auditing its code and enhancing security through monitoring. The Dough website is now effectively shut down, locked behind a password and has virtually no assets in it, according to crypto tracker DeFiLlama, opens new tab. n July 23, Dough announced on Medium that approximately $281,000 of the stolen crypto assets had been recovered, opens new tab by a professional counter-hacking outfit, SEAL 911, and that the funds would be distributed back to investors on a pro-rata basis. An analysis by crypto security company CertiK shows that, in September, around $180,000 worth of ether crypto coins in total was sent by a Dough account to 134 digital wallets. It's not clear how those accounts were selected; eight Dough users told Reuters that they received no such repayment. It was unclear what, if any, compensation Lopez has received for his Dough-related losses. Lopez's legal complaint on January 27 said that Herro had 'reneged' on his promise to reimburse Lopez for his nearly 300 ether tokens. Ten victims of the Dough hack contacted by Reuters spoke on condition of anonymity. One user, who said he lost about $150,000 worth of ether, said he grew frustrated at the lack of communication and reported the hack to the FBI. He said he never heard back from the FBI, nor from Herro. The FBI did not respond to a request for comment. n August, Dough also announced, opens new tab that it would issue proprietary tokens equivalent to the remaining missing funds that could be exchanged for ether if any additional assets were recovered. 'What the hell am I supposed to do with that?' said another Dough user of the millions of Dough tokens he had received after the hack. Unless Dough gets more funds back, 'it's worth nothing.' Thus far, no additional recoveries have been announced. A 25-year-old man in Poland, who did not give his name, told Reuters that he had put most of his life savings, about $12,000 worth of ether, into the Dough platform around May 2024. His account swelled to about $25,000 around the time of the hack, said the man who shared screengrabs of his communications with Herro and Folkman via direct messages on The last he heard from Dough was a direct message from Folkman on January 13. 'We should have a solution this week,' he wrote to the Poland man, who said he never received any tokens, ether or other compensation. Days later, on January 20, the day of Trump's inauguration, Herro and Folkman were spotted in Washington, DC, celebrating at a black-tie ball.
