Search This Blog

Showing posts with label Technology. Show all posts

The Ministry of Communications of Russia has developed a new service for the sale of cars


According to Deputy head of the Ministry of Communications Maxim Parshin, the Ministry of Communications and the Ministry of Internal Affairs are preparing a new free service that will allow users of the public services portal to form an electronic contract for the sale of cars.

It is assumed that with the help of the new service, a potential car buyer will be able to find out the history of the car and then form an electronic sales contract, which can be verified with a simple electronic signature. Moreover, the new service will avoid errors that often occur when filling out paper contracts.

According to Parshin, "on the basis of the contract, drafts of applications for registration of the vehicle by the new owner and for termination of registration by the previous one are automatically formed". Information about the contract will be displayed in the personal account on the portal of public services.

"The electronic contract will make registration of car sale and purchase transactions faster and safer", explained the Deputy head of Department. According to the data, at the first stage, the new service will be available only to individuals, and its approximate launch date is attributed to 2020.

Electronic contracts will replace paper contracts, notarization of which is optional. According to the newspaper, traffic police officers are regularly faced with incorrectly filled(for example, errors in passport data) and fake (for example, the owner of the car did not give consent to the sale) agreements. Therefore, after numerous appeals from citizens, the State Traffic Inspectorate proposed to the Ministry of Communications to develop a new electronic service. After the entry into force of the government decree, which allows performing on the portal of public services "legally significant actions, including transactions, by creating electronic documents", the project became possible.

The electronic format of the purchase and sale registration process is “convenient and timely, but in 2020, the service is unlikely to work,” said CarPrice CEO Denis Dolmatov.

"It is unclear how the system will be protected from hacking and fake registrations by hackers. In my opinion, the launch next year will be incomplete, improvements will be needed, the launch will be rescheduled", said Dolmatov.

Indian Govt Bans Foreign Firms from Conducting IT Security Audits


The Indian Government directs the ministries and departments responsible of India's basic infrastructure to abstain from employing foreign firms to conduct IT security audits of its frameworks and systems; this was brought to light following the cyber-attack on Kudankulam Nuclear Power Plant.

From now onwards Indian firms empanelled for inspecting will require a clearance from domestic spy agency, Intelligence Bureau (IB) to preclude any foreign link. Security reviews in every one of the ministries and critical sectors are done to guarantee that nation's information infrastructure isn't vulnerable against attacks by hackers and that every one of the systems have a protected government firewall.

As per the reports looked into by Firstpost, Computer Emergency Response Team (CERT-IN) — under the domain of the Ministry of Electronics and Information Technology — has arranged a rundown of evaluating firms in consultation with the IB.

It has been additionally observed that certain critical segments are confronting dangers from numerous sources and increasing attacks on the frameworks are organised and targeted with the assistance of criminals and state actors to thusly receive monstrous rewards out of 'information compromise or espionage'.

The cyber criminals may indulge in fraud, conduct espionage to steal state and military mysteries and disturb critical infrastructures by misusing the vulnerabilities in any framework.

The administration archives state that, “The public sector, although increasingly relying on information technology, has not fully awakened to the challenges of security. Economic stability depends on uninterrupted operations of banking, finance, critical infrastructure such as power generation and distribution, transport systems of rail, road, air, and sea which are critically reliant on information technology.

Even though the focus has been on improving systems and providing e-governance services by various institutions, the IT networks and business processes have not placed the desired emphasis on information security," Aside from this there are a couple of different directives which have been issued for critical areas for protective observing of sensitive data and risk radiating from terrorist groups or enemy state.

Workers taking care of sensitive servers will be required to unveil the phone they are carrying, its serial number, model number alongside subtleties like security abilities and vulnerabilities and the critical segments will claim all authority to control official information on the said employee's mobile, including the privilege to back up, retrieve, modify, decide access or erase the organization's information without an early notice.

Likewise, people or specialists employed for security reviews of government frameworks will have to sign a non-disclosure agreement to anticipate spillage of sensitive information.

Upbit suffers $52M loss in a Cryptocurrency Heist


One of the globe's largest cryptocurrency transactions is being forced to cease account debits and credits when it was hit by a huge online theft worth $52M. UpBit, a South Korean cryptocurrency market, announced the provisional stay declaration on Wednesday accompanied by a letter from CEO Lee Seok-woo, Dunamu. "The heist took place on Wednesday in the afternoon. Around $50 million in Ethereum currency were sent from an UpBit account via an anonymous beneficiary," says Lee Seok-woo.


The victims of the robbery will have their damages satisfied by the firm, which has sent additional crypto-currencies into the firm's cool account for advanced safety. “It is expected that our company will take around 2 weeks more until the transaction gets active again. As soon as it is done, we'll inform the public,” stated Lee. UpBit’s toils are the newest in a lengthy series of victorious cyberattacks attacking cryptocurrencies markets in recent times. Other victims involve United States company Coinbase, which faced charges whopping $1million, Bitpoint, of Japan, that suffered $32million, Singapore firm Bitrue, that was stripped of $4.5million and Binance, whose headquarters are in Malta.

"The newest heist is a serious lesson to account holders concerning the value of working only on safe and secure exchanging forums," argues Peter Wood, CEO CoinBurp, a cryptocurrency exchange. He further continues, "it is especially critical in the case of cryptocurrency because it can't be traced virtually and, no regulatory authority is present to look over this problem." “But, possible account holders are ensured that they shouldn't be concerned as attacks like these have happened before. However, the individuals must examine the safety contracts and measures carefully while working on any cryptocurrency exchanging program,” says Lee Seok-woo.

At the beginning of this year, the United Nations accused North Korea of utilizing its increasing hacking abilities to attack crypto markets in an attempt to fulfill the country's treasures. North Korea is accused of storing $2 Billion from the cryptocurrency hacks. Upbit was originally started as a business among Bittrex and Dunamu, a South Korean app maker, that supports messenger colossal Kakao. Other cryptocurrency exchanges have warned their users about the heist.

One of Today's Most Popular E-Commerce Platforms Hit By A Major Security Breach


Recently Magento Marketplace, a portal for purchasing, selling, and downloading plug-ins and themes for Magento-based online stores was hit by a major security breach revealed by Adobe, as Adobe acquired Magento for $1.68 billion in May 2018.

The impacted users incorporate both the regular ones who purchased themes and plugins as well as the theme developers who were utilizing the portal to sell their code and make money.

In an email sent to users, the company said it was the vulnerability in the Magento Marketplace website that permitted "an unauthorized third-party" to access the account data for the registered users. The vulnerability enabled access to user information, like name, email, store username (MageID), billing and shopping addresses, phone number, and limited commercial information like percentages for payments Adobe made to theme/plugin developers.

However, fortunately, any account's passwords or financial information were not exposed, according to Adobe.

Jason Woosley, Vice President of Commerce Product and Platform, Experience Business, at Adobe, says “We have notified impacted Magento Marketplace account holders directly and already took down the Magento as soon as we learned of the hack in order to address the vulnerability.”

The store is currently back online.

The Adobe VP although didn't share the exact number of affected accounts. A Magento representative when approached didn't comment past the company's official blog post.

Nonetheless Adobe executive said the hack didn't bring about any outages or disturbances to the company's core Magento products and services, and, at the hour of writing, there is no reason to accept that the hacker compromised Magento's core backend or plugins and themes facilitated on the 'marketplace'.

Same Phishing Risks Faced By Start-Ups and Big Corporations



Reports of a near-perfect phishing attempt have surfaced after a large number of remote employees with health and work environment benefits through human resources giant TriNet received such emails.

The emails were shared with TechCrunch, an American online publisher, in order to 'verify their authenticity' and when two independent security researchers were approached to offer their evaluations, both were of the view that it was a phishing email indeed contrived to steal usernames and passwords.

Furthermore, even a $3.7 billion corporation like TriNet, let alone the other big giants are not doing what's needed to counteract such phishing attack on the grounds that had they proactively utilized basic email security techniques, it would have been significantly simpler to identify that the email was not in actuality a phish, but an authentic company email.

Anyway, the issue isn't even a new one for TriNet or for that matter any other big company.

For instance just the previous year, security firm Agari discovered that only 14% of all Fortune 500 companies were utilizing DMARC, a domain security feature that prevents 'email spoofing' and effectively implements it and the new data provided by Agari to TechCrunch shows that figure has risen to just a single percentage point in the last year, bringing it to a small 15%.

Nonetheless, it’s safe to assume that both phishing and impersonation are 'fundamentally' human issues with the intent to attempt to fool clueless victims into turning over their usernames, email addresses and passwords to hackers who at that point login and steal data or money. On that account, it is recommended for the users to always be vigilant when they are at the receiving end of such emails.

Huawei to Reward Hackers for Discovering Any ‘Secret Backdoors’ In Its Smartphone Technology


With the hopes of outdoing Google, Huawei announced in a "big bounty launch" to reward hackers for exhibiting a "critical" weakness in one of its Android devices.

Revealing the program at a private event for a few of the world's top Android hackers at Munich, Germany, a week ago, so much so that it even gave an example as to how the hackers could bag the first prize, as they would need to get remote access to the device without the target 'having to click anything'.

A high-severity hack would even see that the hacker could assume control over a phone when they had direct access to it.

The company is said to have been following Apple's lead in keeping the 'bug bounty invite-only'. As revealed on Twitter by Forbes 30 Under 30 alum Maria Markstedter, who was one of the invited guests, the researchers who were welcomed would likewise be offered tokens to invite other altruistic hackers too.

The bug bounty was at first announced by TechCrunch recently, yet no subtleties on payments or logistics have been uncovered.

Huawei additionally announced that for a "high"- severity issue, hackers can procure up to $110,000 (€100,000), while Google, in the interim, presents to $200,000 and $100,000 for exhibits of comparative attacks on its Pixel phones.

While bug bounties are very basic among major smartphone makers, it's Apple and Google fundamentally who are behind two of the most well-known.

Anyway, one significant explanation suspected as to why Huawei did this might be on the grounds that could provide solid evidence that it isn't concealing any 'secret backdoors' in its most prevalent phones that the Chinese government could use.

Russian universities to introduce special course on working with artificial intelligence


The office of the Russian Ombudsman Tatyana Moskalkova proposed to create in Russian universities special course on artificial intelligence.  The aim of the course is training to counter the threats of artificial intelligence within the discipline of human rights protection.

Moreover, it is expected that the novelty will become part of the training program not only for law students, where the protection of human rights is one of the main disciplines. This special course is also necessary for future technical specialists.

The press service of Moskalkova's office clarified that " the course will be constantly adjusted, filled with new things in accordance with technological development." An interesting fact is that there is an express course on the philosophy of artificial intelligence at Moscow State University.

It should be noted that during the BRICS summit on November 14, Kirill Dmitriev, the head of The Russian Direct Investment Fund, a member of THE BRICS business Council, said that an Alliance for the development of artificial intelligence can be created within the BRICS.

In addition, according to Alexander Bernstein, the head of the neurosurgical Department of the Burdenko Center, artificial intelligence from 2021 will help in the planning of complex neurosurgical operations. Now artificial intelligence is already used in the medical center to remove intracerebral tumors. In the future, the scope is planned to expand.

Recall that on October 10, 2019, Russian President Vladimir Putin signed a decree on the development of artificial intelligence in Russia. This decree approves the national strategy for the development of artificial intelligence until 2030. The President also spoke about the need for maximum support for startups in the field of artificial intelligence and several times to increase the volume and quality of training for programmers, mathematicians, computer linguists and data processing specialists.

LPE Security Flaw Affecting Symantec Allows Attackers to Escalate Privileges on Compromised Devices


Symantec Endpoint Protection recently fixed a local privilege escalation security flaw influencing all software variants before 14.2 RU2 by enabling attackers to raise benefits on undermined devices and execute noxious code utilizing SYSTEM privileges.

Security researcher Peleg Hadar was the person who discovered the Symantec Endpoint Protection LPE bug and shockingly this isn't the first time when a security local privilege escalation issue was reported to a security vendor.

The Symantec Endpoint Protection LPE bug currently tracked as CVE-2019-12758 requires potential attackers to have Administrator privileges to effectively exploit the issue to Hadar. While the danger level of this vulnerability isn't immediately evident, such bugs are normally evaluated with medium and high 'severity' CVSS 3.x base scores.

As indicated by Hadar, attackers misuse DLL search-order hijacking issues, such as this as part multi-stage attacks in the wake of penetrating a target's machine to 'elevate permissions' in order to additionally compromise the device.

“The vulnerability gives attackers the ability to load and execute malicious payloads within the context of a Symantec’s signed process," Hadar states. Symantec albeit effectively tended to the LPE vulnerability in the Symantec Endpoint protection 14.2 RU2 release issued on October 22, 2019.

In any case he further specified that that misuse of the CVE-2019-12758 bug on machines running 'vulnerable' adaptations of Symantec Endpoint Protection could likewise make it feasible for attackers to load and dispatch malevolent code each time the Symantec administrations are loaded on the system, picking up 'persistence' between system reboots.


Facebook Might Be Secretly Spying On You via Your Phone's Camera


The social media giant that has been the constant subject of backlash quite a several times in the past, is once more in the limelight, with a bug that covertly opens the iPhone's camera background while casually scrolling through the Facebook feed.

The issue was first hailed by a Twitter user, who goes by the name Joshua Maddux. He shared a video wherein his phone's camera can be seen to be active in the background as he scrolls through his Facebook feed.

He tweeted, "Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet."

Many iPhone users were left stunned to discover their iPhone's camera automatically running in the background when they opened Facebook.

Facebook has acknowledged the existence of the bug and is searching for approaches to fix it. The company's Vice President of Integrity Guy Rosen tweeted that "sounds like a bug" and the social networking platform was investigating.

He later affirmed that there was, in fact, a bug and it appears to just affect iPhone users running the most recent iOS 13 software.

He tweeted, "We recently discovered our iOS app incorrectly launched in the landscape. In fixing that last week in v246 (version246), we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped. We have no evidence of photos/videos uploaded due to this,"

This could be another protection related to 'lapse' from Facebook. The company has consistently been highlighted for its privacy policies and it has additionally been the one that had to even pay around a record USD5 billion fine for neglecting to ensure people's data, the biggest fine forced by the US regulator against a tech company ill date.

DJI Proposed App to Identify Nearby Drones and Exact Location of Pilots


The world's leading producer of camera drones, DJI has demonstrated a technique to gather information about a nearby drone, precisely locating its pilot through a smartphone.

It employs a protocol called "Wi-Fi Aware", which makes the information about nearby drones available to anyone looking up for flying drones. The company said it would increase " safety, security, and peace of mind", along with preventing disruptions and security threats. However, the idea is being dismissed by security experts as they are of the opinion that it is not sufficient to fight illegal drone use and that the sophisticated hackers would easily manage to bypass the detection. With ransomware emerging as a service and being easily available, it's reasonable to expect hackers finding ways to circumvent the DJI's protocol. As a result, concerns have been raised regarding the viability of this "drone-to-phone remote identification" tool.

While substantiating the proposed idea, Brendan Schulman, VP of policy and legal affairs at DJI, said, "Remote ID functions as an electronic license plate for drones, allowing anyone who is curious about a drone in the sky to learn more about what it's doing."

"Around the world, aviation authorities have said remote ID is the key to allowing more complex drone use, and to solving concerns about safety and security." He added. "It's going to be very useful against rogue drones," said Elrike Franke, a policy fellow at the European Council on Foreign Relations, in a conversation with the BBC.

"But it's not going to be enough to fight people with real bad intentions, because these are going to be the first people to hack this system."

Further explaining the model, the company said, "Using a simple app, anyone within radio range of the drone can receive that signal and learn the location, altitude, speed, and direction of the drone, as well as an identification number for the drone and the location of the pilot."

However, the proposed app is not expected to be seen anytime soon due to the lack of Wi-Fi protocol compatibility with advanced smartphones. Currently, it also does not work on iPhones.

5G network may appear in St. Petersburg by 2022


The representative of the Russian President on digital and technological development Dmitry Peskov said that in two years 5G mobile network could be launched in St. Petersburg. According to him, it will be certified at the World Radiocommunication Conference in the near future.

Mobile operators MTS and MegaFon have already received permission to create a test zone for testing 5G. Tests are planned to be carried out at frequencies in the range of 2.5-2.7 GHz.

Earlier, the Ministry of Defense, the FSB and the Federal Security Service opposed 5G, saying that this resource is used by government services and its transfer to civilian means of communication is inappropriate for security and defense reasons. To date, negotiations are underway to provide organizations with the necessary frequencies that belong to the special services.

In addition, representatives of MTS and MegaFon do not see an urgent need to launch fifth-generation communications, as the technology is expensive. In the near future, 5G technology will not be able to be used by residents of the whole country, but only of certain territories, since its technical maintenance is more complicated than LTE networks.

It is interesting to note that the first operator interested in new generation technology is MegaFon. In 2014, the company signed an agreement with Huawei on the creation of 5G test networks. For example, the operator will begin to test the operation of telemedicine services in medical institutions with the help of a new generation of mobile communications in Moscow from 2019. In addition, 5G speed record belongs to MegaFon. In June, the operator managed to achieve network data transfer at a speed of 35 gigabits per second. The tests were carried out in the laboratory on Huawei equipment.

It should be noted that 5G technologies are designed for higher bandwidth compared to 4G. New network will allow subscribers to connect with each other directly, and the speed of mobile Internet will grow to 1-2 Gbit / s. At the moment, the fifth generation networks are already deployed in several major US cities. Switzerland is actively implementing 5G in Europe. South Korea became the first country in the world to launch commercial services of the newest network in the spring of this year.

The first commercial quantum communication line to be built in Russia


The national program in Russia plans to improve the information security of both government agencies and private companies. Experts want to achieve this by creating the first commercial quantum network in the country. It will provide the most reliable degree of information security available today. Data centers in Russia will establish a quantum communication line between them by 2021.

It is known that experts will build a network 670 km long between data centers located in Moscow and Udoml. They have powerful servers and network equipment designed to process, store and distribute information. Currently, the communication channels leading to the centers are protected by crypto-algorithms, the disadvantage of which is the existence of a key that is stored on the physical medium. So, having a key, fraudsters can intercept and decrypt the transmitted information.

To date, the only way to solve this problem is to use quantum communications. It is a data exchange technology that is protected by the quantum distribution of encryption keys. The hacker will not be able to intercept such a key, remaining unnoticed. Photons are used as carriers of transmitted information.

"If a hacker starts copying the state of a particle, its properties will instantly change. Thus, copying data will fail. Moreover, if someone tries to intercept the media during their transmission, the user of the system will know about it," said specialists.

Since the photons change their state after 140 km due to scattering, the developers plan to build six protected intermediate nodes on the 670 km line.

The project of the quantum communication line was named Landau, and Rostelecom was appointed responsible for its implementation. The project will be launched this year. It is expected that by the end of 2020 there will be a prototype of the service, and the project will be ready in 2021. The work is carried out as part of the national program "Digital Economy". It is known that in case of successful completion of the project, no one will be able to hack into computers, which will be great news for databases of large state corporations and banks.

As a reminder, the Russian Government approved the national program "Digital economy" and allocated 1 trillion rubles (217 billion $) from the Federal budget for the implementation of the presidential task.

Carding Bots Now Pose a Threat to E-Commerce Platforms


In a discovery made by the PerimeterX research team, two new "carding" bots that represent a threat to e-commerce platforms have been detected towards the beginning of the busiest shopping time of the year.

Carding is a 'brute force attack' on a retailer's site utilizing stolen credit cards or gift vouchers. Threat actors utilize carding to mass-confirm a large number of stolen credit cards and produce a list of authentic credit cards.

The validated credit cards are then commonly sold on the black market for around $45 each and traded for untraceable gift vouchers that empower the cyber-criminals to veil their identity.

One of the new carding bots, named the canary bot, explicitly abuses top e-commerce platforms. The other bot, called the shortcut bot, sidesteps the e-commerce website altogether and rather abuses the card payment vendor APIs utilized by a site or mobile application.

Portraying an attack by the canary bot, researchers stated: "In this attack, the bots create a shopping cart, add products to the cart, set shipping information, and finally execute the carding attack—all of the steps except for the carding attack exhibit normal user behavior through a website."

The worldly canary bot recognized by PerimeterX researchers is frightfully great at aping human behavior. Researchers said that they had seen an 'increasing trend' in API endpoint abuse to approve credit cards on the web and on mobile applications.

They additionally saw an expansion in these new kinds of attacks over numerous unrelated customers demonstrating the speedy advancement of these attack tools.

All things considered, PerimeterX has advised e-commerce website proprietors to keep customers from getting to the payment page without items in their cart to stop fundamental carding attacks.


Researchers Discover the Existence of the New APT Framework “Darkuniverse”



A new APT Framework named "DarkUniverse" was recently discovered by researchers via tips from a script that was utilized in the NSA breach in 2017 wherein the well-known hacking tools leak 'Lost in Translation' was published by shadow brokers.

Researchers believe that the "DarkUniverse" APT Framework was active in at least 8 years from 2009 until 2017, and the traces show that it's likewise tied with ItaDuke, an actor that utilized PDF exploits for dropping previously unknown malware.

There are various versions of the sample been utilized for this campaign between 2009 to 2017, and the most recent rendition of the malware utilized until 2017. The further examination uncovers that the battle is for the most part utilizing the spear-phishing emails to convey the malware through the weaponized Microsoft Office document attachment.

As indicated by Kaspersky investigate, “DarkUniverse is an interesting example of a full cyber-espionage framework used for at least eight years. The malware contains all the necessary modules for collecting all kinds of information about the user and the infected system and appears to be fully developed from scratch.”

The DarkUniverse campaign is said to gather different sensitive information including Email conversations, files from specific directories, screenshots, information from the Windows registry, sends a file to the C2, credentials from Outlook Express, Outlook, Internet Explorer, Windows Mail and more.

The malicious framework targeted on different nations including Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus and the United Arab Emirates and the victims included both non-military personnel and military associations.

The Ministry of Internal Affairs of Russia to develop a mechanism for the seizure and confiscation of cryptocurrencies


Russian law enforcement agencies, together with the Ministry of Internal Affairs, to prepare proposals for the arrest of cryptocurrencies by 2021.

A representative of Group-IB confirmed the information that such a measure is being discussed together with other proposals to combat IT crimes.

"Cryptocurrency must be recognized at the legislative level as either a product or a cash equivalent so that it can be confiscated further", said Konstantin Golikov, the co-owner and CEO of the platform Dailyrich.ru.

"If the law enforcement agencies begin to discuss the confiscation of cryptocurrency, they actually launch a mechanism for the legalization of cryptocurrency in Russia. But, in my opinion, the Bank of Russia will seriously resist this," said Golikov.

However, in international practice, there are already many precedents for the confiscation of cryptocurrency by a court decision, despite the fact that the regulation of cryptocurrency is not legislatively introduced.

Even now, Russian courts and investigators have to deal with cryptocurrencies, despite the fact that virtual money does not have official status. For example, the Central Bank insisted that the hidden income from the Russian markets can be withdrawn to other countries through cryptocurrencies. In addition, in February 2019, the Plenum of the Supreme Court of the Russian Federation extended the punishment for the legalization of criminal proceeds to electronic assets.

Recall that in 2018, President Vladimir Putin said that Russia should "carefully and cautiously" monitor the sphere of cryptocurrencies. At the same time, the position of the Central Bank of Russia was that electronic money can not be a means of payment. An interesting fact is that in Belarus, in 2017, a decree “On the Development of the Digital Economy” was adopted, which recognized cryptocurrency as property.

Binance to assist Ukraine in regulating the crypto currency industry


The largest cryptocurrency exchange Binance intends to help Ukraine in developing methods for regulation the cryptocurrency industry. This means that the company's specialists see great potential for the development of the crypto industry in Ukraine.

The company said that they signed a Memorandum of understanding with the Ministry of Digital Transformation of Ukraine. The Ukrainian government said that such cooperation will significantly improve the legal status of cryptocurrencies in the country. It is expected that the platform will begin work in the country before the end of the year.

As part of the partnership, Binance, together with the Ministry of Digital Transformation of Ukraine, intend to create a working group that will discuss further plans for the regulation of the crypto industry and the formation of the digital market in Ukraine.

Moreover, Binance will develop effective mechanisms designed to transfer rights to various virtual assets through a distributed network, as well as create favourable conditions for investment and business activities.

Changpeng Zhao is confident that the legal status of cryptocurrencies will improve the Ukrainian economy, as well as create the basis for additional investments.

The Minister of Digital Transformation of Ukraine, Mikhail Fedorov, is confident that cooperation with the largest cryptocurrency exchange will open the opportunity for transparent work with companies in this industry and create a comfortable environment for them.

He also believes that the entry of Binance into Ukraine will be a strong driver for the crypto-system and the legalisation of cryptocurrencies.

"This is an additional hundred of millions of taxes that our state will receive. For fans of cryptocurrency and those who work in this direction, this is a very big signal that Ukraine has appeared on the world map of cryptocurrencies," said the head of the Ministry of Digital.

“We are pleased that Binance has become interested in neighbouring countries. We hope that they will reach Russia as well,” commented Denis Onatsik, director of Deecrypto Store & Club.

However, in Russia, the regulation of the cryptocurrency market is regularly postponed due to disagreements among the members of the working group and the tough position of the Central Bank, which is categorically against the legalization of cryptocurrencies on open platforms.

An interesting fact is that in the spring of 2019, Binance suffered from a hacker attack, they stole $41 million in bitcoins.

Researchers Found a Way to Take over Google Home, Amazon’s Alexa or Apple’s Siri Devices through Laser Pointers


Researchers in Japan and at the University of Michigan recently said that they had figured out how to take control over Google Home, Amazon's Alexa or Apple's Siri devices from several feet away by shining laser pointers, and even flashlights, at the devices' mouthpieces.

What brought this one was the ascent of the voice-controlled digital assistants, introduced a couple of years back and the security experts have expressed their worries that systems like Apple's Siri and Amazon's Alexa were a privacy danger and could be effectively and easily hacked.

Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan with respect to the usage of laser pointers said that “This opens up an entirely new class of vulnerabilities, it’s difficult to know how many products are affected because this is so basic.”

The computer science and electrical engineering researchers — Takeshi Sugawara at the College of Electro-Interchanges in Japan and Mr. Fu, Daniel Genkin, Sara Rampazzi, and Benjamin Cyr at the College of Michigan — all of them released their findings regarding the same issue in a paper on the 4th of November.

The researchers said they had informed Tesla, Portage, Amazon, Apple, and Google to the light vulnerability and the companies all responded saying that they were 'studying' the conclusions in the paper that was released.

Despite the fact that there is no clear indication that the light vulnerability defined on the 4th has been utilized by hackers, however, with a torrent of internet-connected devices rising in the market, the researchers said the revelation was a reminder to the consumers to be on the lookout in areas concerning security in the coming future.

NSO's Spyware Pegasus Taking Control of Mobile Devices through Apps


NSO's spyware Pegasus has been revealed to assume control for mobile devices through various apps; this is a matter of grave concern as cybersecurity firms have in the past also discovered the Pegasus software to exist in both the Apple and Android operating systems.

While WhatsApp said the number of infected users may go up from the present gauge of 1,400, as more users come forward with this issue, Newswire Reuters even reported citing to sources familiar with WhatsApp's internal investigation that the snooping may also include prominent government and military authorities in about 20 nations, aside from activists and journalists.

Raman Jit Singh Chima, Asia Policy Director, and Senior International Counsel at open internet advocacy group Access Now says that “Surveillance tech firms such as NSO and others market these capabilities with the intent of allowing their clients to hack and surveil all of the everyday smartphone activity of the targeted victim.”

He further included this may also include services, like Gmail, iMessage, Facebook, and Viber.

NSO's utilization of malware to control Apple devices is said to have been first discovered in 2016, and Apple along these lines had even released software upgrades in September 2016 after it found that hackers could have accessed its devices by making a victim click on a link and it was then speculated that Pegasus spyware could have been installed by misusing vulnerabilities in its software.

University of Toronto-based Citizen Lab, which aided WhatsApp in its investigation for the aforementioned issue, said in a 2018 report that Pegasus seems, by all accounts, to be being used by nations with 'dubious' human rights records and histories of harsh conduct by state security administrations.

This includes India too, as one NSO administrator named the Ganges is said to have been operated in India and was discovered by Citizen Lab. Most recently WhatsApp stresses the fact that the number of users affected may go up later on particularly in India because of the total absence of any surveillance reform or data protection laws.

How the Internet isolation law will change the life of Russian business


On November 1, the law on the isolation of the Runet came into force. Some companies spend millions to switch to Russian servers and local social networks, while others completely shut down business in the country.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

According to Alexandra Kurdyumova, senior partner at Versus.legal law firm, we are talking about devices and software that works on the principle of DPI (deep packet inspection). The technology monitors not only where the traffic is going, but also analyzes its contents.

"If something seems suspicious to Roskomnadzor, it will be able to disable the malicious resource without the participation of Telecom operators," explains Kurdyumova.

New features of the regulator alerted the entire network business. If the company's website runs on a foreign server (for example, Amazon), uses Google Analytics for data analysis or conducts sales via Instagram or other foreign social networks, it risks losing access to usual tools, if Roskomnadzor wants it.

“I see a lot of risks in the law on the isolation of the Runet. Therefore, within six months we will transport employees to the United States and Poland. About 10% of employees will remain in Russia so far to support current customers”, said Roman Kumar Vyas, founder of the marketing Agency Qmarketing and co-owner of the cleaning service Qlean.

According to Albert Oskanov, co-founder and CEO of Oskelly clothing marketplace, the authors of the bill do not quite understand what they are going to do, do not realize the consequences. Their actions can lead to serious disruptions in the work of some Russian companies.

Sergey Demin, IT Director of IT outsourcing company G-Support, believes that the centralization of the network infrastructure does not make it more stable, but bites it. A very easy target appears for hackers. As a result, users will migrate to the Darknet and there will be constant attacks on the IT infrastructure of regulatory authorities.

Counter-Strike: Global Offensive (CS:GO) — Money Laundering Prompts Valve to Shut Down In-Game Key Sales


Counter-Strike: Global Offensive (CS: GO) was being targeted by criminals for money laundering, according to the US video game developer, Valve. In a statement, the makers told that the aim of the attackers is to "liquidate their gains".

Developed by Valve and Hidden Path Entertainment, CS: GO is a popular multiplayer, first-person shooter game in which two teams go against each other strategically completing given objectives such as diffusing bombs and rescuing hostages.

The game allows players to earn cosmetic upgrades for their guns and avatars in loot containers, normally these boxes can only be opened via a key that players have to buy from Valve. However, the makers observed that "worldwide fraud networks have recently shifted to using CS: GO keys to liquidate their gains. At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced." The fraudsters exploited the loot gathering systems in the game to trade keys which further allowed them to unlock rewards for real money.

As a security measure, the company has updated the game in a manner that shuts down the ability to transfer new loot box container keys among users in the game.

"CS: GO container keys purchased in-game can no longer leave the purchasing account. That is, they cannot be sold on the Steam Community Market or traded. Pre-existing CS: GO container keys are unaffected–those keys can still be sold on the Steam Community Market and traded," the blog read.

In the blog post, the company also expressed concern for the effect this would have on legitimate players but also emphasized the need to combat fraud which they have on priority.

While the total amount of money laundered through the Steam marketplace remains ambiguous, hundreds of thousands of loot containers along with keys have been traded by the criminals via the online marketplace. Notably, the boxes and keys were traded for a few dollars each.

In the past seven years of its existence, CS: GO amid gaining massive popularity has unfortunately also attracted a number of disputable scenarios including illegal gambling and hidden business interests for social media influencers.