Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label online money. Show all posts
Technology
Crypto Attack Digital Money online money Palo Alto Technology

RedTail Cryptominer Exploits Critical Zero-Day in PAN-OS

A new wave of cyberattacks has been reported, leveraging a critical zero-day vulnerability in Palo Alto Networks’ firewall software, PAN-OS. The flaw, identified as CVE-2024-3400 and assigned a maximum CVSS score of 10.0, enables unauthenticated attackers to execute arbitrary code with root privileges, significantly compromising the security of affected systems. 

Researchers from Akamai have observed that the RedTail cryptomining malware is exploiting this vulnerability. The malware is notably sophisticated, exhibiting a deep understanding of cryptomining operations. Unlike typical cryptomining software that uses public mining pools, RedTail’s operators have established private mining pools or proxies. This approach allows for greater control over mining outcomes despite the higher operational and financial costs involved. 

Updated Tools and Techniques: The latest version of RedTail, active since late April, includes several updated tools: 

Encrypted Mining Configuration: This adds a layer of security and obfuscation to the malware's operations. 

Self-Process Debugging: A tactic to evade analysis and hinder detection. Cron Job Integration: Ensures persistence by automatically restarting the malware after the system reboots. 

Usage of RandomX Algorithm: Boosts mining efficiency. Alteration of System Configuration: Employs hugepages to optimize memory usage and performance. 

Akamai's security researchers Ryan Barnett, Stiv Kupchik, and Maxim Zavodchik reported, "There are many glossy cryptominers out there, but seeing one with this level of polish is uncommon. The investments required to run a private cryptomining operation are significant, including staffing, infrastructure, and obfuscation. This sophistication may be indicative of a nation-state–sponsored attack group. For any business, there is ongoing testing and evolution to ensure that the product (in this case, malware) is successful, which is unlikely to be done without some type of substantial financial backing. The malware was likely quite profitable if it garnered this degree of attention from a sophisticated group.” 

It Is Not Done Yet 

The threat actors behind RedTail are not solely dependent on the PAN-OS vulnerability. They also exploit various other vulnerabilities across different platforms and devices, including SSL-VPNs, IoT devices, web applications, and security appliances like Ivanti Connect Secure. 

What You Can Do?

In response to this threat, Akamai advises using the Akamai App & API Protector for enhanced security measures. Organizations should identify and patch all vulnerable Palo Alto devices to mitigate the risk posed by the CVE-2024-3400 flaw. Hardening devices against various types of cyberattacks, including web platform attacks, command injections, and local file inclusion, is recommended.
Read more »
Web 3
Blockchain Internet New Technology online money Technology Web 3

Web3: A New Dawn for the Internet?

 

In the fast-paced world of technology, a revolutionary concept is gaining traction: Web3. Coined by computer scientist Gavin Wood, Web3 represents a paradigm shift towards a decentralized internet infrastructure, powered by blockchain technology. The traditional internet, often referred to as Web2, is dominated by centralized platforms controlled by a handful of corporations. 

However, Web3 envisions a future where power is distributed among a network of participants, rather than concentrated in the hands of a select few. Navigating Perils and Possibilities of Web3 Since 2018, momentum surrounding elements of Web3 has surged across various sectors, including equity investment, online searches, patent filings, scientific publications, job vacancies, and press reports. 

Particularly, the financial-services industry has emerged as a trailblazer in adopting emerging Web3 technologies and assets. At one juncture, the daily transaction volume processed on decentralized finance (DeFi) exchanges surpassed a staggering $10 billion. Yet, amidst this fervent progress, advancements have been marked by sporadic spurts rather than a seamless trajectory. 

However, if you find yourself grappling with the question of what exactly Web3 entails, you are not alone. A 2022 Harvard Business Review poll, encompassing over 50,000 respondents, revealed that nearly 70 percent admitted to being unfamiliar with the concept. 

In this comprehensive Explainer, we embark on a journey to demystify Web3, exploring its inherent risks and boundless potentials. Through a structured analysis, we aim to shed light on when—or if—this enigmatic vision of the internet will ultimately materialize. 

What This Technology Does? 

At the heart of Web3 lies blockchain technology, a decentralized and immutable ledger system. This foundational technology aims to democratize access and control over digital assets and information by harnessing the collective power of its network. Emerging Elements of Web3 Already, various projects are spearheading the transition to Web3. Decentralized finance (DeFi) platforms and non-fungible tokens (NFTs) are at the forefront, pioneering new methods of interacting with digital assets beyond traditional financial frameworks. 

Advantages and Advocates of Web3 Proponents of Web3 argue that it offers several benefits, including greater transparency, security, and user autonomy. Furthermore, it presents a viable challenge to the dominance of tech giants in the digital realm. 

Technologies Powering Web3: 

A Closer Look At the heart of Web3 are three key technologies driving its decentralized infrastructure: 

Blockchain: Blockchain technology forms the backbone of Web3, offering a decentralized and immutable ledger for recording transactions. For instance, consider Bitcoin, the pioneering cryptocurrency. Its blockchain ensures transparency and security by recording all transactions across a distributed network of nodes, without the need for a central authority. 

Smart Contracts: Smart contracts, coded agreements that automatically execute when predefined conditions are met, play a pivotal role in Web3. Take Uniswap, a decentralized exchange protocol built on Ethereum. Through smart contracts, users can seamlessly exchange tokens without relying on intermediaries, enhancing efficiency and reducing costs. 

Digital Assets and Tokens: Web3 thrives on digital assets and tokens, representing a myriad of value-bearing items existing solely in digital form i.e. CryptoKitties, a blockchain-based game where users collect and trade digital cats. Each CryptoKitty is represented by a unique token on the Ethereum blockchain, showcasing the potential of digital assets to revolutionize ownership and monetization. 

These technologies collectively pave the way for a decentralized internet, empowering users with greater control and autonomy over their digital interactions. As Web3 continues to evolve, its impact on various industries and sectors is poised to be transformative, reshaping the digital landscape as we know it.
Read more »
Technology Threats
Cryptocurrencies cyber attack Cyber Attacks cyber sfety online money Technology Threats

North Korean Threat Actors Stole $41 Million in Online Casino Heist

 

This week, cyber attackers set their sights on Stake.com, an online casino game and sports betting platform. They successfully made away with around $41 million in cryptocurrencies. The FBI has pinpointed North Korea and its infamous state-supported hacking group, the Lazarus Group, as the responsible parties. 

According to Edward Craven, co-founder of Stake.com, the incident was characterized as a "sophisticated breach." It exploited a specific service employed by the casino for authorizing cryptocurrency transactions. Despite the significant amount stolen by the state-affiliated hackers, particularly given the ongoing downturn in cryptocurrency prices, Craven affirmed that Stake.com would persevere in its operations. 

“The FBI has confirmed that this theft took place on or about September 4, 2023, and attributes it to the Lazarus Group (also known as APT38) which is comprised of DPRK cyber actors,” the agency said in a press release. 

The group has been active since 2010 and its primary interest lies in South Korean entities, The group engages in activities ranging from espionage to disruption and even outright destruction. Additionally, they have a track record of pursuing financial gains through cyber operations, which includes targeting cryptocurrency exchanges. 

In 2019, North Korea's Lazarus Group gained infamy and was sanctioned by the U.S. government. This hacking collective also recognized as APT38, has been responsible for a series of high-profile cyber intrusions, amassing well over a billion dollars in ill-gotten gains over the years. 

Just this year alone, the FBI reports that Lazarus Group has purloined more than $200 million in cryptocurrencies. Given the traceable nature of blockchain, authorities possess information on the destination addresses of these funds. The FBI is strongly advising individuals to exercise caution when engaging in transactions linked directly or indirectly to these flagged addresses. 

Speculations from experts suggest that North Korea may be channeling the acquired cryptocurrencies into its nuclear weapons program. This month, Kim Jong-un is scheduled to visit Russia, where discussions are anticipated to revolve around the potential supply of weapons to support Vladimir Putin's ongoing invasion of Ukraine. U.S. officials have cautioned that such actions will come with consequences for the nation.
Read more »
Subscribe to: Posts (Atom)