Tag Archive for: wake

Protecting cryptocurrency assets in wake of the Solana Wallet hack

/in


The incident has brought up numerous concerns regarding the security provided by both the Solana network and “hot” wallets, which are fairly popular with the typical crypto investor, with cryptocurrency assets worth more than $8 million taken from about 8,000 people.

Cause of Solana attack unknown

While Solana’s Twitter account was quick to point out that the attack was not caused by a software compromise on the network, it also stated that its team of engineers was assiduously working with security researchers and ecosystem teams to determine the cause of this wallet attack.

According to preliminary investigations, hardware wallets used by Slope were safe from this issue because they only affected the Slope wallet on the Solana ecosystem.

According to Solana, impacted wallet addresses had their private key information sent to an application monitoring service at some point when they were generated, imported, or used in Slope mobile wallet programs.

Solana has already urged investors affected by the attack to abandon the affected wallets as they could still be compromised even after revoking wallet approvals. While the exact modus operandi employed is still unknown, crypto industry leaders have highlighted that the suspect transactions were properly signed, further indicating that it could be a supply chain attack with a specific focus on Slope ‘hot’ wallet users.

Applications, and devices can be hacked

Applications (software) and devices can be hacked. Since private keys are stored in application and device wallets, hackers can access them and steal your cryptocurrency and that sums up the Solana hack.

And if your wallet has been compromised, it’s paramount that you transfer any existing funds from your compromised wallet to another wallet.

Hackers will wipe your account of funds immediately, but if you’re lucky and they have not done this yet, it’s time for investors to take immediate action.

Source…

Privacy vs. Security: Is Your Bot Mitigation Solution Effective in the Wake of Web Privacy Trends?

/in


Bad Bots Disguise as Humans to Bypass Detection

Bot mitigation providers place significant emphasis on stopping bots with the highest degree of accuracy. After all, it only takes a small number of bad bots to get through your defenses to wreak havoc on your online businesses. One challenge of stopping bad bots is keeping false positives to a minimum (where a human is incorrectly categorized as a bot).

The more aggressively rules are tuned within a bot mitigation solution, the more susceptible the solution becomes to false positives because it needs to decide whether to grant requests for indeterminate risk scores. As a result, real users are inadvertently blocked from websites and/or being served CAPTCHAs to validate they are indeed humans. This inevitably creates a poor user experience and lowers online conversions.

Much of the ongoing innovation in modern bot mitigation solutions has been a reaction to increasing sophistication of the adversary. The fact that bad bots increasingly look like humans and act like humans in an attempt to evade detection makes it more difficult to rely on rules, behaviors, and risk scores for decisioning – making false positives more pronounced.

Humans Now Disguising Themselves for Privacy

A more recent trend is exacerbating false positives, and without proper innovation, it renders legacy rule and risk-score dependent bot mitigation solutions inadequate. It results from the accelerating trends related to humans taking action towards more privacy on the Internet. Ironically, the move towards more privacy on the web can actually compromise security by making it even more difficult to distinguish between humans and bots. 

To understand why it’s essential to know how the majority of bot detection techniques work. They rely heavily on device fingerprinting to analyze device attributes and bad behavior. Device fingerprinting is performed client-side and collects information such as IP address, user agent header, advanced device attributes (e.g. hardware imperfections), and cookie identifiers. Over the years, the information collected from the device fingerprint has become a major determinant for analytics engines used to whether the request is bot…

Source…

Pegasus a wake up call for journalists, says Pulitzer finalist

/in


A major shift is going on in journalism right now when technology, which was being seen an enabler, was being turned against journalists, said Bradley Hope, veteran investigative reporter and Pulitzer finalist. There is now a need for journalists to retrench from technology but still be available for sources and whistleblowers to reach them, added Mr Hope, whose phone was on the Pegasus spyware list.

Speaking at a virtual session on “Journalism in the Age of Surveillance” at the Asian College of Journalism on Friday, Mr. Hope said the Pegasus spyware issue showed widespread abuse of the system. “Once a country buys access to it [Pegasus], it can do anything with the spyware. Pegasus showed widespread abuse of the system. The company doesn’t monitor the use of it,” he said.

Mr. Hope said even though an individual practised the best computer security practices, their phones were vulnerable to the spyware. “It is a pertinent wake up call for journalism because never before have we been so vulnerable. The way this technology has become a powerful tool, you are leaving all the trails that you are trying to lose,” he said.

With people using their phones for everything, it was easier than ever before to access all of their information. “It’s a simple temptation for governments, people in charge to use these spyware to surveil on their enemies, political opponents, people, journalists any one at all,” the journalist said.

Mr. Hope said journalists in India and many other countries had to deal with these challenges of security as they don’t enjoy the same level of protection unlike in the U.K where he is based.

“It is an important moment in journalism for journalists to retrench from technology. Sometimes we need to leave our phone behind [while meeting sources]. I have started to look at my phone as a risk that I carry around all the time”. Explaining about the time he spent in the Middle East, he said many times, his sources would ask him to leave his phone elsewhere as they expected their phones to be a source of trouble.

He also said media organisations must also look at the ways of protecting their journalists. “It is critical how organisations buy their…

Source…

My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks – Threatpost

/in



My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks  Threatpost

Source…