Tag Archive for: Framework

SquaredFinancial Introduces Enhanced Fraud Prevention Framework and Uncovers Fraud Network

/in


SquaredFinancial values transparency and is strongly dedicated to fighting deceptive practices by developing an advanced fraud prevention framework. Recognizing recent incidents of financial deceit in the trading industry, the company is proactively fortifying its compliance and risk teams and strengthening processes and protocols to promptly detect and address any fraudulent activities.

A holistic approach to fraud prevention and management requires robust tools to conduct comprehensive risk assessments, identify potential vulnerabilities and prioritize risk mitigation.

The first step towards effectively fighting digital fraud is to understand the forms of fraud that occur regularly in the fintech sector. Some of the most common kinds of fraud are identity theft, phishing, web skimming, social engineering, and botnet attacks which can effectively be prevented with a resilient IT infrastructure and a steadfast focus on cybersecurity. In the forex brokerage industry, fraudulent activities have been recurrent and are plotted by networks or individuals exploiting terms and conditions and applying trading tactics to abuse commission and other bonus schemes.

Adapting to the ever-evolving landscape of financial fraud

Throughout the years, fraud networks have consistently targeted businesses, exploiting trading tactics and incurring substantial losses. As such, tactics like shared IP addresses and devices have been employed to exploit trading systems and take advantage of bonus schemes.

Recent fraud case study and actions taken

In November 2023, SquaredFinancial initiated an internal investigation following the deceitful actions of a specific partner. Utilizing internal analytical tools, the company was able to swiftly identify irregularities and has immediately intervened, preventing further exploitation. Craig Jenkins, Chief Legal & Compliance Officer, emphasized, “The recent case of abusers was detected by our software used to identify suspicious patterns, revealing a network of connected trading activities. A thorough inspection uncovered dozens of ‘clients’ engaging in coordinated trades from the same location, even the same computer, to abuse the favourable…

Source…

America’s original hacking supergroup creates a free framework to improve app security

/in


Cult of the Dead Cow (cDc), a hacking group known for its activist endeavors, has built an open source tool for developers to build secure apps. Veilid, launched at DEF CON on Friday, includes options like letting users opt out of data collection and online tracking as a part of the group’s mission to fight against the commercialization of the internet.

“We feel that at some point, the internet became less of a landscape of knowledge and idea sharing, and more of a monetized corporate machine,” cDc leader Katelyn “medus4” Bowden said. “Our idea of what the internet should be looks more like the open landscape it once was, before our data became a commodity.”

Similar to other privacy products like Tor, cDc said there’s no profit motive behind the product, which was created “to promote ideals without the compromise of capitalism.” The group emphasized the focus on building for good, not profit, by throwing slight shade at a competing conference for industry professionals, Black Hat, held in Las Vegas at the same time as DEF CON. “If you wanted to go make a bunch of money, you’d be over at Black Hat right now,” Bowden said to the audience of hackers.

The design standards behind Veilid are “like Tor and IPFS had sex and produced this thing,” cDc hacker Christien “DilDog” Rioux said at DEF CON. Tor is the privacy-focused web browser best known for its connections to the “dark web,” or unlisted websites. Run as a non-profit, the developers behind Tor run a system that routes web traffic through various “tunnels” to obscure who you are and what you’re browsing on the web. IPFS, or the InterPlanetary File System, is an open-source set of protocols behind the internet, mainly used for file sharing or publishing data on a decentralized network.

The bigger Veilid gets, the more secure it will be as well, according to Rioux. The strength doesn’t come from the number of apps made on the framework, but by how many people use the apps to further the routing of nodes that make up the network. “The network gains strength by a single popular app,” Rioux said. “The big Veilid network is supported by the entire ecosystem not just your app.” In the…

Source…

cDc launches Veilid, a free and secure app framework

/in


A group of hackers who call themselves Cult of the Dead Cow (cDc) has developed an open-source tool for developers to create apps that respect user privacy and security. The tool, named Veilid, was unveiled at DEF CON, a hacker convention held in Las Vegas, on Friday.

The group has created a coding framework that can be used by app developers who want to use strong encryption and avoid revenue from ads that are based on users’ profiles derived from the data that most apps collect.

As Engadget reports, cDc leader, Katelyn “medus4” Bowden, said that the group’s vision for the internet was different from the current reality. “We feel that at some point, the internet became less of a landscape of knowledge and idea sharing and more of a monetized corporate machine,” she said. “Our idea of what the internet should be looks more like the open landscape it once was before our data became a commodity.”

Source…

Meet teler-waf: Security-focused HTTP middleware for the Go framework

/in


Protection against XSS, SQLi, and more web attacks for Go-based web applications

the teler-waf tool offers software developers a means to uncover web-based vulnerabilities in Go-based applications

A developer has released a new tool for Go applications that is designed to combat web-based attacks.

Developer and security engineer Dwi Siswanto revealed the open source teler-waf software on January 2. The 24-year-old said on Twitter that the technology was designed to “improve the security of Go-based web applications”.

Available on GitHub, teler-waf acts as HTTP middleware, with an interface for integrating intrusion detection system (IDS) functionality into existing applications.

Teler-waf’s security functions include protection against common web-based threats, such as cross-site scripting (XSS) attacks and SQL injections.

Furthermore, the tool will detect bad IP addresses linked to known threat actors and botnets; malicious HTTP referers, crawlers, and scrapers suspected of causing performance issues or performing illicit data scraping; and locations associated with directory-based brute-force attacks.

Under the bonnet

Speaking to The Daily Swig, Siswanto, who developed teler-waf independently, said the software has several benefits.

A key feature, for example, is the use of datasets updated daily that track known vulnerabilities and malicious patterns of attack. External resources include information from the PHPIDS project, CVE lists from the Project Discovery team, and collections sourced from the Nginx Ultimate Bad Bot Blocker and Crawler Detect.

WIN SWAG Complete our reader survey to be in with a chance of winning Burp Suite merchandise

In addition, teler-waf comes with a net/http handler for integration with application routing functionality, which Siswanto said “makes it easy to integrate into any framework and [is] also highly configurable, allowing it to be tailored to the specific needs of a given web application.

“When a client makes a request to a route protected by teler-waf, the request is first checked against the teler IDS to detect known malicious patterns,“ the developer says. “If no malicious patterns are detected, the request is then passed through for further processing.”

Show and teler

Siswanto is also the creator of teler, a…

Source…