Categories
Entertainment

Block reportedly greenlit transactions involving terrorist groups and sanctioned nations

[ad_1]

Block appears to be squarely in the government’s sights. Prosecutors from the Southern District of New York are reportedly probing extensive compliance lapses at the parent company of Square and Cash App. NBC News says a former Block employee has handed over documents to federal authorities, painting a picture of how the company failed to gather required risk-assessment information from customers and subsequently processed illegal transactions.

The documents allegedly show that Block greenlit multiple crypto transactions involving known terrorist organizations. Furthermore, Square reportedly processed thousands of transfers involving nations under economic sanctions. “From the ground up, everything in the compliance section was flawed,” the whistleblower allegedly told NBC News. “It is led by people who should not be in charge of a regulated compliance program.”

Most transactions allegedly involved credit cards, dollar transfers or Bitcoin and weren’t reported to the government as mandated by law. In addition, Block reportedly refused to “correct company processes” when notified of the breaches.

The investigation follows a separate report from NBC News in February highlighting two different whistleblowers who flagged the same issues at Block. They cited “questionable Cash App transactions with entities under sanction by the Treasury Department’s Office of Foreign Assets Control, operations known to sell personal information and credit card data for illegal purposes, and offshore gambling sites barred to U.S. citizens.”

The practice allegedly spanned multiple years. NBC News says it reviewed around 100 pages of documents from the whistleblower involving people or organizations in countries under US sanctions, including Russia, Iran, Venezuela and Cuba. Some of them were reportedly from as recent as 2023.

Graphic from finance company Block showing Jack Dorsey's face on a cube.Graphic from finance company Block showing Jack Dorsey's face on a cube.

Block

The whistleblower claims Block’s management was aware of the alleged offenses. “It’s my understanding from the documents that compliance lapses were known to Block leadership and the board in recent years,” Edward Siedle, a former SEC attorney representing the whistleblower, told NBC News.

The whistleblower says that, besides senior management, Block’s board was told about the compliance issues. Coincidentally or not, several board members made unexpected exits recently, including former US treasury secretary Lawrence Summers, who resigned in February, and Sharon Rothstein, who had been on the board since 2022. Block told NBC News that they were leaving to devote more time to other activities and that their exits weren’t “a result of any disagreements with the company on any matter relating to the company’s operations, policies or practices.”

Federal authorities have taken a greater interest in modern financial platforms in recent years after at least some of them had become something of a Wild West. Of course, FTX’s fraudulent practices and subsequent collapse led to a seismic decline in the cryptocurrency industry. Although it isn’t clear if the feds have gotten involved, Elon Musk’s X (the husk of what was once Dorsey’s Twitter) reportedly violated US sanctions by accepting blue-check subscription payments from terrorist organizations.

[ad_2]

Source Article Link

Categories
News

Warning: Apple Users Targeted in Advanced Phishing Attack Involving Password Reset Requests

[ad_1]

Phishing attacks taking advantage of what appears to be a bug in Apple’s password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to get them to approve an Apple ID password change.

reset password request iphone
An attacker is able to cause the target’s iPhone, Apple Watch, or Mac to display system-level password change approval texts over and over again, with the hope that the person being targeted will mistakenly approve the request or get tired of the notifications and click on the accept button. If the request is approved, the attacker is able to change the ‌Apple ID‌ password and lock the Apple user out of their account.

Because the password requests target the ‌Apple ID‌, they pop up on all of a user’s devices. The notifications render all linked Apple products unable to be used until the popups are dismissed one by one on each device. Twitter user Parth Patel recently shared his experience being targeted with the attack, and he says he could not use his devices until he clicked on “Don’t Allow” for more than 100 notifications.

When attackers are unable to get the person to click “Allow” on the password change notification, targets often get phone calls that seem to be coming from Apple. On these calls, the attacker claims to know that the victim is under attack, and attempts to get the one-time password that is sent to a user’s phone number when attempting a password change.

In Patel’s case, the attacker was using information leaked from a people search website, which included name, current address, past address, and phone number, giving the person attempting to access his account ample information to work from. The attacker happened to have his name wrong, and he also became suspicious because he was asked for a one-time code that Apple explicitly sends with a message confirming that Apple does not ask for those codes.

The attack seems to hinge on the perpetrator having access to the email address and phone number associated with an ‌Apple ID‌.

KrebsOnSecurity looked into the issue, and found that attackers appear to be using Apple’s page for a forgotten ‌Apple ID‌ password. This page requires a user’s ‌Apple ID‌ email or phone number, and it has a CAPTCHA. When an email address is put in, the page displays the last two digits of the phone number associated with the Apple account, and filing in the missing digits and hitting submit sends a system alert.

It is not clear how the attackers are abusing the system to send multiple messages to Apple users, but it appears to be a bug that is being exploited. It is unlikely that Apple’s system is meant to be able to be used to send more than 100 requests, so presumably the rate limit is being bypassed.

Apple device owners targeted by this kind of attack should be sure to tap “Don’t Allow” on all requests, and should be aware that Apple does not make phone calls requesting one-time password reset codes.



[ad_2]

Source Article Link

Categories
News

Dallas Police Department has released video of a shootout involving an illegal immigrant who fatally shot his housemate.

The Dallas Police Department has released body camera footage of the shootout and apprehension of an illegal immigrant suspected of killing his roommate in broad daylight and injuring a police officer.

Officers Derek Williams and Christopher Mazin allegedly witnessed the suspect, later identified as 45-year-old Juan Vicente Zavala Lopez, firing at a man in a vehicle as they passed by a business located at 4847 Scyene Road last Thursday.

The officers responded promptly, parked at a nearby business, and exited with their weapons drawn, according to authorities.

As he drove out of the parking lot, Zavala Lopez allegedly fired multiple shots at the officers, striking a patrol car. Officers retaliated with gunfire and reentered their vehicle to pursue.

On Second Avenue, the officers were pursuing Zavala Lopez when he abruptly made a U-turn and drove back at the officers, who had stopped and evacuated their vehicle. The police department’s body camera footage shows Officer Williams exchanging gunfire with a suspect in a white vehicle.

According to investigators, Williams was struck on the right side of his ballistic vest. The patrol vehicle was struck by additional bullets.

The injured officer was transported to a nearby hospital for treatment before being released. Monday’s press conference by Police Chief Eddie Garcia revealed that Officer Mazin was unharmed.

Ruperto Mondragon Salgado, 60, the victim of the initial shooting, died at the site. Another passenger in the vehicle was unharmed.

A search for the suspect led to a Lewisville, Texas, residence. To apprehend the suspect, the Dallas Police Fugitive Unit coordinated with Dallas Police SWAT and Lewisville Police.

Zavala Lopez was apprehended after being discovered in a cabin on the property. He has been charged with murder, one count of aggravated assault, and four additional counts of aggravated assault against a peace officer for the initial gunshot.

The initial gunshot, according to Garcia, appeared to be a domestic dispute between two roommates.

Currently, Zavala Lopez is being held in the Dallas County Jail on bonds exceeding $1 million.

Garcia stated that Zavala Lopez illegally entered the nation and is being held by Immigration and Customs Enforcement (ICE). In addition to facing charges in California, Zavala Lopez has a lengthy criminal history, having been deported nine times and spending 18 months in a Texas state prison, according to the police superintendent.