Search This Blog

Showing posts with label Technology. Show all posts

Google Plans to Ban 'Sugar Dating' Apps From September

 

Google is all set to remove ‘Super Dating' applications from the Play Store in order to make the Android app download market a safer place. From September 1, Sugar Dating" apps will no longer be available on play store, according to the company. 

Google is targeting applications that promote financial indemnity in relationships as there is a slew of “Sugar Daddy” type dating apps available. Google's "inappropriate content policy" has been modified and additional limits will be imposed on sexual content, especially forbidding compensated sexual relationships,” (i.e., sugar dating).  

A relationship in which a male provides money or possessions to someone younger than him in exchange for favors is referred to as a "Sugar Daddy" relationship. Previously, this didn't appear to be an issue for Google, but many platforms are rapidly attempting to establish an atmosphere that is more in touch with today's awareness culture. 

But, considering that certain traditional dating apps and social networks are also utilized for paid relationships, the question is how big of an impact it will have on them. Eventually, this update is primarily intended to safeguard young people from privacy and safety concerns while using applications. 

Google is taking these steps at a time when Trump's Fosta-Sesta law from 2018 is being increasingly utilized to target sites that encourage prostitution and online sex work. This legislation makes it simpler to penalize websites that aid in sex trafficking. Operators of sites that allow sex workers to communicate with clients, for example, may face a 25-year jail sentence. 

Although the law has been hardly ever enforced to date and could serve as a barrier, as per 2020 report by a group of sex workers called Hacking/Hustling mentioned that the law has had a "detrimental effect on online workers' economic stability, safety, access to the community, and clinical outcomes," as pressure on online platforms results in the elimination of tools such workers use to stay safe. 

Google's update also seeks to enhance children's safety, particularly their privacy. Advertisers will no longer be able to get advertising IDs from a child-oriented application. These IDs are basically surfing data that advertisers use to tailor their ad campaigns to effectively reach their target market and improve sales. Google, like other digital powerhouses, appears to be moving in the direction of effectively safeguarding young people on platforms and other networks.  

Furthermore, Google's Store Listing and Promotion policy will be updated on September 29, 2021, to ban spam text and images in app titles, icons, and developer names.

Bot that helps hackers write code

 The Copilot service developed by Microsoft and GitHub specialists, designed to simplify the work of programmers, can be used by hackers to create malicious software

Copilot, created by GitHub based on artificial intelligence, acts like keyboards on mobile devices.

GitHub introduced this service at the end of June, and its development required the help of OpenAI. Copilot is expected to make life easier for developers.

So, during the development of the service, specialists trained it on billions of lines of code. And now, when a developer writes code, GitHub Copilot gives suggestions that can be used for more productive coding.

Russian cybersecurity experts believe that innovation of GitHub may be useful not only for software developers, but also for cybercriminals.

According to experts, the new program may make it easier for hackers to write code, and they will be able to do it faster. Consequently, the number of authors of such code may increase.

Denis Legezo, a senior cybersecurity expert with Kaspersky Lab, noted that any technology, including Copilot, cannot be good or bad in itself. It is important for what purposes a person uses it. The expert did not rule out that the new program, as a convenient and accessible development tool, can also be used by cybercriminals.

The GIS expert Nikolay Nashivochnikov told about the danger of using a new bot for programmers by hackers.

"As we can see, new services simplify the life of not only white hat hackers, but also black hat. If the hackers manage to introduce a dangerous design into the Copilot system, and it starts offering developers to insert this vulnerability into their code, as a result, we can get a more widespread vulnerability," said Mr. Nashivochnikov.

Experts also talk about the possibility of banal theft of someone else's code. In about 0.1% of cases, the code will be literally taken from the training sample. In the remaining 99.9% of cases, the service uses a training sample as a basis for synthesizing something new.


GitHub Brings Suite of Supply Chain Security Features to Go

 

GitHub has released a number of supply chain security updates for Go programming language modules.

In a blog post published on July 22, GitHub staff product manager William Bartholomew stated that Go — also known as Golang is now firmly ingrained in the top 15 programming languages on the platform and that as the most famous host for Go modules, GitHub intends to assist the community in discovering, reporting, and preventing security vulnerabilities. 

Go modules were launched in 2019 to help with dependency management. As per the Go Developer Survey 2020, Go is now utilized in the workplace in some form by 76 percent of respondents. 

Furthermore, Go modules are becoming more popular, with 96 percent of those polled indicating they use them for package management, up 7% from 2019, and 87 percent saying they use exclusively Go modules for this reason. 

According to the results of the survey, the usage of other package management solutions is declining. As per GitHub, four major aspects of supply chain security enhancement are now available for Go modules. 

The first is GitHub's Advisory Database, an open-source repository of vulnerability information that presently has over 150 Go advisories at the time of publication. Developers can also use the database to get CVE IDs for newly identified security flaws. 

"This number is growing every day as we curate existing vulnerabilities and triage newly discovered ones," Bartholomew added. 

GitHub has also released its dependency graph, which can be used to track and evaluate project dependencies using go.mod, as well as warn users when risky dependencies are discovered. In this version, GitHub has also introduced Dependabot, which will notify developers when new security flaws in Go modules are identified.

To fix vulnerable Go modules, automatic pull requests can be enabled, and notification settings have been enhanced for fine-tuning. According to Bartholomew, repositories are enabled to automatically create pull requests for security updates, dependencies patch up to 40% faster than those that do not.

The work of the Runet was tested in the exercise of disconnection from the global network

 In June—July, regular exercises on the stability of the Runet were held. This time the possibility of working in conditions of physical disconnection of the Russian internet from the global network was tested

Seven main operators of Russia took part in the exercises. The purpose of the exercises was to determine the possibility of the Runet working in the event of external distortions, blockages and other threats. According to preliminary data, the exercises were a success.

Roskomnadzor noted that in accordance with the legislation, such exercises, which are aimed at improving the integrity, stability and security of the Russian Internet infrastructure, are held annually.

In February, the head of the information and analytical agency TelecomDaily, Denis Kuskov, suggested that if Russia is disconnected from the global network, it will be possible to use Runet and domestic resources. At the same time, in the context of sanctions pressure on Russia, disconnection from the global network can be perceived as additional restrictions.

In turn, the deputy head of the Russian Security Council, Dmitry Medvedev, said that disconnecting Russia from the global network is possible, but the authorities have a plan of action for this case. He added that everything is ready for the autonomous operation of the Runet both technologically and at the legislative level.

Recall, on May 1, 2019, Putin signed a law on the isolation of the Runet. The new law determines that Roskomnadzor assumes all the authority for managing networks in case of threats to the Russian Internet. In addition, Roskomnadzor has the right to directly block websites with prohibited information.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

Moreover, representatives of big business warned that banning modern website encryption protocols in Russia is tantamount to disconnecting the country from the global Internet. The adoption of the bill in the proposed form, in their opinion, will formally make it illegal to use smartphones and computers and will entail "catastrophic consequences".

Global Outage Disrupts the Services of Major Websites

 

Several major websites faced outages on Thursday due to a glitch in Akamai Technologies Inc's (AKAM.O) systems, the second widespread outage linked to the cloud company in two months. Affected websites included DraftKings, Airbnb, FedEx, Delta, Barclays, and the PlayStation network used for online games. 

"We have implemented a fix for this issue, and based on current observations, the service is resuming normal operations," Akamai tweeted. 

The disruption was caused by a vulnerability in the domain name system (DNS) service, designed to keep websites, apps, and services running smoothly and securely, that was triggered during a software update and lasted up to an hour.

DNS services play a vital role in the functioning of the internet, but are known to have bugs and can be easily exploited by threat actors. Companies like Akamai have designed their own DNS services that are meant to solve some of these problems for their users. But when things go south or there’s an outage, it can cause a knock-on effect to all of the customer websites and services that rely on it.

Akamai said it was “actively investigating the issue,” but when reached a spokesperson, he would not say if its outage was the cause of the disruption to other sites and services that are currently offline. However, a spokesperson for ThousandEyes, an internet monitoring company bought by Cisco in 2020, attributed the outage to Akamai.

Major internet companies such as Zomato, Paytm, Disney+ Hotstar, Sony LIV were also affected due to issues with Akamai Technologies. Other affected services reported by Internet outage monitoring platform DownDetector included Banks such as Lloyds, TSB, and Halifax, gaming services including Steam, Call of Duty, and EA, and streaming services on Channel 4 and ITV.

In June, cloud computing provider Fastly had an interrupted service that took down social media, government, and news websites across the globe. In that case, it later emerged that settings change by one customer had inadvertently affected the entire infrastructure. Last year Cloudflare, which also offers networking services to companies across the globe, had a similar outage following a vulnerability that caused major sites to stop loading, including Shopify, Discord, and Politico.

How Artificial Intelligence is Changing Healthcare

Over the past couple of years, modern technology has been actively implemented in medicine. AI helps to assess the degree of lung damage, identify malignant tumors, and is used in the development of new drugs.

Similar technologies are being used in Russia. For example, the Russian platform Botkin.AI allows detecting lung cancer through the analysis of medical images using artificial intelligence technologies in the Microsoft Azure cloud. The solution has already been successfully implemented in several regions of the country. Russia also has a digital histological laboratory UNIM, which examines histological materials using a neural network to make a correct diagnosis.

According to the development director of the Webiomed project, Alexander Gusev, the biggest competition in Russia is in the fields of image processing, especially in the analysis of lung tomograms for COVID diagnosis. The second popular field is speech recognition and information synthesis.

One of the main problems with AI is that market participants often do not understand how much a particular development might cost in everyday medical practice.

Another problem is the legislation. Russian law defines that AI software is a medical device and must undergo a long and expensive registration.

It should be noted that now there are only six AI systems in Russia that have been registered as medical software devices.

According to the general opinion of experts, doctors do not easily agree to the introduction of AI. 

"When we ask about the attitude of doctors to innovation, they are just happy and express a desire to work with AI. However, about 2.5-5% of managers and doctors use AI products all the time," Mr. Gusev added.

At the same time, it does not take much time to understand the technology. AI development is often similar to a conventional computer program interface.

Thousands of PS4s Seized, Employed in Mining Cryptocurrency Illegally

 

In Vinnytsia city located along the Southern Bug river, a large-scale electricity theft was revealed and recorded by the SBU. In one of the JSC Vinnytsiaoblenerho's old premises, the culprits mined cryptocurrency illegally. Nearly 5000 computers were confiscated by Ukrainian law enforcement. This underground crypto farm is the largest. 

SBU officials found that in the JSC Vinnytsiaoblenerho's abandoned warehouse in the industrial park of the facility the citizens of Kyiv and Vinnytsia towns established illegal crypto-farm. 

The criminals stole JSC Vinnytsiaoblenerho's electricity for mining. They exploited electricity meters to cover up their actions that showed no real consumption of energy. 

After being found in an abandoned warehouse, operated illegally for bitcoin, thousands of PlayStation 4 Gaming systems have been confiscated. 

There were approximately 3,800 game consoles, which were trimmed together and housed on metal racks, with more than 500 graphics cards and 50 processors. The hardware was supposed to make it easier to extract cryptocurrencies while those who are presumably responsible stole the electricity needed from the town. 

Current estimates show somewhere between $186,200 and $259,300 a month of electricity that has been stolen. 

Raids occurred on the Cryptocurrency farm, and Ukrainian police said investigations were also carried out at "offender's residences," which reportedly captured drafting notes on the use of power, notebooks, mobile phones, and USB storage devices. 

In a statement, JSC Vinnytsiaoblenergo said that "our company has nothing to do with any illegal activity," and "cryptocurrency mining equipment has never operated in the premises owned by our company." 

Furthermore, the utility firm said that there was no proof of electricity theft. The inquiry took place under the supervision of the Prosecutor General's Office by the Ukrainian law enforcement agencies. 

Chinese law enforcement detected wires in fish ponds used to link to an electric power grid on an oil system, in a separate but remarkable bitcoin farm plot in 2019. After drones were dispatched to track the criminal, Active Bitcoin (BTC) rigs were found in a shed. Currently, further investigation is underway.


Telegram's Encryption Protocol Detected with Vulnerabilities

 

A multinational computer team claimed on Friday that the popular encrypted chat app Telegram is detected with four cryptographic vulnerabilities by their researchers. 

The vulnerabilities, based on the security study, range from technically trivial and easy to use to advanced and of theoretical interest. But in the end, it is demonstrated by ETH Professor Kenny Paterson, who was a member of the team that exposed the vulnerability, that the four important aspects could be done better, more secure, and more efficiently using a standard approach to cryptography. 

Telegram's a cloud-based free, open-source instant messaging app on cross-platform. This program also provides encoded video calling, VoIP, file sharing, and various other functions from one end to the next. It was launched in August 2013 for iOS and in October 2013 for Android. 

The greatest vulnerability found by researchers is what they call the vulnerability "crime pizza." An attacker could modify the sequence of messages from a client to a telegram-operated cloud server in this easily. 

“For example, if the order of the messages in the sequence ‘I say “yes” to’, ‘pizza’, ‘I say “no” to’, “crime” was altered then it would appear that the client is declaring their willingness to commit a crime,” according to the universities.

An attacker may detect which of two communications is encrypted by the client, even if particular circumstances are required to do so using one of the more theoretical vulnerabilities. 

Rather than using more common protocols like Transport Layer Security, Telegram uses its MTProto encryption protocol. In the past, too, cryptographers have skeptically eyed MTProto. The recent investigation recalls that while encrypted apps give considerable protection, they are not 100% impermissible to use. 

The flaws in the telegram were reported by cryptographers from ETH Zürich, a public research university in Switzerland, and the Royal Holloway constituent college of the University of London. 

“For most users, the immediate risk is low, but these vulnerabilities highlight that Telegram fell short of the cryptographic guarantees enjoyed by other widely deployed cryptographic protocols,” a university summary states. 

Telegram wrote that it made changes in response to the disclosure “that make the four observations made by the researchers no longer relevant.” 

Further, it has also revealed that there were no critical vulnerabilities. 

“We welcome any research that helps make our protocol even more secure,” Telegram said. “These particular findings helped further improve the theoretical security of the protocol.”

Experts: the volume of cryptocurrency fraud in the world has reached $1 billion in a year

In the last year, at least $1 billion worth of digital currency was stolen worldwide. The number of extortion cases since the beginning of 2021 has already exceeded 1000. The reason is the rise in the value of digital money and its popularity. The average amount of extortion now is about $250,000, but it can reach $5-10 million. According to analysts, in the future, the number of such crimes will grow.

In 2021, the Binance cryptocurrency exchange recorded more than 5,000 appeals to law enforcement agencies of different countries with complaints of fraud and extortion. This is twice as much as during the same period last year.

According to Alexander Gostev, Chief Technology Expert at Kaspersky Lab, there have been more incidents involving encryption ransomware. The growth is also due to the introduction of legal regulation of digital assets in many countries. For example, since January 1, 2021, cryptocurrency has been assigned the status of the property in Russia. Russians need to declare income from it, and the state will receive taxes on profits from digital assets.

Denis Voskvitsov, director of Exantech blockchain technology company, believes that the increase in the number of frauds related to cryptocurrency is caused by its growing popularity and increasing use in everyday life. Despite the hidden circulation of digital money, in the end, it still needs to be withdrawn into regular currency. And now the state is trying to identify the digital assets of citizens. This provokes people to hide their actions, which is what attackers use.

Vladimir Ulyanov, head of Zecurion Analytics, expects an increase in both the volume of transactions with tokens and crimes with them in Russia and the world. Even services and platforms related to cryptocurrency circulation may face restrictions and blockages, as many tokens are illegal in Russia.

The eSIM technology stimulates the growth of the IoT market in Russia

The development of eSIM technology has become one of the drivers of the IoT market, both in Russia and around the world. The network of IoT devices, which have a traditional or built-in virtual (eSIM) SIM-card, differs from GSM, 3G and 4G networks by its lower power consumption. For this reason, this network is optimal for smart city systems.

According to GSMA, the number of new types of eSIM equipment in the world is increasing by 50% annually and by the end of this year, the number of IoT devices with eSIM and with conventional SIM cards will be the same.

The lack of equipment and regulatory framework to regulate eSIM slows down the implementation of eSIM, so customers deliberately do not purchase IoT equipment with eSIM. In addition, the government plans to oblige Russian companies and departments to use only Russian IoT solutions in housing, fire and other security.

However, according to experts, this restriction prevents the introduction of IoT, because now there are no ready-made Russian platforms for virtual SIM cards on the market.

It is interesting to note that against the background of the development of the Industrial Internet of Things (IIoT) there is an increase in the introduction of private networks in the world. However, the market in Russia is still at an early stage of development compared to the world market. According to TelecomDaily the Russian market volume of private LTE-networks now amounts to about 21 million dollars, and about 30 public projects operate in the country.

Private LTE is implemented in places where for technical or other reasons there is no possibility to introduce fixed-line communication. For example, these are quarries, mines or enterprises, located in inaccessible areas. In Russia, the leaders in the introduction of pLTE technology are primarily large industrial enterprises.

Experts agree that private LTE networks will be more and more in demand among industrial enterprises and in the future, they will be more and more often used for the implementation of smart cities projects.

Ukraine Seized Gaming Consoles used for Illegal Crypto Mining

 

The Security Service of Ukraine (SBU), Ukraine's top law enforcement agency, reported last week that it had discovered a large-scale electricity theft in Vinnytsia, in west-central Ukraine. The stolen power was used to mint digital currency in the country's largest illegal crypto farm discovered to date, according to officials. Residents of Vinnytsia and Kyiv established the mining facility in a former warehouse of JSC Vinnytsiaoblenerho, according to a press release on the agency's website. Using electrical metres that did not indicate the true energy consumption, they were able to hide the theft from the distribution firm. 

Law enforcement seized around 5,000 items of mining hardware, including 3,800 gaming consoles, over 500 video cards, and 50 processors, during searches at the crypto farm and its owners' homes. Agents seized electricity consumption records, as well as notebooks, phones, and flash drives, according to the announcement.

Under the direction of Ukraine's Prosecutor General's Office, the SBU Department for Counterintelligence Protection of State Economic Interests, in collaboration with the regional SBU Office in Vinnytsia and the Main National Police Investigation Department, conducted the operation. 

According to preliminary estimates published by Ukrainian officials, the illegal mining activity is responsible for electrical losses in the range of 5 to 7 million hryvnia, or $183,000 to $256,000 at the time of writing. Officials added that the heavy usage could have caused power surges and disruptions in the neighboring communities. For unauthorized usage of electricity, the SBU has filed a criminal complaint. Investigators are now seeking to figure out who is behind the illegal crypto mining and if any JSC Vinnytsiaoblenerho employees are involved as well. 

The report from Vinnytsia follows the closure of an illegal mining farm in Chernihiv Oblast by Ukrainian law enforcement last week. The facility was run off of stolen electricity from the local power grid. Authorities confiscated 150 mining equipment that had burned electricity worth $110,000 during a raid on rented facilities. In early June, the SBU discovered a crypto farm in Dnipropetrovsk Oblast with 350 mining rigs that were illegally linked to the power system and had consumed over $70,000 in electricity. 

Last year, Ukraine was ranked first in the world in Chainalysis' Global Crypto Adoption Index. The Eastern European country is attempting to lead the region with crypto-friendly efforts such as the introduction of a bill to determine the legal status of crypto assets in the country, as well as guidelines for their circulation and issuance.

$350,000 Stolen from Users by Fake Cryptocurrency Mining Apps

 

The year 2021 will be remembered as a watershed moment for cryptocurrencies. Despite its ups and downs, Bitcoin is still valued at over $32,000 per coin. Not only Bitcoin, but most other cryptocurrencies have enjoyed significant price increases this year. As a result, there has been a surge of crypto apps, both in app stores and from third-party developers. Many of these apps, however, are scams. Lookout, a security organization, has published a detailed analysis on dangerous crypto-mining apps. 

More than 170 Android apps that claim to provide cryptocurrency mining services for a fee are essentially scams, according to the researchers. 25 of the 170 were hosted on Google Play, and they are attempting to defraud cryptocurrency enthusiasts by proposing cloud-based mining services. 

Cryptocurrency mining is using computing power (from a personal computer or a rented system) to solve computational and cryptographic tasks in exchange for coins. However, the processing power necessary for many types of cryptocurrency is now greater than a single personal computer, allowing individuals to join mining pools and share the effort — and the profits.

Because they didn't appear to be doing anything that would trigger the Play Store's automated policy compliance checks, these apps were able to dodge any and all detection and checks in place for apps listed on the Play Store. In reality, these apps were doing absolutely nothing. Google has since deleted the apps from the Play Store. Bitcoin and Ethereum are among the coins they claim to be mining. These apps cost $12.99 to $259.99, and you could pay with Google Play's saved payment methods or crypto coins like Bitcoin, which you could send directly to the developer's crypto wallet. 

There were even higher-tier membership options that required users to pay more money in exchange for a lower minimum balance requirement and better benefits. The Lookout Threat Lab thinks that these apps, which are available on the Google Play Store and third-party app stores, have defrauded more than 93,000 consumers and stole at least $350,000 in subscription fees and in-app purchases.

“While CloudScam and BitScam apps have now been removed from Google Play, there are dozens more still being circulated in third-party app stores. In total, the operators generated at least $350,000. They stole $300,000 from selling the fake apps and an additional $50,000 in cryptocurrencies from victims paying for fake upgrades and services. Most of the scam apps either have fake information or don’t have any terms available,” say the researchers.

Are Online Brands Prioritizing Speed Over Security? Here's a Quick Look

 

Concern over online security has risen significantly in recent times. According to research published by Trulioo, consumers around the world have started feeling fear over online security threats, 71% of respondents living in China, the UK, and the U.S. feel that brand industries are prioritizing their businesses' success over users’ security. 

Because of the Pandemic, around the world, e-commerce got hyped, every industry is strengthening its presence over digital platforms. Digital upgrades in the industries have enhanced the experience of the customers as companies saved their business from going down because of the pandemic restrictions. Meanwhile, the investment in new digital capabilities will serve long-term benefits to the companies. 

With restrictions easing in the post-pandemic period, many customers have responded that they now prefer banking and shopping online over offline services. In a Morning Consult survey of 2,200 U.S. consumers, on average, half of them said that they wouldn’t feel comfortable shopping at a mall for more than six months, which explains. 

Following the cyber fraud, around the world consumers are becoming way more serious about their online privacy. 76% percent of consumers feel that they’re at greater risk from online scams than they were a year ago, and 75% are now worried about becoming a victim of fraud. 

“For online brands, the last year has been one of the contrasts, with fantastic opportunities for customer acquisition and growth in many sectors, set against a backdrop of new and increased threats of fraud and identity theft”, commented Zac Cohen, COO at Trulioo. 

“This research suggests that we’ve reached a tipping point in consumer attitudes to online security – people are becoming acutely aware of the risks of transacting online and they want to know and see that their favorite brands are protecting them. Of course, world-class customer experience is critical to compete in a digital world, but brands should be aware that it can’t come at the expense of the most robust security practices.”

Cloud Cryptomining Scam in Google Play Rakes in Cash

 

Researchers stated that fraudulent crypto mining applications available for download on Google Play have scammed more than 93,400 people so far, taking at least $350,000. 

The applications, which are divided into “BitScam” and “CloudScam” variants, market themselves as delivering bitcoin mining services for a charge, according to Lookout. 

“These apps were able to fly under the radar because they don’t actually do anything malicious,” said Ioannis Gasparis, a mobile application security researcher at Lookout, in an analysis released on Wednesday. 

“They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception.” 

In addition to charging for the “apps,” the fraudsters push extra services and upgrades that users may buy within the apps, either directly by transferring Bitcoin to the creators' wallets (the BitScam version) or through the Google Play in-app billing system (the CloudScam version). On the official Google Play store, there were 25 similar apps, with a total of 170 when third-party app shops are included. Although the crypto mining applications have been deleted from Google Play, there are still hundreds more accessible for side-loading, according to Gasparis. 

He said in the report, “Cloud mining introduces both convenience and cybersecurity risks. Because of the simplicity and agility of cloud computing, it is quick and easy to set up a realistic-looking crypto-mining service that is really a scam. Cybercriminals have set up similar schemes to steal from desktop users, [but this is] the first scam that packages this scheme into mobile apps.” 

Working of mobile, socially engineered cryptomining scams: 

After downloading the app and creating an account, users are presented with an activity dashboard that claims to show the “available hash mining rate.” It also has a counter for the number of coins the victims are supposed to have earned. 

“The hash rate displayed is typically very low to lure the user into buying upgrades that promise faster mining rates,” Gasparis noted. Such “virtual hardware” upgrades can range from $12.99 to $259.99, Lookout found. Other “upgrades” include spendier subscription plans with lower minimum withdrawal balances and higher supposed mining rates. Users also are told they’ll earn “20 percent” of their friend’s earnings if they refer someone to the app, and are offered “daily rewards.” 

In terms of the coin counter, the applications just show a fake balance. The counter progressed only when the app was running in the foreground in some of the applications examined, and it was reset to zero when the mobile device was rebooted or the app was resumed. Some of the totals were limited: After counting to 10 on the CloudScam software "BTC Cash," for example, the counter resets to zero. 

“If cloud mining was actually taking place in either BitScam or CloudScam, we would expect the coin amount displayed to be stored in a secure cloud database and queried via an API,” Gasparis stated. 

Users are also prevented from withdrawing any coins unless they achieve a certain minimum balance in the applications (not that any coins actually exist). Even if such balance is purportedly attained, the applications merely display a notification informing the user that the withdrawal transaction is pending while simultaneously resetting the user's coin balance to zero. The user may receive an error message stating that the balance is inadequate for withdrawal in some situations. 

According to Gasparis, the first samples of these crypto-scam apps were disseminated through third-party app stores in the second half of 2019. He went on to say that it's possible that since then, rival entities have emerged to market their products in this area. 

He added, “My conclusion that CloudScam and BitScam are run by competing groups is based on the fact that each family has completely different codebases. There are a lot of mentions of Android bitcoin miners in general on the Dark Web, though nothing specific to the apps we found.” Gasparis informed Threatpost that he had no idea how to fix the applications, including how to halt subscriptions and reclaim any costs. 

“Purchasing goods or services online always requires a certain degree of trust in the vendor or at least the app store processing the transaction,” Gasparis noted in the report.

“While this is true for any online transaction, it is even more important with respect to financial services such as cryptocurrency investments. The scammers running this scheme were able to tap into the existing frenzy created by the hot cryptocurrency market. But no matter how high cryptocurrency valuations climb, there is no substitute for appropriate due diligence before purchasing a cryptocurrency mining app.” 

Lookout has five suggestions for identifying bitcoin scammers: 

1.Get to know the app's creators. What certifications or credentials do they have, what other applications have they created, do they have a website, and can you contact them? 

2.Install it from a reputable app store. While it's difficult to identify fraud, downloading from an official shop decreases your chances of getting malware. 

3.Take the time to read the terms and conditions. The majority of scam applications contain fictitious information or lack any terms. 

4.Use the app's reviews from other users to your advantage. When it comes to spotting frauds, reading other users' experiences with the app may be eye-opening. 

5. Understand the app's permissions and functions. Examine the app's actions for any red flags. Is the program requesting rights that it doesn't require to function? Is there a sudden crash or reset of the app, a sudden reset of the bitcoin balance, and a sudden reset of the displayed numbers? 

Cryptoming Scam Apps:

The scam apps that were available on Google Play and may still be installed on victims’ phones are:

1. BitScam (18): Top Coins, Mr Bitcoin, Star BTC, Bitcoin Burn, Moon BAT, Bito Holic, Bito Hash,  BitHash, Multi Coins, BitcoinCash Miner, Airdrop, Bright Miner, Pink BTC, XMR Miner, COIN Master, ETHMINER PRO, crypto cloud mining pro and Btc Miner pro.

2. CloudScam (7): Bito Miner, Mining Machine, BTC CLOUD, BTC Cash, Black Crypto, Cloud Mining, and Crypto Pro-Miner.

Consumers Loosing Trust In Financial and E-commerce Industries

 

Callsign, a digital identity pioneer, revealed that the rise of scams is harming organizations’ reputations across the world. UK-based company Callsign has illustrated in its report that the rising scam crimes are threatening organizations’ image around the world. The global study of consumers has disclosed that merely receiving a scam message claiming to be from an official brand is enough for 49.8% of customers to lose confidence in the organization regardless of any real association with the message. 

Founded in 2012, Callsign is considered a digital identity giant that offers identity authorization and authentication, fraud protection, it also provides products and services to banks and other public and private sector organizations. Those organizations that mostly have been targeted by cyber fraudsters are the financial services and e-commerce industry. Consumers from various organizations have reportedly said that for all scam messages that they receive, around 59% claim to be from their bank, or a retailer (36%). 

Globally, by and large, individuals who receive fraud messages via various mediums of communication receive 1133 messages a year, of which 24% claim that they receive more fraud messages than friends and family. Around 41% admit that they don’t report files against fraud messages because mostly consumers underestimate the level of crime. 

Following the report, Stuart Dobbie, SVP, Innovation, Callsign said, “Fraud hides in volume and the rapid migration of the global population online in the last 18 months has led to the industrialization of scams. The consequence is fraudsters are using the same channels we’re using to authenticate genuine consumers, and this is harming organizations’ reputations with the decrease of trust in their brands, Organizations need to re-evaluate the communications channels they use to interact with customers to better establish trust. With fraudsters monopolizing open channels such as SMS and email, these channels cannot be relied upon to also authenticate identity…” 

“…Our research shows that over a third (38%) of consumers think identity is the problem and that people should prove who they are when signing up to use a platform to stop scammers. These consumer concerns emphasize organizations must wake up to the importance of digital identification.”

Researchers Detail the New Two-Step Cryptography Technique

 

The accessibility of computer system resources on-demand, in particular data storage and computational power, without direct active user management is cloud computing. The terminology is commonly used to characterize data centers for several Internet users. Cloud computing has as its primary objective the provision of rapid, simple, cost-effective computing and data stocking services. The cloud environment, however, presents data privacy problems. 

The key method used to strengthen cloud computing security is cryptography. By encrypting the saved or sent data, this mathematical technique protects it, so that only the intended recipient can understand it. Although various encryption techniques exist, though none are properly secured and new technologies are still being sought so that the increasing risks to privacy and security in data are countered. 

With all that in mind, the most important question that arises is “How the two-step cryptography technique works?” 

A group of researchers from Indian and Yemen described the revolutionary two-step cryptographic method – the first to combine genetic technologies with mathematical techniques. This explanatory study by the researchers is published in the International Journal of Intelligent Networks in KeAi. As per the writers of the report, a highly secure and flexible encrypted environment can be created which could trigger a paradigm shift in data secrecy. 

The paper’s corresponding author, Fursan Thabit of Swami Raman and Teerth Marathwada University in India, explains: “Some existing famous ciphers use the Feistel structure for encryption and decryption. Others use the Network SP (Substitution-Permutation). The first level of our encryption uses a logical-mathematical function inspired by a combination of the two. Not only does it improve the complexity of the encryption, but it also increases energy efficiency by reducing the number of encryption rounds required.” 

The second encryption layer by the researcher is influenced by genetic technological structures based on the Central Dogma of Molecular Biology (CDMB). It models the actual genetic code operations (binary to DNA base translations), transcription (DNA to mRNA regeneration), and translation (regeneration from mRNA to protein). 

They are the first to integrate the concepts of DNA, RNA, and genetic engineering for cryptographic matters and the first to merge the genetic encrypting process with mathematics to create a complex key. 

By evaluating the encrypting time, decryption time, output, and length of the ciphertexts produced, the researchers have assessed their novel algorithm robustness. They observed that their suggested algorithm has great safety strength and is extremely versatile compared with several other genetic encryption approaches and existing symmetric key encryption techniques. It takes less time than most other procedures as well. 

However, the algorithm's obvious structure – two layers of encryption that only incorporates four coding rounds - reduces the complexity of computing and processing strength. 

Thabit explains: “That clear structure means each round requires only simple math and a genetics simulation process.”

Research Reveals Americans Not Aware About Cybersecurity Issues Happening In U.S

 

Although many cyberattacks made major headlines in the US this year, most of the customers are still not aware of the attacks. The latest study shows that users still lack basic awareness about these attacks and their repercussions on organizations and customers. Armis, a cybersecurity firm in its survey found more than 21% of respondents were unaware of the colonial pipeline cyberattack which happened in May. Whereas, 24% of the respondents believed that one of the biggest attacks that happened on the largest US fuel pipeline wouldn't have any long terms impact on the nation's fuel sector. 

Besides this, 45% of the working Americans didn't have any knowledge about the tampering incident on a local drinking water supply in Florida that happened earlier this year. Armis reports, "released new data uncovering the lack of knowledge and general awareness of major cyberattacks on critical infrastructure and an understanding of security hygiene. End users are not paying attention to the major cybersecurity attacks plaguing operational technology and critical infrastructure across the country, signaling the importance of businesses prioritizing a focus on security as employees return to the office." "Despite the spotlight on these attacks, the data shows that many consumers are simply not taking notice — and the responsibility of security falls on the businesses themselves."

Currently, many organizations are shifting back to the office, according to Armis, around 70% of respondents want to bring their work from home devices to the office. Besides this, the survey also revealed that 54% of the respondents don't think that bringing their personal devices to the office would pose any threat to organizational security. "From the Colonial Pipeline attack shutting down services to the Florida Water Facility hack endangering the water supply, to the ransomware attack on JBS, which could raise meat prices and also restrict access to necessary nutrients in developing countries — the impact of cyber attacks on our critical infrastructure has been evident. We’ve also seen ransomware hit healthcare in a major way, with attacks on Scripps Health's technology systems and a chain of Las Vegas hospitals," says Armis research. "

UN Security Council Talks Over Cyber threats, Where it Leads?

 

The world’s most important forum regarding well being of nations, the United Nations Security Council is going to carry out its first organized public meeting on cybersecurity. The forum will address growing threats of cyberattacks on countries.  In the recent past, many countries witnessed security incidents targeting their key infrastructure. 

Alongside, America's newly elected President Joe Biden has raised cybersecurity issues with Russian President Vladimir Putin, the country which is often accused of being behind major hacks. 

Earlier this month, a summit took place in Geneva in which the US president set forward red lines for Russia. In which he laid out 16 "untouchable" entities, ranging from the energy sector to water distribution. 

"This is the generic list of critical infrastructure which every country has," said one European ambassador who specializes in cybersecurity. 

"In the United Nations first committee, we already have agreed in 2015, which is six years ago, that we are refraining from malicious cyber activities against each other's critical infrastructures as UN member states," the diplomat said. 

This meeting has been called by Estonia which is heading the Council for June and is also a leader in the fight against cyberattacks. The meeting takes place at a ministerial-level through online services. 

Before this formal meeting, the Security Council has already addressed the issue multiple times, but not formally, it always addressed the subject behind closed doors. 

The aim of the videoconference, Estonia said, is "to contribute to a better understanding of the growing risks stemming from malicious activities in cyberspace and their impact on international peace and security." 

Furthermore, a diplomat added this issue is not something where we hide our heads under the sand and say the matter like this doesn't exist. 

"It is a new issue and in the Security Council, as always, it is difficult to bring anything new after 76 years of dealing with more traditional aspects of peace and security, but Cyber is a dual-use domain, we are in a complex situation which is not similar to other international security topics," the official concluded.

The Russian State Duma introduced a bill aimed at combating online pirates

A bill aimed at combating online piracy has been submitted to the State Duma of the Russian Federation. The document will allow copyright holders to independently enter links to sites with illegal content in a special register, after which these links will have to be removed from the search results on the Internet within six hours. Currently, this practice applies only to those companies that have signed the Anti-Piracy Memorandum.

"The fight against the spread of pirated content is extremely complex and requires the efforts of both the state, its supervisory and regulatory bodies, IT specialists, and the entire community of Internet users in general," said Andrey Trofimov, chairman of the Crimean Union of Journalists.

He added that it is necessary to fight not with ordinary users, but with distributors of pirated content, illegal file-sharing sites, and online cinemas.

Illegal online resources offering to watch any movie “for free” and “without registration” often contain malicious code.

Today, the level of viruses and targeted hacker attacks is extremely developed. Previously, in order to hack and penetrate, attackers offered the user something to download and install on a PC. Now it is enough, for example, to simply open the letter. This will trigger the launch of a program that encrypts data on your computer.

The Anti-Piracy memorandum has been in force in the country since 2018. The document was signed by the largest Russian Internet companies, including Rambler Group, Mail.ru Group and Yandex, as well as the copyright holders. According to the document, copyright holders submit links with pirated movies and TV series for consideration, and Internet sites remove them from search results. At the moment, its validity period is extended until August 1, 2021.

Recall, E Hacking News conducted an interview with one of the founders of a new startup Digital Witnessor (https://www.digitalwitnessor.com/) and lawyer Mr. Dhruv Bagri. He shared with us his knowledge about copyright, how to securely register it, quickly and easily, using Blockchain, and from a legal point of view.


The Russian government plans to create a unified video surveillance system

The Russian government wants to create a single video surveillance system that will unite smart cameras in Russian cities. The devices will be able to recognize faces and license plates. The project will help to quickly respond to crimes, and in some cases, prevent them. The personal data of ordinary people is promised to be reliably protected.

The development of the project and the installation of cameras is estimated at 250 billion rubles ($3,500,000), and the implementation may take five years. Previously, the project was estimated at 97 billion rubles ($1,350,000).

Now the cameras in Moscow send video to the Data Processing Center, and in the new system, they will recognize suspicious situations themselves and only then send the video to the Data Processing Center.

It is expected that different cameras will be installed in the cities, depending on the tasks. A face recognition system will be needed somewhere and there will be cameras with powerful computing modules. In other places, there will be enough cameras with motion sensors.

According to the expert, the system will make it possible to better detect violations, respond promptly to them, and in some cases even predict them.

The emergence of a unified video surveillance system may raise fears that personal data will be sent to smart cameras. The CEO of Lab.Ag and the developer of many government sites, Artem Geller, explained that such an outcome is inevitable because the cameras are aimed at fixing the physical data of people.

"Of course, they will process the physiological aspects such as face, gait, clothing, license plate. But don't forget that cameras are already doing this,” Geller added.

Cybersecurity specialist Sergey Vakulin recalled the experience of video surveillance systems in China, where there is also a face recognition function, but each person is assigned his own identification number. And only then this data is encrypted, but even with such a process, there are vulnerabilities.

"The biggest problem is that a lot of data is stored and transmitted using a global network. And devices connected to the global network are more vulnerable," Vakulin added.

According to Vakulin, it is too early to worry about possible hacking and data leaks. He explained that each system has cybersecurity specialists, testers who detect bugs.