• Search for:
    23Dec, 2023
    Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware 

    SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

    We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

    Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

    Here are this week’s stories:  

    Ukrainian hackers target major Russian water utility 

    In revenge for the recent Russian attack on Kyivstar, Ukraine’s largest mobile network operator, Ukrainian hackers claim to have launched an attack on Rosvodokanal, the largest private water utility in Russia. The hackers claim to have stolen documents, encrypted 6,000 computers, and deleted 50 Tb of data, disrupting operations. Rosvodokanal is responsible for providing water to millions of consumers, but there do not appear to be any reports of the water supply being impacted by the attack. 

    Former security engineer admits hacking two cryptocurrency exchanges

    The US Justice Department announced that Shakeeb Ahmed has pleaded guilty to hacking two decentralized cryptocurrency exchanges, stealing over $12 million worth of cryptocurrency. The attacks were carried out in 2022 and targeted Nirvana Finance and Crema Finance. The DOJ described Ahmed as a former security engineer at an international technology company, which appears to be Amazon.

    Apple and Adobe patches

    Apple and Adobe have each released patches for a single vulnerability. Apple released macOS Sonoma 14.2.1 to address a WindowServer issue that involved content being unintentionally exposed when users shared their screen. Adobe released an Experience Manager Forms update to address an Apache Struts vulnerability that has been exploited in the wild

    Hundreds of TeamCity instances still vulnerable to attacks

    Hundreds of TeamCity instances are vulnerable to attacks exploiting CVE-2023-42793, according to Censys. The Russian cyberespionage group known as APT29 has been exploiting the vulnerability on a large scale since September 2023, according to government agencies.

    GWT vulnerability remains unpatched 8 years after discovery

    A potentially serious vulnerability affecting GWT, a popular open source web application framework, remains unpatched eight years after it was discovered, according to Bishop Fox. The flaw can expose application owners to unauthenticated server-side code execution. There have been several discussions on the security hole since 2015, but it still has not been fixed. Bishop Fox has published a blog post describing how the vulnerability can be exploited and how developers can check if their GWT-based application is affected. 

    AI vulnerability rating taxonomy for LLMs

    Bug bounty platform Bugcrowd has updated its Vulnerability Rating Taxonomy (VRT) to define how AI vulnerabilities in Large Language Models (LLMs) are classified, reported, and prioritized on its platform in an effort to enable hackers and customers to have a shared understanding of how these types of flaws are handled. 

    Payment fraud underground shows signs of recovery 

    Recorded Future has published its 2023 Payment Fraud report, which reveals that the payment fraud underground is showing signs of recovery following Russia’s crackdown on domestic cybercriminals and its invasion of Ukraine. The report also shows that the volume of stolen payment cards on carding shops has started to rebound. A total of 119 million cards were offered for sale, with a median fraud charge of $79. 

    Google shuts down thousands of YouTube channels 

    Google has terminated thousands of YouTube channels as part of investigations into influence campaigns linked to China, Russia, and Iran. Ads accounts, domains, and other resources linked to these campaigns were also blocked. Hundreds of YouTube accounts linked to campaigns in Turkey, Azerbaijan, Ethiopia, and Sudan also got the ax. 

    Intellexa and its Alien/Predator spyware products

    Cisco has published a new report detailing the evolution of Intellexa, ‘an intelligence agency-grade spyware vendor’ that emerged from the ashes of Cytrox, after it was bought. The report also dives into the vendor’s Alien/Predator line of implants, which were found to persist device reboots. 

    CISA finalizes Microsoft 365 secure configuration guidance

    US cybersecurity agency CISA announced that the final version of its Microsoft 365 Secure Configuration Baselines guidance, which includes input from a public comment period, is now available to the public. The guidance, which aims to help organizations improve the security and resilience of their M365 services, is accompanied by an updated SCuBAGear tool, enabling interested parties to assess their M365 services against CISA’s baselines.

    Resource : https://www.securityweek.com/in-other-news-crypto-exchange-hack-guilty-plea-rating-ai-vulnerabilities-intellexa-spyware/

    15Nov, 2023
    Bitcoin miners make money ahead of ‘halving’

    Bitcoin miners are making hay while the sun shines.

    The business has been yanked out of the doldrums by the cryptocurrency’s recent rally—and now mining companies are racing to lock in profits before bitcoin’s “halving” when rewards for producing the tokens are cut in half.

    The next halving is expected in April 2024, a process designed to slow the release of bitcoin, whose supply is capped at 21 million—of which 19 million have already been mined.

    “You’re seeing a lot of urgency to plug rigs in ahead of the halving,” said Gregory Lewis, analyst at brokerage BTIG that covers the 13 biggest US-listed bitcoin miners.

    Bitcoin’s hashrate—a measure of the computational power needed to mine a coin—has spiked to an all-time high, according to crypto platform Blockchain.com. That means miners are having to use more and more power and speed to crack the complex maths puzzles that earn them a bitcoin.

    Analysts at J.P. Morgan estimate the hashrate has hit record highs for 11 consecutive months, including a historic surge in October.

    Playing the game

    Bitcoin has risen about 37% in the past month to around $37,000 after months of listlessness, a rebound that’s encouraged miners to hook up their powerful computers to crack the puzzles and sell newly minted coins.

    The 30-day average of revenue earned by miners has improved steadily this year to hit an 18-month at $32.46 million on November 11, blockchain.com data shows.

    However, mining—a highly energy-intensive process—is still not as profitable as in its 2021 heyday.

    A measure of miners’ earnings from using 1 petahash per second of computing power in a day has risen to over $81 from $70 at the start of November but remains well below a peak of $127 in early May, according to mining data platform Hashrate Index.

    With six months to go till miners’ share of rewards is slashed, they are looking for ways to keep their margins from shrinking in the highly competitive environment.

    “Every halving forces miners not playing that game at a high enough level to get washed out,” said William Szamosszegi, CEO of mining company Sazmining.

    Halving opportunity

    Bitcoin prices have typically rallied in the past following halvings. Six months after the first halving in 2012, the price jumped to $126 from $12. After the second halving in 2016, it went to $1,000 from $654 within seven months and in 2020 it shot up to $18,040 from $8,570 in the same time period.

    Bitcoin’s third halving in 2020 brought down miner rewards to 6.25 bitcoin per block and the upcoming one is set to push it down to 3.125 in April.

    At current prices, mining each block reaps $231,250.

    Matteo Greco, analyst at digital asset investment company Fineqia International, said many mining companies were upgrading their equipment and boosting their hashrate power to stay competitive.

    To conserve their profit margins, some players have resorted to moving their operations to Central American countries where energy prices are more affordable, and governments friendlier to cryptocurrencies.

    “It’s too early to say if all bitcoin miners are out of the wood,” said Ludovic Thomas, portfolio manager at Swiss-based Criptonite Asset Management that invests in digital assets. “Profitability increase always leads to network hashrate and difficulty increase.”

    Resource : https://www.cnbctv18.com/cryptocurrency/bitcoin-miners-make-money-ahead-of-halving-18322721.htm

    28Oct, 2023
    Top Money Market ETFs for Q4 2023

    Money market exchange-traded funds (ETFs) provide access to the fixed income space and offer the opportunity for capital preservation and security even during market turbulence. These funds typically invest in high-quality and highly liquid short-term debt instruments including Treasury bonds and commercial paper. In exchange for their security, they also do not provide significant income for investors.

    Although most money market ETFs invest primarily in cash equivalents or debt instruments with very short-term maturities, some may also invest in longer-term or even lower-rated debt instruments. In these cases, these securities constitute a somewhat higher level of risk.

    KEY TAKEAWAYS

    • Money market ETFs offer safety and capital preservation during market turbulence.
    • These funds invest primarily in highly liquid short-term debt instruments and cash equivalents.
    • The top money market ETFs include CSHI, PULS, and YEAR.

    There are 35 money market ETFs focused on ultra-short T-Bills and investment grade bonds, excluding those with under $50 million in assets under management (AUM).1 For comparison, a reasonable benchmark for this collection of funds is the S&P U.S. Ultra Short Treasury Bill & Bond Index, which has returned 4.4% in the last year as of Sep. 27.2

    Below, we take a closer look at the top three money market ETFs for the final quarter of 2023. All data below are as of Sep. 26, 2023.

    NEOS Enhanced Income Cash Alternative ETF (CSHI)

    • Performance Over 1 Year: 5.8%
    • Expense Ratio: 0.38%
    • Annual Dividend Yield: 5.30%
    • 30-Day Average Daily Volume: 55,469
    • Assets Under Management: $157.0 million
    • Inception Date: Aug. 29, 2022
    • Issuer: Neos Investments LLC

    CSHI invests in a portfolio of 1-3 month Treasury Bills and also uses put options to achieve monthly income distribution. The use of put options makes this fund slightly more risky than similar ultra-short bond funds. Additionally, as an actively managed fund, CSHI has a higher expense ratio than many other money market-like funds.3 The top holdings of CSHI include T-Bills with maturities in October and November 2023.

    PGIM Ultra Short Bond ETF (PULS)

    • Performance Over 1 Year: 5.6%
    • Expense Ratio: 0.15%
    • Annual Dividend Yield: 4.71%
    • 30-Day Average Daily Volume: 1,012,297
    • Assets Under Management: $5.3 billion
    • Inception Date: April 5, 2018
    • Issuer: Prudential

    PULS is an actively managed fund seeking a balance of current income and capital appreciation. It targets a portfolio of ultra-short duration bonds.5 The fund carries more than 20% of its total assets as cash, corporate bonds, and asset-backed securities. The other top holdings include bonds by Svenska Handelsbanken AB, MUFG Bank, Ltd., and Williams Companies Inc.

    AB Ultra Short Income ETF (YEAR)

    • Performance Over 1 Year: 5.3%
    • Expense Ratio: 0.25%
    • Annual Dividend Yield: 4.38%
    • 30-Day Average Daily Volume: 91,903
    • Assets Under Management: $521.7 million
    • Inception Date: Sep. 14, 2022
    • Issuer: Equitable

    Like PULS above, YEAR is an actively managed fund seeking to achieve both capital appreciation and current income, as well as liquidity regardless of the external market. Most of the fund’s investments are in investment-grade debt with maturities of under one year. The fund may invest in corporate securities, Treasuries, repurchase agreements, and money-market funds, among other products.7 U.S. dollar and corporate bond holdings account for about a quarter of YEAR’s assets, followed by T-Bills and related government bonds with maturities in 2024 and 2025.

    Trade on the Go. Anywhere, AnytimeOne of the world’s largest crypto-asset exchanges is ready for you. Enjoy competitive fees and dedicated customer support while trading securely. You’ll also have access to Binance tools that make it easier than ever to view your trade history, manage auto-investments, view price charts, and make conversions with zero fees. Make an account for free and join millions of traders and investors on the global crypto market.

    Resource : https://www.investopedia.com/top-money-market-etfs-for-q4-2023-7975869

    28Oct, 2023
    Bitcoin’s On A Tear But Not All Crypto Is Booming

    KEY TAKEAWAYS

    • The bitcoin price crossed $35,000 for the first time since May 2022, as market speculators anticipate the impending approval of a spot bitcoin ETF in the U.S.
    • More than $250 million in bitcoin short positions were liquidated in the past three days.
    • According to Deutsche Digital Assets Head of Research André Dragosch, a short squeeze was a key contributing factor to the recent bitcoin price spike.
    • The Bitcoin Dominance Index as calculated by TradingView, also reached 54.26%, which is its highest level since April 2021.
    • As bitcoin’s dominance over the crypto market increases, a report from Kaiko indicates crypto asset delistings from exchanges are happening at the fastest rate in history.

    Bitcoin’s price briefly surged past the $35,000 mark this week and some analysts think that growing small-investor participation may bode well in the coming weeks, but the rise in the cryptocurrency hasn’t helped the rest of the market.

    Trading related to the news of a potential approval of a spot bitcoin exchange-traded fund (ETF) intensified, pushing up the price above $30,000 and squeezing shorts, according to Deutsche Digital Assets Head of Research André Dragosch.1 The short squeeze led to more than $250 million liquidation of short positions over the past three days, according to data from Coinglass.2

    At the same time, the Bitcoin Dominance Index (BDI)—a measure of bitcoin’s share of the overall crypto market—reached heights not seen since April 2021.3

    Bitcoin Dominance Index at Highest Levels in Two Years

    While a rising bitcoin tends to lift all crypto assets, the rest of the market has not been able to keep up with bitcoin this week. In fact, this has been the trend for nearly a year, as the BDI has seen a steady increase since the collapse of crypto exchange FTX in November 2022. Today, BDI is about 54.4%— its highest level since April 2021.

    Bitcoin Dominance Index
    TradingView

    Indeed, the darlings of the previous crypto bull market have not fared well relative to bitcoin over the past year. For example, the native crypto asset of Ethereum, ether, is up only 14% in the past year as opposed to a roughly 66% gain for bitcoin.

    At the same time, Bloomberg reported that crypto tokens are being delisted from exchanges at a rate never before seen in the industry’s history, according to data from Kaiko.4 Nearly 3,500 crypto token delistings have either already taken place or are expected to take place in 2023, and Coinbase (COIN), which is currently being sued by the U.S. Securities and Exchange Commission, is said to have delisted 80 trading pairs this month alone.

    Small Investors Laying Groundwork For Bitcoin Bull Market?

    Dragosch observed increased bitcoin wallet activity for both small and large invetsors, but there was one number that stood out. An increase in “median value of transfer volumes on the Bitcoin blockchain”—an indicator of small-investor participation—could hold some clues about the price direction for bitcoin.

    “Small-investor participation is a necessary condition for a sustained bull market in crypto assets,” Dragosch wrote.1

    Trade on the Go. Anywhere, Anytime

    One of the world’s largest crypto-asset exchanges is ready for you. Enjoy competitive fees and dedicated customer support while trading securely. You’ll also have access to Binance tools that make it easier than ever to view your trade history, manage auto-investments, view price charts, and make conversions with zero fees. Make an account for free and join millions of traders and investors on the global crypto market.

    Resource : https://www.investopedia.com/bitcoin-s-on-a-tear-but-not-all-crypto-is-booming-8379526

    4Nov, 2022
    Bitcoin, Ether Hold Ground While Altcoins Stay Resilient Even as Macro Developments Unfold

    Bitcoin value has lingered lower on Thursday as the aftermath of the Federal Reserve interest rate hike subsided with bulls successfully defending support at $20,000 (roughly Rs. 16.55 lakh) while bears have reinforced resistance at $20,550 (roughly Rs. 17 lakh). As things stand, the value of Bitcoin is up by 0.98 percent in the last 24 hours with its price now around the $20,400 (roughly Rs. 16.88 lakh) mark across global exchanges while Indian exchanges like CoinDCX value BTC at $21,295 (roughly Rs. 17.62 lakh), which is 0.44 percent lesser than what the crypto asset was valued on Thursday morning.

    On global exchanges like CoinMarketCap, Coinbase, and Binance the price of Bitcoin stands at $20,564 (roughly Rs. 17.01 lakh) while CoinGecko data shows that BTC’s value now sits 1.5 percent higher than where it stood last Friday.

    Ether, the largest smart contracts token, hasn’t had agreat week compared to the last one but has managed to hold it range over the past week. Ether is currently up by roughly 1.49 percent over the past 24 hours across global exchanges. Meanwhile on Indian exchanges, ETH is valued at $1,631 (roughly Rs. 1.35 lakh) where values are down at the slightest by over 1.61 percent in the past day.

    Gadgets 360’s cryptocurrency price tracker reveals that most major altcoins had a mixed day of trading over the last 24 hours even though Bitcoin and Ether managed to hold steady. That said, the global crypto market capitalisation numbers show a steady 1.54 percent rise through Thursday and Friday. In the meme coins section, Dogecoin dropped off further after a strong showing earlier in the week. Dogecoin is currently valued at $0.12 (roughly Rs. 9.97) after dropping by more than 9.2 percent in value over the last 24 hours, while, Shiba Inu is valued at $0.000013 (roughly Rs. 0.001037), up 2.45 percent over the past day.

    “Couple of major announcements shaped market activity during the last week. The Federal Reserves’ 75bps rate hike was initially met with market cheer as it was on expected lines, but this outlook changed course sharply once Chairman Powell’s press conference began. He mentioned the need to recalibrate for a higher Terminal Rate which sent ‘Risk On’ assets into a downward spiral, with the S&P 500 dropping 2.5 percent. Surprisingly, crypto markets remained resilient and have, in fact, ended the week in green,” explains Parth Chaturvedi, Crypto Ecosystem Lead, CoinSwitch, in an analysis shared with Gadgets 360.

    “The overall crypto market capitalisation stayed well above $1 trillion (roughly Rs. 82,74,808 crore), with BTC and ETH trading higher at greater than $20,000 (roughly Rs. 16.55 lakh) and $1,500 (roughly Rs. 1.24 lakh) levels. ETH has been outperforming BTC in absolute returns, but the downside movement has also been exaggerated in comparison to BTC,” states Chaturvedi.

    “Another major announcement from last week was Elon Musk’s Twitter acquisition and his rapidly unfolding restructuring plans, which could have a major role for crypto assets. DOGE, the meme coin that counts Musk as an avid proponent, had started pumping in speculation of future Twitter integrations and ended the week almost doubling in price. DOGE market capitalisation has crossed $17.5 billion (roughly Rs. 1,44,809 crore) and has displaced Cardano’s ADA in the rankings. Later in the week, star developer Andre Cronje’s comeback to Fantom, sent the FTM token skyrocketing 25 percent in a day.”

    Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.

    Resource : https://www.gadgets360.com/cryptocurrency/news/bitcoin-usd-20000-ether-holds-firm-altcoins-mixed-day-us-fed-interest-rate-hike-3490046