Risky Business Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now
18 snips
May 21, 2025 Toni de la Fuente, founder of Prowler, dives into the complexities of cybersecurity, discussing recent breaches like the Coinbase data theft by a contractor. He shares insights on the importance of open-source tools and their adaptability for cloud security. The conversation highlights Telegram's crackdown on crime, the rising threat of phishing, and the challenges UK businesses face amid data vulnerabilities. Toni also introduces Prowler's exciting new features, including AI assistance for enhanced security checks.
AI Snips
Chapters
Transcript
Episode notes
Java Heap Dump Leak at TeleMessage
- TeleMessage was breached by exploiting an unsecured Java Spring Boot heap dump endpoint.
- Client-side MD5 hashed passwords allowed attackers to reuse hashes as credentials, highlighting poor security.
Coinbase Leak Spurs Real-World Violence
- Coinbase had a support agent leak customer data to extortionists demanding $20 million ransom.
- Some users with large holdings face real-world violence threats including brutal physical attacks.
Secure Access to Government Email Services
- Assume attackers will abuse trusted government email services for scams.
- Protect external SaaS accounts rigorously to prevent exploitation for phishing.