Hackers targeting individuals in the cryptocurrency sector are using a sophisticated phishing scheme that begins with a malicious link on Calendly. "The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call," reports Krebs on Security. "But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems." From the report: A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. "When the project team clicks the link, they encounter a region access restriction," SlowMist wrote. "At this point, the North Korean hackers coax the team into downloading and running a 'location-modifying' malicious script. Once the project team complies, their computer comes under the control of the hackers, leading to the theft of funds."

SlowMist says the North Korean phishing scams used the "Add Custom Link" feature of the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. "Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion," the blog post explains. "Consequently, the project teams may inadvertently click on these malicious links, download, and execute malicious code."

SlowMist said the malware downloaded by the malicious link in their case comes from a North Korean hacking group dubbed BlueNoroff, which Kaspersky Labs says is a subgroup of the Lazarus hacking group. "A financially motivated threat actor closely connected with Lazarus that targets banks, casinos, fin-tech companies, POST software and cryptocurrency businesses, and ATMs," Kaspersky wrote of BlueNoroff in Dec. 2023.

MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event. From a report: "We are pleased that all of our hotels and casinos are operating normally," the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was detected Sept. 10. Rival casino owner Caesars Entertainment also disclosed last week to federal regulators that it was hit by a cyberattack Sept. 7. It said that its casino and online operations were not disrupted but it could not guarantee that personal information about tens of millions of customers, including driver's licenses and Social Security numbers of loyalty rewards members, had not been compromised. Caesars, based in Reno, is widely reported to have paid $15 million of a $30 million ransom sought by a group called Scattered Spider for a promise to secure the data.

An anonymous reader quotes a report from Motherboard: The most insufferable part of every Super Bowl Sunday has historically, without fail, been the ads. This year was no exception, with an unrelenting barrage of ads trying to manifest the metaverse, convince viewers they're missing out on crypto, and lure new blood to online and physical casinos. Results were mixed. Coinbase, in one ad named WAGMI ("we're all going to make it"), crafted an advertisement that bounced a QR code around the screen, changing colors each time it hit the edge like an old-school DVD menu. Scanning the QR codewhich immediately forfeits your right to enter heaventakes the user to this page, where Coinbase offers $15 in Bitcoin for signing up as well as a chance to enter a contest to win one of three prizes for $1 million worth of Bitcoin. The linked webpage went down almost immediately thanks to the increased traffic from the ad, and ridicule at the idea of paying millions of dollars to send millions of viewers to a down site poured in from around the web.

To Coinbase, though, the ad was a success. In a blog post congratulating itself on the advertisement and interviewing Coinbase Chief Marketing Officer Kate Rouch about why the ad was so good, the company revealed it saw "20M+ hits on our landing page in one minute" which "led to us temporarily throttling our systems." Chief executive Brian Armstrong took to Twitter to gloat about the ad: ranked #1 by AdWeek and peaking at #2 in the Apple App Store, just ahead of apps for the Pepsi Super Bowl Halftime Show and the NFL. As it turns out, putting up nothing but a QR code in the middle of a widely-watched sports event and offering free money as well as a chance to win $3 million is a good way to build interest in your app. When Motherboard reached out to Coinbase about the ad, the company directed Motherboard to Rouch's blog post and reiterated its main points.

While taking a victory lap for the apparent success of its ad, Coinbase took the time to explain why this is definitely not at all like the dotcom bubble, which many critics have said is an apt comparison for Sunday's ads. "There have been a lot of comparisons to the dot.com era and speculation that many of the crypto companies advertising in this year's Super Bowl will inevitably fail," said Rouch in Coinbase's blog post. "We don't think about it that way and judging from the early response we've seen, Super Bowl viewers don't either." Rouch insisted that the sheer number of crypto ads in the Super Bowl was "yet another signal that crypto is bursting into the mainstream, and at the center of the cultural zeitgeist." Further reading: This Year's Super Bowl Broadcast May Seem 'Crypto-Happy'. But the NFL Isn't

Yesterday's post about an experiment using virtual worlds in an attempt to investigate the possibility of telepathic ability elicited nearly 400 comments from readers who had points to raise about experimental design, skepticism and credulity, and quantum mechanics. Read on for the Backslash summary of the discussion.

Costa Galanis writes "The LA Times is reporting that a poker tournament will be held where engineers will be able to pit their automatic poker-playing programs against each other in a tournament similar to the upcoming World Series of Poker main event, with a 100,000 dollar cash prize for the winning program. The article mentions how the recent rise in popularity of poker has encouraged many to try and create the poker equivalent of chess' Big Blue, the chess playing computer program that defeated the world's top chess player in a widely publicized event, and also talks about how many engineers also are trying to make bots that are good enough to play and beat human players for money in online casinos."