Empresa lança smartphone próprio para armazenar criptomoeda

By: Reuters

 

SÃO PAULO (Reuters) – A empresa de segurança Sikur revelou nesta segunda-feira um telefone celular dedicado para armazenar criptomoedas, em meio à crescente demanda de investidores por proteção contra crimes cibernéticos no volátil mercado de moedas virtuais de cerca de 450 bilhões de dólares.

O produto, lançado durante uma feira de telecomunicações de Barcelona, o Sikurphone foi lançado com preço de 799 dólares durante a fase de pré-vendas, afirmou a companhia em nota.

A Sikur desenvolve sistemas de criptografia que podem ser instalados em aparelhos iOS, da Apple, ou Android, do Google, assim como em tablets e PCs.

Há três anos, a empresa já havia lançado um celular com criptografia, o Granitephone, que faz comunicações por vídeo, voz, mensagens, chats e compartilhamento de documentos, usando o sistema operacional Android.

Mais: https://br.reuters.com/article/internetNews/idBRKCN1GA2YZ-OBRIN

North Korea poised to launch large-scale cyberattacks, says new report

By: sikur

by Anna Fifield

February 23, 2018

North Korea is quietly expanding both the scope and sophistication of its cyberweaponry, laying the groundwork for more devastating attacks, according to a report published Tuesday.

Kim Jong Un’s cyberwarriors have been accused of causing huge disruptions in recent years, including a massive hack on Sony Pictures in 2014 and last year’s WannaCry ransomware worm, as well as numerous attacks on South Korean servers.

Now, it appears that North Korea has also been using previously unknown holes in the Internet to carry out cyberespionage — the kind of activity that could easily metamorphose into full-scale attacks, according to a report from FireEye, a California-based cybersecurity company.

Although the North Korean regime bans the Internet for ordinary citizens and is decidedly behind the times with most technology, it has funneled a huge amount of time and money into building a cyber-army capable of outsmarting more technologically advanced countries such as South Korea.

“Our concern is that this could be used for a disruptive attack rather than a classic espionage mission, which we already know that the North Koreans are regularly carrying out,” said John Hultquist, director of intelligence analysis for FireEye.

FireEye said it has “high confidence” that a cyberespionage group it has identified as APT37 is responsible for a number of attacks, not just in South Korea but also in Japan, Vietnam and the Middle East. These include “zero-day vulnerability” attacks in which hackers find and exploit flaws in software before the developers have had an opportunity to create patches to fix them.

MORE: https://www.washingtonpost.com/world/north-korea-poised-to-launch-large-scale-cyberattacks-says-new-report/2018/02/20/7f52196a-160a-11e8-942d-16a950029788_story.html?utm_term=.e3787397cd1e

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Young Brits ‘lack cyber-security awareness’

By: sikur

Capturar

by BBC News

February 21, 2018

More than 52% of Britons aged 18-25 are using the same password for lots of online services, suggests a survey.

By doing so they make it easy for hackers to hijack accounts, warned the UK government’s Cyber Aware campaign.

The danger was acute because of the sensitive data people typically send via email and other accounts, it found.

About 79% of the 2,261 respondents of all ages said they had sent bank details or copies of passports and driving licences via messaging systems.

“Your email account is really a treasure trove of information that hackers won’t hesitate to exploit,” said Det Insp Mick Dodge, national cyber-protect co-ordinator with the City of London police in a statement.

The danger of identity theft was significant, he said, because many people who sent personal information via email rarely deleted it.

Bank statements, electronic copies of signatures and other important documents could all be sitting in lists of sent emails, said Det Insp Dodge.

“You wouldn’t leave your door open for a burglar, so why give criminals an open invitation to your personal information?”

Reusing a password helps cyber-thieves because they try to use login names and password combinations released in data breaches on many different online accounts to see if they get a hit.

MORE:http://www.bbc.com/news/technology-43128072

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Hackers Steal Millions by Ditching Malware to Sidestep Security

By: sikur

Capturar

by Dell Cameron

February 21, 2018

Employing sophisticated scams involving social engineering, email phishing, and the harvesting of employee passwords, attackers have pilfered millions of dollars from some of the world largest corporations—all while bypassing traditional hacking safeguards by simply avoiding the use malware.

new report from IBM Security sheds light on ongoing campaigns being waged by “cyber con artists” employing a known scam called Business Email Compromise (BEC). These attacks take on many forms, but typically include fraud involving fake invoices, impersonation of high-ranking corporate officers, and the targeting of accounting or human resources staff to gather sensitive financial information, such as tax statements

The threats tracked by IBM’s global threat intelligence service, known as X-Force (insert Marvel Comics joke here), began by harvesting mass amounts of business user credentials, which in studied incidents enabled attackers to impersonate corporate officers authorized to make large fund transfers.

The compromised accounts were gathered largely using traditional phishing techniques.

In one case, an official-looking email sent to hundreds of corporate contacts appeared to contain a link to a business document. The targets were directed to a fake “DocuSign” website where they were first asked to log in using their email credentials. The attack targeted primarily personnel working in the company’s accounts payable department, the report says.

A key defense against this form of credential harvesting is implementing multi-factor authentication.

MORE: https://gizmodo.com/hackers-steal-millions-by-ditching-malware-to-sidestep-1823187933

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Petro: criptomoeda criada pelo governo da Venezuela já está em pré-venda

By: sikur

Capturar

Por 

Fevereiro 21, 2018

Já está em pré-venda a primeira criptomoeda lançada pelo governo de um país. Trata-se do Petro, a moeda virtual que vai ser colocada no mercado pela Venezuela para tentar aplacar a altíssima inflação que assola a economia local, que faz um Bolívar valer apenas US$ 0,00004. Criada tendo como base o blockchain do Ethereum, o Petro deve entrar em oferta inicial de moeda em cerca de um mês.

A ideia por trás da criação do Petro é que ele sirva como uma segunda moeda oficial da Venezuela, além do Bolívar, com uma quantidade de 82 milhões de unidades da criptomoeda disponível inicialmente, mas intenção de lançar até 100 milhões de petros, que possuem como “lastro” 100 milhões de barris da imensa reserva de petróleo do país.

Fugindo do bloqueio

Outra grande sacada da criptomoeda venezuelana é driblar o bloqueio econômico aplicado pelos Estados Unidos e outros países de economia capitalista contra o país. Usando a moeda virtual, essas barreiras podem ser muito mais facilmente ultrapassadas e a Venezuela receber uma série de investimentos que seriam impossíveis no modelo atual.

Além dos milhões de barris de petróleo que garantem o valor do Petro, acredita-se também que existam reservas de ouro e diamantes que sirvam como lastro da moeda, teria dito o presidente Maduro. A oposição do líder já se declarou contra a medida de criação do Petro e chegou a afirmar que a utilização da criptomoeda seria ilegal e inconstitucional.

Mais: https://www.tecmundo.com.br/mercado/127381-petro-criptomoeda-criada-governo-venezuela-pre-venda.htm?f&&utm_source=facebook.com&&utm_medium=referral&&utm_campaign=thumb

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

UK cyber security agency sticks with China’s Huawei despite US spy fears

By: sikur

Capturar

by Matthew Field

February 20, 2018

The UK’s top cyber security agency has reaffirmed its commitment to working with Chinese smartphone giant Huawei after US spy chiefs accused the company of presenting a national security risk.

The Government and the National Cyber Security Centre (NCSC) will “continue to benefit” from collaboration with Huawei, according to an NCSC spokesman. It comes despite US government employees potentially being banned from using the Chinese company’s smartphones due to security fears.

In the UK, Huawei operates a cybersecurity centre alongside members of GCHQ. Known as “The Cell”, it is set up to monitor threats and backdoors in the company’s own hardware. It is staffed by Huawei researchers overseen by the NCSC.

Last week, US intelligence chiefs from the Federal Bureau of Intelligence (FBI), Central Intelligence Agency and National Security Agency repeatedly warned against Huawei’s phones and recommended US consumers should avoid them.

“We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks,” FBI Director Chris Wray said.

The UK’s relationship with Huawei has taken a different path than its ally, however. Rather than blocking the company, UK spies from GCHQ work closely with the Chinese company.

“Huawei is a globally important company whose presence in the UK reflects our reputation as a global hub for technology, innovation and design,” an NCSC spokesman said.

“This government and British telecoms operators work with Huawei at home and abroad to ensure the UK can continue to benefit from new technology while managing cyber security risks.”

MORE: http://www.telegraph.co.uk/technology/2018/02/20/uk-cyber-security-agency-sticks-chinas-huawei-despite-us-spy/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

SIM Hijacking – T-Mobile customers were victims an info disclosure exploit

By: sikur

Capturar

by Pierluigi Paganini

February 19, 2018

In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability.

A video tutorial titled ‘T-Mobile Info Disclosure exploit’ showing how to use the flaw was also published on the Internet.

Exploiting the vulnerability it is possible to access certain customers’ data, including email addresses, billing account numbers, and the phone’s IMSI numbers.

Such kind of info could be used by hackers in social engineering attack against T-Mobile’s customer support employees with the intent of stealing the victim’s phone number.

The attackers can use them to impersonate the target customer, crooks call the T-Mobile customer care posing as the victim with the intent to trick the operator to issue a new SIM card for the victim’s number.

The crooks activate the new SIM and take control of your phone number, then they can use is to steal the victim’s identity. This is the beginning of the nightmare for the victims that suddenly lose their service.

MORE: http://securityaffairs.co/wordpress/69279/hacking/sim-hijacking-t-mobile.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac

By: sikur

Capturar

by Wang Wei

February 15, 2018

Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail.

First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software.

Like previous ‘text bomb’ bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country.

Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple’s iOS Springboard.

Apps that receive the text bomb tries to load the character, but fails and refuses to function properly until the character is removed—which usually can be done by deleting the entire conversation.

iphone-crash-telugu-character

The easiest way to delete the offending message is by asking someone else to send a message to the app that is crashing due to the text bomb. This would allow you to jump directly into the notification and delete the entire thread containing the character.

The character can disable third-party apps like iMessage, Slack, Facebook Messenger, WhatsApp, Gmail, and Outlook for iOS, as well as Safari and Messages for the macOS versions.

Telegram and Skype users appear to be unaffected by the text bomb bug.

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

CFTC Offers $100,000 Bounty to Crypto Pump-and-Dump Whistleblowers

By: sikur

Capturar

by C. Edward Kelso

February 18, 2018

The US Commodity Futures Trading Commission (CFTC) has created a bounty to encourage whistleblowers coming forward in exposing “pump-and-dump” schemes. “Customers should not purchase virtual currencies, digital coins,” the CFTC warned, “or tokens based on social media tips or sudden price spikes. Thoroughly research virtual currencies, digital coins, tokens, and the companies or entities behind them in order to separate hype from facts.”

Pump-and-Dump Bounty

To eat at scammers’ anonymity at least, the CFTC is offering, “If you have original information that leads to a successful enforcement action that leads to monetary sanctions of $1 million or more, you could be eligible for a monetary award of between 10 percent and 30 percent.”

Customer Advisory: Beware Virtual Currency Pump-and-Dump Schemes is a two-page effort from the CFTC, “advising customers to avoid pump-and-dump schemes that can occur in thinly traded or new ‘alternative’ virtual currencies and digital coins or tokens.”

$100,000 Bounty Available to Crypto Pump-and-Dump Whistleblowers

As these pages have long documented, scams and schemes of old are reappearing anew in a space filled with inexperienced investors. For those familiar with, say, the American stock market experience, boiler room cold calls of yore, penny stocks, hot tips, and sure things are all haunting phrases investors have encountered at one time or another.

The ubiquity of message boards and of stock trading websites only encouraged scammers in this regard. Price action moved on pumps, on posts and general chatter about the potential of a given stock only a few were privy. Greed did the rest. Regulatory bodies in the US have had enough time to see their likes come and go.

$100,000 Bounty Available to Crypto Pump-and-Dump Whistleblowers

Old Wine, New Bottle

And while such scams seem new under the cloak of hip lingo such as cryptocurrency and blockchain and disruptive and game changer, it’s all pretty much the same old dance. Indeed, “Pump-and-dump schemes have been around long before virtual currencies and digital tokens. Historically, they were the domain of ‘boiler room’ frauds that aggressively peddled penny stocks by falsely promising the companies were on the verge of major breakthroughs, releasing groundbreaking products, or merging with blue chip competitors.”

MORE: https://news.bitcoin.com/cftc-offers-100000-bounty-to-crypto-pump-and-dump-whistleblowers/?utm_source=OneSignal%20Push&&utm_medium=notification&&utm_campaign=Push%20Notifications

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

US’s greatest vulnerability is underestimating the cyber threats from our adversaries, foreign policy expert Ian Bremmer says

By: sikur

Capturar

by Natasha TurakHadley Gamble

February 17, 2018

America’s greatest vulnerability is its continued inability to acknowledge the extent of its adversaries’ capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group.

Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the “big four”: Russia, China, North Korea, and Iran.

“We’re vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea — no one in the U.S. cybersecurity services believed the North Koreans could actually do that,” Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.

He also noted the NotPetya malware attack in July 2017, considered the costliest cyberattack in history, which U.S. and European governments have accused Russia’s military of implementing. Believed to be a deliberate attack on Ukraine, it actually wiped off half a point from Ukraine’s gross domestic product.

Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. “It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data.”

MORE: https://www-cnbc-com.cdn.ampproject.org/c/s/www.cnbc.com/amp/2018/02/17/munich-security-conference-ian-bremmer-on-cybersecurity-threats.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist