Search This Blog

Showing posts with label Technology. Show all posts

Signal Taunts WhatsApp as Confusion Looms Large Over its New Privacy Policy

 

WhatsApp will take action against users who have not approved the privacy policy though it will not delete users' accounts instead it will disable certain essential features, as per the announcement. Users are still skeptical about adopting the privacy policy because there isn't enough clarity about what it really means. Meanwhile, Signal, a secure messaging app, has taken full advantage of the ability to draw users to its own site. 

WhatsApp announced a few days before the May 15 deadline, which was dreaded by many, that it would not remove users' accounts if they did not approve the privacy policy by that date. By posting a cheeky update on Twitter today, WhatsApp reminded users that their accounts will not be deleted.

“*checks calendar. pours coffee*. OK. Let’s do this. No, we can’t see your personal messages. No, we won’t delete your account. Yes, you can accept at any time,” WhatsApp wrote on Twitter. 

Signal which is an arch competitor of WhatsApp retweeted the post and wrote, “*checks calendar. pours coffee.* Today’s a great day to switch to privacy.” 

After the announcement of its revised privacy policy, WhatsApp has been bombarded with complaints from users. Users were first notified about it in January with an in-app update, with a deadline of February 8 to approve the privacy policy. 

However, users were outraged by the lack of clarification, and the majority of them moved to other messaging apps such as Signal and Telegram. Users thought WhatsApp would share users' private conversations with Facebook, forcing the company to push back the launch date to May 15. 

The terms and conditions, however, have now been modified. WhatsApp had previously issued users an ultimatum to accept the privacy policy in order to continue using the app, but it has now confirmed that the account would not be deleted. Though WhatsApp may not delete the account, it will deactivate certain features and transform the app into a dummy app. 

WhatsApp told The Guardian in a statement, “After a few weeks of limited functionality, you won’t be able to receive incoming calls or notifications and WhatsApp will stop sending messages and calls to your phone. At that point, users will have to choose: either they accept the new terms, or they are in effect prevented from using WhatsApp at all.”

The expert said that WhatsApp transfer users correspondence to Facebook

 Facebook collects the data from users' devices, phones, correspondence and conversation content, photos, calls, movements

Messenger WhatsApp has long been sending the data of its users to Facebook, including the content of correspondence, photos and locations, said Igor Bederov, an expert at the SafeNet engineering center of the National Technology Initiative (NTI).

"The first thing to mention is that WhatsApp has been owned by FB for several years now. That is, all the data that the company declares in the present changes have actually been transferred for a long time," said Bederov.

According to him, this is done to increase the number of analyzed users.

"The more data the ecosystem of services that are part of FB analyzes, the more accurate, effective and expensive advertising targeting they will be able to offer their clients. And that is precisely the goal itself. The company earns precisely through advertising," said the expert.

He stressed that Facebook collects the data from users' devices, phones, correspondence and conversation content, photos, calls, movements. This data is analyzed and sold to advertisers to encourage users to buy products they allegedly need.

According to Bederov, the number of messenger users will certainly fall. This is due to the fact that people want to be sure that their data are protected.

WhatsApp's new privacy policy will come into effect from May 15. The messenger will transfer account registration data, transaction data, use of services, information about mobile devices, IP address to the parent company Facebook.

Those who have not accepted the new user agreement will only be able to receive incoming calls and notifications, and they will not be able to read and send messages.

Recently, the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) said it expected WhatsApp to confirm the localization of personal data of Russian users in Russia. If the social networks do not respond to the request of Roskomnadzor by the end of May, it will be decided to bring them to administrative responsibility for violation of Russian legislation in the sphere of personal data.

Roskomnadzor stressed that Russians "should clearly understand the risks" associated with the transfer of their personal data to foreign companies.

GasBuddy Jumps to No. 1 on Apple Store After Colonial Pipeline Shutdown

 

Someone’s loss is someone else’s gain – this proverb perfectly fits in the scenario of GasBuddy. GasBuddy, a popular fueling app that allows users to identify when a station is out of fuel, is the most downloaded app on US Apple devices amid a run-on gas caused by a cyberattack on a critical pipeline. The rapid surge came after the company activated its emergency fuel availability tracker feature, used typically to help people find where there is gas after a natural disaster such as a hurricane.

According to the mobile analytics firm App Annie, the company’s app rose from the 900th most popular in the App Store last week to No. 1 on Wednesday. In the Google Play store that serves many Android devices, GasBuddy has risen to 24th. 

The Colonial Pipeline reopened on Wednesday after being hit by a ransomware attack last Friday. The pipeline delivers about 45 percent of the gas on the East Coast. The cyberattack caused long lines and outages at gas stations in the Southeast because of distribution problems made worse by panic-buying. 

According to GasBuddy, users of Android and iOS devices typically downloaded its application about 15,000 times per day in 2021. But, on Tuesday that the app reached 313,001 downloads compared with the average daily downloads of 15,339 in the last thirty days. This means the app reached 20 times more downloads on Tuesday than the average day in 2021. 

“I was taken aback by the extent of the gas shortages. By Thursday afternoon, GasBuddy said, there were outages at 73 percent of stations in Washington, D.C, 69 percepnt in North Carolina, 52 percent in South Carolina, and at high levels in several other states,” Max Metral, GasBuddy’s chief technical officer, said in an interview.

“We knew we’d have some traffic increase, but I had no idea, there’s a societal part of that, too, because the event itself wasn’t the problem. The problem was that everyone just went out and tried to horde gasoline, and it got much worse,” Metral added.

WawaGasBuddy was established in 2000 as a website to track fuel prices. It had been owned by United Communications Group, a Maryland-based private holding company, but was sold to Professional Data solutions, Inc. in late April. It uses data contributed by users at more than 150,000 gas stations to offer analysis about the fuel market.

Russian researchers developed methodology to predict cyber risks

 Scientists from St. Petersburg Polytechnic University have developed a methodology for assessing cyber risks in smart city systems. The developed methodology has been tested on the "smart intersection" test bed (a component of smart transport system of smart city).

It should be reminded that St.Petersburg participates in the formation of Smart City program, which will provide new services for the residents of megacities, increasing the safety of citizens. Digital services are an integral part of such system.

Experts explained that cybercriminals have new goals: to disrupt the functioning of large enterprises and urban infrastructure, as well as to intercept control over them. Attackers using wireless channels can remotely penetrate a target subnet or device, intercept traffic, launch DoS attacks and take control of IoT devices to create botnets.

"At present, traditional cyber risk analysis strategies cannot be directly applied to the construction and assessment of smart city digital infrastructures, as the new network infrastructure is heterogeneous and dynamic," said Vasily Krundyshev, a researcher at the Institute of Cybersecurity and Information Protection.

At the same time, he stressed that the purpose of this project is to provide the level of protection of information assets of the smart city taking into account specific features of modern cyber threats.

The methodology of cybersecurity risk analysis of the smart city includes the stages of assets type identification, threat identification, risk calculation and analysis of obtained values. The proposed methodology is based on a quantitative approach. At the same time, according to scientists, it is easily and quickly calculable, which is especially important in conditions of modern dynamic infrastructures.

Experimental studies using a set of developed simulation models of typical digital infrastructures of a smart city (Internet of Things, smart building, smart intersection) have demonstrated superiority over existing Russian and foreign counterparts.

It is interesting to note that earlier St. Petersburg scientists created an innovative installation for cleaning water reservoirs.

$2 Million Cryptocurrency Controversy Linked with WallStreetBets Investors

 

As per a Bloomberg News story, at least $2 million of a cryptocurrency conspiracy was recently tossed from investors of Wall Street Bets, enticing them to invest in new crypto coins associated with the famous meme stake. 

Moderators of the infamous Reddit Forum have already warned users for weeks to stop fraud based on the good credibility of the WSB. An article published calls on members of the community to be aware of WSB items offers. 

“People keep posting a press release about an official Wall Street Bets distributed app. (Aka, a crypto pyramid scheme). Nothing could be further from the truth. We are strongly anti-monetization. This scam has nothing to do with us,” as per the report. 

Many people have skipped the memo, as a couple of WSB enthusiasts have recently been scammed by this ilk. In reality, lately, an offer has been made available on the chat app Telegram, ordered by a "Wall Street Bets — Crypto Pumps" account. These "Crypto Pumps" claimed that it offered bet enthusiasts the opportunity to invest in the latest crypto token known as "WSB Finance." In the domain of cryptocurrency, such an arrangement is called the "premise sale," which allows an early investor to purchase a token until the crypto exchange reaches as well as the public distribution is more widespread. 

Potential buyers were instructed to submit Binance Coin or Ether to a crypto wallet and then contact the "token bot" on the site that would transfer the tokens for the user WSB Finance. It's been not much until the ETH and BNB flowed into the wallet of Crypto Pump. 

Nevertheless, a little snack came from the buyers. " Pumps" alerted everyone that there was an issue with the bot soon after the coinage was pocketed, it was faulty. This will lead to even more users sending crypto payments, or “lose their initial investment,” reports Bloomberg. 

Innately, the "WSB Finance Tokens" are not present as well as the coins also never appeared. Whatever fraudsters they were, they made up to some 3,451 Binance coins – a total of some $2.1 million once converted into real-world currency. The suspects could also have rendered unspecified contributions by Ether donations. 

Before the “Crypto Pumps” profile disappeared from Telegram, the page’s administrator had one final message to share. The fraudster wanted victims to know how the ill-gotten winnings would be spent: “Buying Lambo now,” they said.

A Russian specialist warned of the deadly dangers of the smartphone

 Smartphones of the company Samsung are frequently exploding. There are also known cases when Apple products exploded in the hands of users

The leading analyst of Mobile Research Group Eldar Murtazin warned about the lethal danger that can occur when buying non-original chargers and other accessories for smartphones.

According to him, non-original chargers can ignite during use. So, a charger bought from an unfamiliar seller could turn out to be fake, which could lead not just to battery failure and wear, but also to the device igniting and breaking down.

"These are not empty words, it happens every year, and in Russia, several people die from it every year," warned the specialist.

In addition, the use of a smartphone in a bath, when it is on recharge, poses a danger, the analyst emphasized.

Also, the danger can threaten if the user decides to disassemble his smartphone.

"If you do disassemble the device, never touch the battery, because if you break its shell, it can ignite," said Murtazin.

Cheap smartphone accessories, such as headphones or cases, can also be dangerous to health, as they can cause allergic reactions or skin burns.

At the same time, Mark Sherman, managing partner of the B&C Agency communications agency, stressed that the smartphone itself can not be dangerous, but if it happens, it may be the fault of the user.

"If the smartphone breaks, you need to take it to specialists, rather than trying to fix the device yourself", added Mr. Sherman.

Earlier, Pavel Myasoedov, partner and director of Intellectual Reserve, said that contact with water, a blow or prolonged charging can lead to an explosion. According to him, most often explode smartphones of Samsung, which even had to recall all phones Galaxy Note 7 from sale on a wave of panic. There are also known cases when Apple products exploded in the hands of users.

Workings of US Firms Disturbed Due to Covid Surge in Banglore

 

To say that Bengaluru’s epidemic is huge is an understatement. Bengaluru has more than 65 percent of all active cases recorded in Karnataka in a virulent second wave where the test positivity rate in the State is touching new highs. On May 7, Bengaluru recorded 346 deaths due to COVID-19, according to a bulletin released by the Karnataka government. 

Health experts have warned that the situation could be more threatening in the coming weeks, with one model predicting as many as 1,018,879 deaths by the end of July, quadrupling from the current official count of 230,168. A model prepared by government advisers suggests the wave could peak in the coming days, but the group's projections have been changing and were wrong last month. 

As a result, US firms like Goldman Sachs Group Inc. and UBS Group AG have come under intense strain. These firms played critical roles in everything from risk management to customer service and compliance. A growing number of employees are either sick or scrambling to find critical medical supplies such as oxygen for relatives or friends.

An employee at UBS said their bank has nearly 8,000 workers but due to Covid-19, many are absent. As a result, work is being shipped to centers such as Poland. The Swiss bank's workers in India handle trade settlement, transaction reporting, investment banking support, and wealth management. Many of the tasks require same-day or next-day turnarounds.

Standard Chartered Plc issued a statement last week that nearly 800 of its 20,000 employees in India were infected. As many as 25% of employees in some teams at UBS are absent, said an executive at the firm who spoke on condition of anonymity for fear of losing his job.

For now, back-office units are managing part-time workers or asking employees to perform multiple roles and re-assigning staff to make up for those who are absent. They are scheduling overtime, deferring low-priority projects, and conducting pandemic continuity planning exercises for multiple locations should the virus wave intensify. 

Similarly, thousands of Goldman employees are working from home, doing high-end business tasks such as risk modeling, accounting compliance, and app building. A representative for the bank said workflows can be absorbed by the wider team if needed and there's been no material impact so far.

40% of all Android Phones Affected by Qualcomm Snapdragon Vulnerability

 

Security scientists who believe that a weakness that can be used to insert malicious code mostly on mobile by using the Android operating system itself as a port of entry has recently been reported as a grave security flaw concerning Qualcomm mobile station modems (MSM). The impacted chip(s) would connect nearly 40% of all smartphones, such as Samsung and other OEM's high-end phones, in the world. 

Qualcomm MSM is a 2G, 3G, 4G, and 5G-capable Chip System (SoC) used by several vendors, such as Samsung, Google, LG, OnePlus, and Xiaomi, for approximately 40 percent of cell phones. 

"If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones," as per the Check Point researchers who found the vulnerability tracked as CVE-2020-11292. 

The security vulnerability can also allow attackers to activate the SIM module used to safely store the network authentication information and contact details on mobile devices. 

The criminals have to misuse a stack overflow vulnerability in the Qualcomm MSM Interface (QMI), which is being used by the cellular processors for interface with the software stack, to exploit CVE-2020-11292 and monitor the modem and remotely repair it from the application processor.

Malicious apps could then use the loophole to mask their activities from the modem chip on its own and effectively invisibly track malicious behavior using Android security features. 

"Going forward, our research can hopefully open the door for other security researchers to assist Qualcomm and other vendors to create better and more secure chips, helping us foster better online protection and security for everyone." 

Following the study, Qualcomm produced security patches to resolve the security problem CVE-2020-11292 and delivered them to all affected vendors in December 2020, two months later. Qualcomm's priorities are the availability of solutions supporting comprehensive safety and privacy. While in December 2020, Qualcomm Technologies provided OEMs with updates and they encourage end-users to upgrade their devices when patches are available. 

As Qualcomm sent the CVE-2020-11292 patches to OEMs last year, it ought to be safe against efforts to jeopardize any modernized devices for Android users with newer devices often receiving security and system updates. Unfortunately, it might not be that lucky for all those who didn't upgrade to a new smartphone promoting newer Android launches over the last few years. 

Given the reality, about 19% of all Android devices run Android Pie 9.0 (launched in August 2018) and over 9% Android 8.1 Oreo (launched in December 2017) as per the Stat Counter data. 

Last year Qualcomm rectified the Digital Signal Processor Chip (DSP), which allows attackers to monitor smartphones, spy on the users, and build immovable malware which can avoid detection, with much more vulnerabilities that could impact Snapdragon. 

KrØØk was also repaired by Qualcomm in July 2020, a security bug that can be used to decipher certain WPA 2 encrypted wireless network packets. In 2019, yet another bug was fixed which enabled access to sensitive data and two faults in the SoC WLAN firmware that permitted over the air compromise of the modem and kernel.

Northeastern University Team Finds New Ways to Detect Bugs in its Research

A research team at Northeastern University finds vulnerabilities and code defects. It does it by detecting when a programmer uses various code snippets to carry out the same tasks. Consistent and repeatable programming is said to be one of the best ways in software development, it has also become more crucial as the development team grows in size every day. Today, Northeastern University's research team reveals that finding irregular programming, code snippets that carry out the same tasks but in unique ways, can also help in finding bugs and potential vulnerabilities. 

The team presented a paper at USENIX Security Conference last year, researchers used machine learning to detect bugs. It first identified code snippets that carried out the same functions, later compared the codes to find irregularities. Known as "Functionally Similar yet Inconsistent Code Snippets" aka FICS, the program detected 22 new bugs after investigating QEMU and OpenSSL open-source projects." From basic bugs such as absent bounds checking to complex bugs such as use-after-free, as long as the codebase contains non-buggy code snippets that are functionally similar to a buggy code snippet, the buggy one can be detected as an inconsistent implementation of the functionality or logic," said the experts. 

Expert Mansour Ahmadi, research associate at Northeastern University says that they don't intend to change other methods of static analysis with this research, however, they want to give developers an idea about addition tool in their infantry which can be used to analyze code and find bugs. Mr. Ahmadi currently works at Amazon as a security engineer. An earlier different approach uses static analysis, when faced with an issue or had to be encountered with a rule to find the pattern. 

For instance, if a system has previously found a variant of a bug, these approaches are likely to fail in finding the bug. However, with accurate implementations of code snippets with similar functions, the FICS method can easily find the bug. According to Mr. Ahmadi, " While we were acknowledged by the developers for our findings, the developers did not proceed to assign CVEs to them as they believe the bugs are not exploitable."

Cryptocurrency Mining Will Void Your SSD Warranty, Manufacturer Galax Warns

 

SSD designer Galax has warned users on its Chinese website that mining cryptocurrency with the company’s Solid State Drives (SSDs) will void their warranty with that product. This comes as no surprise with miners getting prepared to start mining the new Chia cryptocurrency which focuses on storage to mine coins rather than requiring the best mining GPUs.

“If users use our SSDs for mining/farming and other abnormal operations, the data writing volume is much higher than the standard for daily use, and the SSD will slow down or get damaged due to excessive data writing volume. Due to the tests carried out, the damages are qualitative according to the test results, and that is why according to the quality assurance standards of our SSDs, we have the right to refuse to provide warranty services. The right of final interpretation belongs to the company, " Galax published a note on their website.
 
Chia is a new cryptocurrency that isn't even available to trade just yet, but it's already gaining in popularity. The main attraction for this new crypto is the way you can mine the cryptocurrency. Chia relies on a 'proof of time and space' algorithm to mine the currency on hard drives and SSDs, so there's no need to optimize your GPU for mining.

The makers of Chia designed it to be mined this way so mining the cryptocurrency is more accessible to the end-user and won't penalize the customer with big electricity bills or the purchasing of single-use hardware (i.e., ASICs). But, on the negative side of things, this mining technique could severely affect storage supply and demand. If Chia gets popular at all, we will probably see the same shortages we're seeing on GPUs applied to hard drives and SSDs as well. At present, Chia already has over 950 petabytes of storage, consisting of 101.4GiB plots. That's a lot of hard drives and SSDs, and that space remains occupied as long as a miner wants to try to harvest Chia. 

Given how much data write is required to design a Chia plot, it's no surprise that Galax is already preventing users from using their warranty on its SSDs when it comes to mining workloads. If Chia is demanding enough on write performance, we could see all other SSD manufacturers following suit.

App Census Study Reveals that Android Devices Leak User Data Stored in Contact Tracing Applications

 

According to security experts, hundreds of third-party applications on Android devices have access to confidential information collected by Google and Apple API contact-tracking devices. The Department of Homeland Security provided about $200,000 to App Census, a U.S. start-up that specializes in data protection practices in Android applications, earlier this year for testing and validating the reliability of contact tracking apps. 

The researchers of the business observed that the primary contact tracking information inside the device's system logs are recorded by Android Phones logging data from applications that use Google and Apple's Exposure Notifications System (ENS), that is used for collecting details, and usually where applications receive usage analytics and malfunction reports data. 

In an effort to assist medical authorities around the globe to develop contact tracing apps associated with the data protection requirement underlying the Android and iOS ecosystems, Google and Apple jointly launched ENS last year. API built by Apple and Google allows governments to build decentralized Bluetooth-based contact tracking software. 

The app-equipped devices send confidential, regularly changing IDs, known as RPIs, that are diffused via Bluetooth in such a way that nearby telephones that also use the application can be "heard". 

The observations of App Census reveal that the two Tech Giants' privacy pledge has certain deficiencies. Both transmitted and heard RPIs can indeed be identified in the machine logs of Android phones – as well as the device even records the existing Bluetooth MAC address of the destination server on RPIs that have been heard. Thus App Census found many ways of using and computing datasets to conduct data protection attacks since the RPI and the Bluetooth MAC addresses are unique and anonymized.

"Of course, the information has to be logged somewhere to do the contact-tracing, but that should be internally in the ENS," Gaetan Leurent, a researcher at the French National Institute for Research in Digital Science and Technology (INRIA), stated. "It is unsettling that this information was stored in the system log. There is no good reason to put it there." 

The RPIs could have been used along with different pieces of datasets to determine that whether users checked for COVID-19 positively, whether they had contacted an infectious individual or whether two persons met each other with access to device registers from multiple users. It is meant to preserve privacy in the contact tracing process, and precisely this type of data should be avoided. Therefore, the entire defense which should form the foundation of this protocol is defeated. 

A Google spokesperson told: "We were notified of an issue where the Bluetooth identifiers were temporarily accessible to some pre-installed applications for debugging purposes. Immediately upon being made aware of this research, we began the necessary process to review the issue, consider mitigations and ultimately update the code." 

The spokesman added that these Bluetooth identifications neither disclose the location of a customer nor provide any other identifying details, and also they are not aware that they were used in any manner. As per Google, roll started many weeks ago with the upgrade on Android devices and is due to be completed in the coming days. Previous publications of the researcher have shown that irrespective of implementation, the use of digital technology for contact tracking would necessarily present a risk to privacy.

Leaked Apple Schematics & Extortion Threats Removed From Dark Web

 

According to MacRumors, the ransomware group that stole schematics from Apple supplier Quanta Computer last week and threatened to release the trove of documents has mysteriously deleted all references to the extortion attempt from its dark web blog. 

Last Tuesday, the ransomware group REvil claimed that it had gained access to Quanta's internal computers and obtained some photographs and schematics of unreleased Apple products. The group requested $50 million from Quanta in order to retrieve the data. However, according to a statement posted on the hacker group's website on April 20, Quanta declined to pay the ransom, which led the criminals to turn their attention to Apple. 

The hackers publicly posted a handful of images depicting unreleased product schematics, including in total, 21 images showing different features of an alleged upcoming MacBook Pro, an SD card slot, HDMI slot, and a MagSafe charger, to prove they had hacked into Quanta's servers and to increase the pressure on Apple. 

Unless Apple paid the $50 million ransom demand in return for removing the files, the group threatened to publish new data every day leading up to May 1. The extortion attempt was timed to coincide with Apple's "Spring Loaded" digital event on April 20, at which the company unveiled AirTag item trackers, new iPad Pro models, and new iMacs. Despite the threat, after the original demand was made public, no further stolen documents have been leaked online. 

REvil isn't known for bluffing and regularly shares stolen documents if its victims don't pay up, so it's unclear why the group didn't follow through this time. According to MacRumors, the photos were mysteriously deleted from their dark web location. The group has not stated why the photos were deleted, and all references to the blackmail attempt have been removed. 

Apple is still yet to comment on the breach, although it has a history of refusing to deal with hackers. A hacker group tried to extort money from Apple in 2017 by keeping consumer data hostage. "We do not reward cybercriminals for violating the law," Apple told the community, and the company has yet to comment on the breach. 

The group is still aggressively extorting other businesses, so it's unclear what caused it to delete all material related to the Quanta hack.

Millions of the Pentagon’s Dormant IP Addresses Sprang to Life, Just Minutes Before Trump Left Office

 

While the world was focused on President Donald Trump's departure on Jan. 20, an obscure Florida corporation quietly revealed a shocking development to the world's computer networks: it was now controlling a vast unused swath of the internet that had been owned by the US military for decades. 

What happened after that was even stranger when Global Resource Systems LLC, the company, continued to expand its zone of influence. It quickly claimed the Pentagon's 56 million IP addresses. After three months, the number had risen to nearly 175 million dollars. That's nearly 6% of a coveted traditional segment of the internet known as IPv4, where such vast pieces are worth billions of dollars on the open market. 

Telecommunications powerhouses of well-known names like AT&T, China Telecom, and Verizon dominate the largest swaths of the internet. Global Resource Systems, a company created only in September with no publicly known federal contracts and no apparent public-facing website, was now at the top of the list. 

On Friday, a receptionist at the shared workplace told a reporter that she couldn't give her any details about the company and asked her to leave. Global Resources Systems' control of Pentagon addresses was only revealed in the mysterious world of Border Gateway Protocol (BGP), the messaging system that instructs internet companies on how to channel traffic around the world. Messages started to arrive informing network administrators that IP addresses previously allocated to the Pentagon but inactive could now accept traffic if routed to Global Resource Systems. 

After the introduction of BGP in the 1980s, network administrators have been speculating about the most drastic change in IP address space allocation. The Defense Digital Service, an elite Pentagon agency that reports directly to the Secretary of Defense, is responsible for the transition. The DDS describes itself as a "SWAT team of nerds" associated with solving departmental emergency problems and doing groundbreaking work to enable significant technical advances for the military. 

The Pentagon's DDS, which was founded in 2015, has a Silicon Valley-style office. In recent years, it has worked on a variety of special initiatives, including designing biometric software to help service members distinguish between friendly and enemy forces on the battlefield and ensuring the encryption of emails Pentagon personnel exchanged with third parties about coronavirus vaccines. 

The DDS's director, Brett Goldstein, said in a statement that his unit had approved a "pilot effort" to publicize the Pentagon's IP room. According to Goldstein, “this pilot will analyze, evaluate, and prevent unauthorized use of DoD IP address space.” In addition, this pilot could reveal possible security flaws. 

The plan, according to Goldstein, is one of the Pentagon's many attempts to constantly improve the cyber posture and security in response to advanced persistent threats. “We're working together through the Department of Defense to ensure that any possible vulnerabilities are addressed,” he added.

The details of what the campaign is attempting to accomplish are still unknown. The Pentagon refused to answer a variety of questions about the project, including why Goldstein's unit used a little-known Florida company to carry out the pilot rather than having the Defense Department itself "announce" the addresses via BGP messages, which would have been a much more common method. 

The Global Resource Systems announcements, on the other hand, seem to have directed a flood of internet traffic toward Defense Department addresses. According to Madory's tracking, large-scale internet traffic movements started almost immediately after the IP addresses were announced on January 20. 

Russell Goemaere, a spokesman for the Defense Department, confirmed in a statement to The Washington Post that the Pentagon still owns all the IP address space and hadn’t sold any of it to a private party. 

Since the programme isn't public, a person familiar with the pilot effort agreed to speak on the condition of anonymity. He said it's critical for the Department of defense to have "visibility and accountability" into its various cyber tools, including IP addresses, and to maintain the addresses appropriately so they'll be available if and when the Pentagon needs them.

Here's a Quick Look at the Role of 'Covalent BlockChain Data API' in Terms of Data Gathering

 

In this article, we’re going to deep dive into the role of Covalent, the unified blockchain API. So, the first question that arises in all of our minds– What is covalent? 

Covalent is the only multi-chain API that provides every single point of on-chain data. This includes granular, historical, and blockchain metadata. Blockchain technologies can change the world, but this potential is left unfulfilled if the data is not accessible. Despite the proliferation of digital assets on the blockchain, granular and historical blockchain data is impossible to access by anyone but the most sophisticated and technically talented individuals. Querying blockchains directly is time-consuming and compute-intensive, while additionally refining and manipulating the data adds another layer of complexity. 

Current solutions require developer hours to write additional code to query granular and historical blockchain data. Developers need to be retrained while understanding the complex tools (for example, how to write a subgraph), which can take weeks or months to implement. This is expensive to adopt and slows down the mainstream adoption of blockchain technologies. Covalent is committed to creating the simplest solution possible for developers - no extra code needed, just one API call.

Ultimately, Covalent’s vision is to empower the pioneers of tomorrow by providing the richest and most robust data infrastructure for the entire blockchain ecosystem. Covalent does so through a single, unified API. The key point here is that your private key used to encrypt your data is held with a decentralized storage provider. Encryption plays a huge role in the excellent security and privacy that decentralized platforms have.

It is important to remember that Covalent is an API and requires a developer to integrate the product rather than an end-user consumer-facing product. In that regard, it is like Stripe or Twilio. 

First, there are the crypto natives; these are developers building DApps or working for enterprises adopting blockchain technologies. The majority of our customers belong to this bucket today.

The second bucket is regular fintech companies offering crypto products to their existing customers. Every single fintech company is today thinking of their crypto strategy - especially those companies catering to millennials and gen-z. These companies lack in-house blockchain expertise and are looking for a turn-key API solution to shorten their time to market. We have a growing customer segment that belongs to this bucket. 

What end-users and the market care about?


According to the researchers, there are four critical needs: - 

The first need is data security. End-users care that no one except themselves has access to their files. The second need is system speed. The service needs to offer fast upload and download speeds. The third is consumers are very conscious about pricing. As more and more data is being stored, end-users care deeply about costs. The fourth key requirement is data privacy. It’s important to make the distinction between data security and data privacy.

Hackers Demand $50 Million Ransom From Apple

 

A Russian hacking group claims to have obtained schematics for some yet-to-be-released Apple products. The hackers have demanded a $50 million ransom in exchange for not leaking any of the designs they have on hand. 

According to a report by Bloomerg, the group gained access to sensitive data by hacking into Quanta, an Apple supplier that produces MacBooks and other products. The Taiwan-based third-party manufacturer has reported the data leak. 

The threat actors from the hacking group called REvil, first tried to extort money from Quanta in exchange for the stolen data. When Quanta declined to pay to recover the stolen data, the hackers turned their attention to Apple, the company's largest customer. According to a report by The Record, the group announced their intentions in a message posted on a dark website. 

REvil started sharing stolen photographs of Apple products as proof before Apple’s Spring Loaded event that was hosted virtually earlier this week. The hacking group shared 21 screenshots of the newly released iMac's schematics, which had not been made public before the launch. The post thus came as a testament to the legitimacy of the stolen data. 

Aside from iMac pictures, the group also shared images of the M1 MacBook Air, which was released in 2020, and manufacturing diagrams for an unreleased laptop. Notably, all of the diagrams included a disclaimer that read, “This is Apple's property, and it must be returned.” 

The hacking group has threatened to release new data every day before Apple or Quanta pays the $50 million ransom. The group is attempting to receive the ransom by May 1. Besides Apple, Quanta Computer has a long list of clients, including some of the most well-known names in the laptop industry. HP, Dell, Microsoft, Toshiba, LG, Lenovo, and other companies are among them. 

REvil has hinted in a post on the dark web that it has data from other companies as well. The REvil operators wrote, “Our team is negotiating the sale of vast quantities of classified drawings and gigabytes of personal data with many major brands.” 

The implications of the cyber-attack and the resulting data leak are still unclear.

Bitcoin Sinks Below the $50,000 Mark

 

Bitcoin and other cryptocurrencies lost a lot of money on Friday when investors worried that US President Joe Biden's decision to lift capital gains taxes will discourage them from investing in digital assets. The selloff followed news that the Biden administration was considering a raft of tax reform proposals, including a measure to almost increase capital gains rates to 39.6% on those making more than $1 million.  

Bitcoin, the world's largest and most successful cryptocurrency, dropped 7% to $48,176, slipping below $50,000 for the first time since early March, while smaller rivals Ether and XRP both fell about 10%. Markets were jolted by the tax plans, forcing investors to book gains in stocks and other risk assets, which had soared in anticipation of a strong economic rebound. Investment gains levy rates are expected to rise to new highs. 

"Bitcoin headed South today after President Biden signalled that he wanted to raise capital gains tax in the US," said Jeffrey Halley, senior market analyst, Asia Pacific, at OANDA. "Now whether that happens or not, many Bitcoin investors are probably sitting on some substantial capital gains if they stayed the course over the past year." 
"I firmly believe that developed market regulation and/or taxation remain the crypto markets' Achilles Heel," he added. 

Bitcoin is set to lose 15% this week, but it is still up 65 percent from the beginning of the year. Ether fell more than 10% on the day to as low as $2,107 (roughly Rs. 1.5 lakhs), despite climbing to a new high of $2,645.97 the day before (roughly Rs. 2 lakhs). 

"I don't think Biden's taxes plans will have a big impact on Bitcoin," said Ruud Feltkamp, CEO at automated crypto trading bot Cryptohopper. "Bitcoin has only gone up for a long time, it is only natural to see a consolidation. Traders are simply cashing in on winnings." 

"There are reasons to believe the overall trend will remain bullish unless the price drops below $40k," said Ulrik Lykke, executive director at crypto hedge fund ARK36. "At the moment, we are not convinced that the trend will reverse into a bear market but we acknowledge it may take some time before the demand overtakes the supply again in the medium to short term."

Chinese WeChat Users Targeted by Attackers Using Recent Chromium Bug

 

According to a local security firm, a Chrome exploit published online last week has been weaponized and exploited to target WeChat users in China. 

The malicious links were sent to WeChat users in the attacks. When users clicked the connection via a link, a piece of JavaScript code was launched, which loaded and executed shellcode on their operating systems. 

Threat actors used the recently revealed Chrome exploit to attack WeChat users in China, according to China-based firm Qingteng Cloud Security. The attacks, according to the researchers, were limited to users of the WeChat Windows app. The security firm didn't reveal which of the two proof-of-concept codes released last week were used in the attacks. 

This is because the attackers repurposed proof-of-concept code for two different bugs in the Chromium browser engine, which the WeChat Windows client uses to open and preview links without having to open a separate browser, which was published on Twitter and GitHub last week. The proof of concept code published last week —both of them— allowed attackers to run malicious code inside any Chromium-based browser. 

However, since most web browsers run Chromium in a "hardened mode" where the "sandbox" security protection function helps to prevent malicious code from escaping to the underlying operating system, due to which the exploit code was deemed useless on its own. 

As the security researchers informed The Record in interviews last week, their proof-of-concept code would work fine against apps that used the Chromium project as a foundation but forgot to allow sandbox defense. 

The WeChat client patched last week but Qingteng did not reveal that which of the two Chromium exploits revealed online last week was used in the wild in China; however, the security firm said it alerted Tencent, the creator of the WeChat app, and that Tencent had incorporated the latest Chromium security updates to patch the attack vector. 

Both vulnerabilities have been fixed by the Chromium team, but the patches are still finding their way downstream to all applications that use the browser engine. Only Microsoft Edge has patches for both exploits right now whereas the first bug has been fixed in Chrome.

Banks have assessed the security of digital ruble payments

Major Russian banks are ready to take part in testing the digital ruble and have no doubt that it will be in demand among customers

According to market participants, special attention should be paid to information security: digital rubles can be paid offline and, according to banks, such operations may become a tidbit for fraudsters.

The Bank of Russia presented the idea of a digital ruble in mid-October. It is assumed that it will be in the form of a unique digital code stored in a special electronic wallet and become a full-fledged means of payment on a par with the ordinary ruble. Its prototype is scheduled to be tested next year and the regulator presented its concept last Thursday.

"VTB is ready to take part in pilot projects related to the introduction of the digital ruble. VTB estimates that it may take about two years to create the infrastructure for the implementation of the digital currency," said Vadim Kulik, Deputy President and Chairman of the Bank's Management Board. Apart from VTB, other major credit institutions, including Russian Standard and Promsvyazbank, are ready to take part in the testing of the digital ruble.

Participants of the pilot project will have to solve a number of issues and put a special emphasis on the safety of operations for clients. "The main risks of payments in digital rubles are gaining unauthorized access to an electronic wallet and committing fraudulent operations using social engineering methods", said Andrei Makosko, head of information security service of Novikombank.

In addition, banks are afraid of the possibility of some overflow of funds from non-cash payments to digital rubles. According to the head of the Raiffeisenbank innovation center, Evgenia Ovchinnikova, this may affect the existing relationship between banks, shops and payment systems.

"It is also important that the digital ruble platform does not result in capital expenditures on the part of banks", emphasized Olga Makhovaya, director of innovations and data management at Rosbank.

The digital ruble is expected to help combat payment slavery when customer service is tied to a single credit institution.

Bitcoin Touches the Peak at $60,000 – Everything you Need to Know!

 

On Saturday 13 March, Bitcoin, the world's largest cryptocurrency, had gone up again, touching an all-time milestone. As per Coin Desk reports, it increased to $60,0,065, up from a preceding $58,330 peak on February 21, by more than 2 percent. At 12.34 GMT on 13th March, the digital monetary reached $60,197 and remained at around $60,000. "It increased almost 6% in the past 24 hours alone." On the other hand,  Ethereum was 4.7% higher at $2,173.63. 

Whereas the volatility has dropped in the crypto market following the six consecutive months of the double-digit returns on bitcoin (BTC). Experts believe that there are indications that the horizon is moving significantly. 

At first, Bitcoin reached heights of $30,000 and $40,000 in January for a couple of days. Bitcoin’s worth is over $1 trillion in circulation. It retreated to $43,000 just after the high of February 21, following uncertainties about stimulus prospects as well as its effect on the US bond returns. Later for seven days, stocks and cryptocurrencies experienced decline alongside lateral trade for weeks before re-starting. After swelling from below $1,000 in January to close to $ 20,000 in December, Bitcoin, which was launched back in 2009, hit the headlines again. 

On Saturday 13th, the record came after the huge $1.9 trillion stimulus bill signed on Thursday by US President Joe Biden. The bill would provide most Americans with a check payment of $1,400, assist the unemployed, increase public health, and raise money for vaccine programs. Kraken Intelligence reports that with April being the second most successful month on average, bitcoin could be expected to finish higher and thus to bind up for the longest winning streak since the start of the cryptocurrency. 

Historical information shows that both bitcoin and Ethereum generally achieve a positive return portion in the second quarter of the calendar year. Since 2011, BTC has, on aggregate, returned 256 percent in 2Q, while ETH, on average, returned 141 percent in 2016. 

Due to the $58,786 market price of bitcoin in the March-end, it is assumed that in the second quarter of 2021, the price will end at 256 percent higher, also it can be expected to trade around $209,000 from 1 July 2021. The world's largest crypto-currency will stand at approximately $82,000, based on an average 2nd-quarter return of 39.5%. 

In the meantime, throughout March, Bitcoin's steady upward trend led to a drop in volatility of almost 40% point a month to 63%, almost three months down. The absence of market uncertainty led to a 5 percent decrease in trade volumes and to an annual drop of about 255 billion dollars. 

It has been praised as 'digital gold' by Bitcoin proponents claiming that it will address the inflation risks posed by large central banks and government stimulus packages aimed at tackling the economic effects of the crisis from the pandemic of the Covid-19. Critics consider the rally to be just a stimulus-powered bubble that will soon explode in the same direction as during the boom period 2017-2018.

Man Sentenced To 12 Years For Attempting To Purchase Chemical Weapon On The Dark Web

 

A 46-year-old Missouri man has been sentenced to 12 years without parole in US federal prison today for trying to obtain a chemical weapon via an illicit Dark Website with Bitcoin currency; the weapon has the capacity to kill hundreds of people. 

According to the court, the man named Jason Siesser had admitted his cybercrime and accepted that he attempted to purchase a chemical weapon two times between 14 June and August 4, 2018. Additionally, the court document has also mentioned that he had provided the order shipping address in the name of a juvenile, whose name, address he used illegally to acquire this highly toxic weapon including five batches of cadmium arsenide, hydrochloric acid, and other chemical compounds. 

As per the information that the court has provided, three batches of this chemical concoction would be enough to kill more than 300 people at once. On August 4, 2020, Siesser has been to prison for attempting to obtain a chemical weapon. 

Jason had ordered chemical weapons on two different occasions, at first, he ordered two 10 milliliter units of chemical on 4th July of 2018 with the use of cryptocurrencies. When the seller did not ship the order, he contacted him continuously. Then it was on 9th July of 2018, when he contacted the seller and asked him to ship the order as early as possible because he planned to use it immediately after receiving it. 

Jason ordered his second chemical on 5th august of 2018 and again he made the payment with help of Bitcoin, worth roughly $150. Notably, what he ordered, was a very toxic chemical. 

During the investigating officers' raid at Siesser's home, they had found nearly 10 grams of the toxic chemical including cadmium arsenide, which can be deadly if it ingested or inhaled; approximately 100 grams of cadmium metal and more than 500 mL of hydrochloric acid had been found. 

"Writings located within the home articulated Siesser’s heartache, anger and resentment over a breakup, and a desire for the person who caused the heartache to die," said the Department of Justice.