By Waqas
The suspect, Vyacheslav Igorevich Penchukov, was wanted by the FBI since August 2012.
This is a post from HackRead.com Read the original post: Ukrainian behind global Zeus malware operation finally caught

As per security journalist Brian Krebs, a Ukrainian national identified as Vyacheslav Igorevich Penchukov has been arrested by Swiss law enforcement agencies. The suspect was nabbed for his involvement in cybercrime especially the infamous Zeus malware.

The suspect used the nickname Tank and Father. He was arrested on 23 October 2022 from Geneva and is awaiting extradition to the USA, reported Krebs.

**About Zeus**

For your information, Zeus is a banking trojan created by an unknown individual known by the handle lucky12345. The devices infected by this highly adaptable malware can be included in an army of a botnet to launch distributed denial of service attacks (DDoS attacks).

The FBI wanted Penchukov on cybercrime charges for more than a decade. He was a member of one of the most notorious cybercrime gangs dubbed JabberZeus. In their malicious campaigns, the cybercriminals stole over $70 million from innocent victims’ bank accounts. 

The gang, which the US Department of Justice referred to as a wide-ranging racketeering enterprise, used Zeus malware for their operations. Reportedly, Penchukov was in a western Ukrainian city called Uzhgorod before Russia invaded the country. He traveled with fake identification details and was in Geneva at the time of his arrest, where he came to meet his wife.

It is worth noting that the suspect was charged in Nebraska back in August 2012 along with Ivan Viktorovich Klepikov, known by the nick “nowhere” and “petrovich,” and Alexey Dmitrievich Bron, also known as “thehead.” 

**Details of Charges**

In 2014, the US Department of Justice released court documents that revealed Penchukov worked with eight gang members. Together they infected countless business computers with Zeus malware to steal account numbers, passwords, and other sensitive data to hack bank accounts and siphon funds from the victims’ accounts.

They were charged for their role in a botnet-based campaign in which they collected targeted users’ bank account login credentials using Zeus malware and drained funds from their accounts. The gang sent the money outside the USA via an extensive network of money mules.

1.  Arrested: 4 hackers involved in SIM Swap, malware attacks
2.  ATM hacker behind $1 billion malware heists arrested in Spain
3.  Japanese boy arrested for developing crypto-stealing malware
4.  Hacker gets 14 years jail over Scan4You malware scanning service
5.  Malware service operators arrested; offered antivirus bypassing tools

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Ukrainian behind global Zeus malware operation finally caught

By Waqas
The smart contracts that govern DeFi are littered with exploitable code, and hackers understand that since hundreds of millions of crypto funds have been siphoned off due to this very issue.
This is a post from HackRead.com Read the original post: We Need Smarter Smart Contracts To Prevent DeFi Hacks

Decentralized finance (DeFi) aims to disrupt the traditional financial world with its promise of greater inclusiveness and faster, anonymous transactions, but to do that it will need to overcome a significant challenge. The smart contracts that govern DeFi are littered with exploitable code that has resulted in millions of dollars of user funds being lost. 

Back in August 2021, Liquid Global, a leading Japanese cryptocurrency exchange, suffered a hack that resulted in more than $97 million worth of crypto being stolen. It was later discovered that hackers had targeted the exchange’s multi-party computation wallets, siphoning the funds within them to four external wallets. The hackers made off with around 107 Bitcoin, 9 million TRON, 11 million XRP, and almost $600 million worth of Ethereum. 

Just one day later, the DeFi industry experienced its largest-ever hack when an attacker made off with a staggering $612 million worth of crypto from the Poly Network protocol. Luckily, the hacker Mr. White Hat returned the funds soon after, saying he was an ethical hacker that just wanted to highlight the vulnerability within the protocol’s smart contract code. It was in any case an extremely close shave, as a less ethical hacker could have easily stumbled across the exploit and made off with a similar amount. 

Later that month, yet another attack targeted the crowdfunding platform, DAO Maker. Once again, smart contract code was exploited by an attacker to gain more than $7 million worth of user’s funds. It meant that hackers stole a combined $716 million worth of crypto that month alone. 

In December of the same year, hackers stole $30 million from the MonoX DEX platform after hackers exploited vulnerabilities in its smart contract.

Fast-forward to this year and the hacks have kept on coming. The biggest so far in 2022 was the attack on Ronin, a cross-chain bridge used by the popular NFT game Axie Infinity. The hackers found a critical vulnerability in Ronin’s code and stole an incredible 1730,000 ETH and over $25 million worth of USDC, for a total gain of $552 million.

That attack came barely a month after another bridge, Wormhole, suffered an attack that lost more than $300 million. Then, in April, the DeFi protocol Beanstalk fell victim to a $182 million hack that took advantage of the 24-hour execution delay in its flash loan smart contract.

**Smart Contracts Are Vulnerable**

With more than $40 billion worth of cryptocurrency locked into the DeFi ecosystem at the time of writing, it seems clear that the industry is here to stay, despite the risks it runs. However, with the top four DeFi protocols – namely Oasis, Lido, Uniswap V2, and Aave – all currently home to more than $4 billion worth of user assets, the worrying spate of high-profile hacks poses a major threat to the industry that could derail its ambition of emerging as a viable alternative to traditional financial services. 

Although some hack attacks are due to lax security measures and phishing attempts on users’ personal keys, the truth is that the majority of funds stolen in the DeFi industry are due to one thing – vulnerabilities in the smart contracts that power the industry. The vulnerabilities might be due to a coding error or external price manipulation or something else, but the end result is always the same – millions of dollars in value lost, and despair for the victims. 

Smart contracts are the self-executing code that underpins DeFi. They run on decentralized blockchain networks and play the role of automating transactions, thereby doing away with the need for a middleman (bank). They allow agreements between anonymous parties to be carried out immediately once certain conditions are met, speeding up transactions and eliminating costly fees. 

But as important as smart contracts are, they’re also littered with vulnerabilities that hackers are only too keen to exploit. That’s not a surprise given some of the amounts they have made off with. DeFi is a tempting target and will continue to be one so long as the vulnerabilities persist.

**How The Industry Has Responded**

The good news is that the DeFi industry is working hard to solve this potentially fatal problem. One way it’s doing so is by maintaining best practices for developers. After all, Solidity, which is the programming language used to create smart contracts on Ethereum, is still new and experimental, so developers can benefit from a helping hand. 

Consensys, an Ethereum software developer, has created a list of best practices that are available on its GitHub page. It provides recommendations for Solidity developers, along with examples of common smart contract hacks. It also provides software that developers can use to try and identify vulnerabilities themselves. Another company, 101 Blockchains, has created an extensive list of blockchain principles and advice around risk mitigation that developers can use to tie up loose ends in their code. 

The proliferation of smart contract hacks has also led to the rise of a new industry around blockchain security. Companies such as Kaspersky offer blockchain security assessments and network penetration testing, while its Endpoint Protection product can secure entire systems at the device level. Meanwhile, the data security firm Cocoon Data’s Safeshare offering relies on patented technology to ensure file security and prevent breaches. 

Also doing good business are the smart contract auditing firms like CertiK, which analyze application codebases for vulnerabilities before they are launched. These extensive audits determine how the code functions, identify bugs, and provide feedback for developers to fix any holes that might be identified. 

In the case of CertiK, it uses specialized software called Skynet Scanning Technologies to review smart contract codes. Meanwhile, Slowmist offers an integrated data system called Blockchain Threat Intelligence, and Quantstamp has created a decentralized smart contract audit protocol that any developer can use to check their code against validator nodes. 

**Rethinking Smart Contracts**

Not everyone is throwing in the towel though. A company called Radix, which defines itself as an asset-oriented smart contract purpose-built for DeFi, is instead aiming to reinvent how smart contacts work, in order to minimize the risk of vulnerabilities creeping into code. 

To do this, Radix has come up with an alternative DeFi infrastructure that doesn’t rely on Solidity and Ethereum Virtual Machine, but rather an entirely new architecture it calls Radix Engine. Notably, it relies on the concept of finite-state machines. Radix’s use of FSMs has resulted in an entirely new developer paradigm compared to Turing complete smart contracts. With it, the opportunities for hackers can be dramatically reduced. 

Rather than using traditional smart contracts, Radix developers instead build their DeFi apps using “components”, which are bits of code that define what their decentralized applications (dApps) can do with “actions”.

In turn, this makes dApps easier to design and analyze, and ensures their behavior is more predictable. The components can be thought of as Lego building bricks – developers can customize them, and link them together with additional components to create the smart contract functionality that powers their dApps.

Because the components are heavily scrutinized by the community and then reused time and again, they’re far more secure than traditional smart contracts that are written from scratch with each and every dApp that’s created. 

Radix dApps built using components can be likened to cogs in a machine. Assuming all of the cogs work as expected, the transaction will be successful. However, if one of the cogs (components) fails, the entire transaction will be aborted, ensuring the user’s funds remain safe in their wallets. 

**A Smarter Future**

The rising popularity of cryptocurrency means that funds will inevitably continue to pour into the DeFi space in the coming years. As such, developers cannot ignore the dangers of smart contract vulnerabilities, meaning they cannot persist with the unreliable development paradigms of the past. 

The good news is that projects like Radix prove that there are ways to bring greater security to DeFi and ensure proper safeguards for users. It remains to be seen if Radix-based DeFi will take off in the long term, but the fact it is getting traction tells us that developers understand they need to be more stringent as they create their smart contract code.

In conclusion, the industry is slowly waking up to the realization that smart contract code must become smarter if the threat of hack attacks is to subside. 

1.  The Lessons to Learn from Nomad Crypto Hack
2.  Meet Blokhaus’s New Open-Source NFT Tool Minterpress
3.  Why general population has to be educated on cryptocurrency
4.  US seizes $1.4 billion in Bitcoin from Silk Road Market Scammer
5.  DeFi Startup AllianceBlock’s Trustless ID Verification Service For Dapps

We Need Smarter Smart Contracts To Prevent DeFi Hacks

By Waqas
Cryptocurrency and blockchain education is critical for anyone looking to grow their personal wealth and achieve financial freedom.
This is a post from HackRead.com Read the original post: Making a case for crypto knowledge – why the general population has to be educated on cryptocurrency

No other asset or innovation has influenced the world of finance the way crypto did over the past few years, and we can safely say that **no one saw it coming**. It almost seems like the crypto hype materialized out of thin air – a decade ago, the concept of digital currency was completely foreign to most people, and then, all of a sudden, we were all watching the **Bitcoin** revolution unfold, paving the path for the emergence of a wide range of cryptocurrencies that would later become known as altcoins.  

Then we all know what happened: Bitcoin went through multiple ups and downs, taking traders on a wild rollercoaster and gaining worldwide popularity. But despite the constant **BTC price** fluctuations, the number of followers kept increasing, establishing the coin as the leader of the crypto sphere – a title that it still holds to this day.

Plenty of other digital assets were created, trying to mimic Bitcoin’s success. Some became quite popular and managed to attract investors’ attention, while others remained relatively unknown or enjoyed a very short time in the spotlight. 

And here we are today, looking at an ever-growing crypto industry that’s becoming more influential with every passing year. There are over **300 million people using crypto** worldwide at the moment, and many more will adopt digital coins in the future.

Right now, the most important question is not whether cryptocurrencies are just a passing fad or they’re here to stay. It’s become pretty clear that the only way for cryptocurrency is upward, and they’re not going anywhere. The issue everyone should focus on – both stakeholders and individuals – is how to approach the rise of crypto. 

Whether we like it or not, digital currencies are now a part of the global financial system, and some go as far as saying they represent the future of finance. So, while we cannot predict how the crypto industry is going to evolve, given its novelty and inherently volatile nature, we can make sure everyone is ready to navigate the crypto sphere, and that involves getting properly educated on the topic.  

**Breaking barriers to usage **

It seems like everyone is trading cryptos these days, but that’s not necessarily the case. Indeed, the number of crypto traders and investors continues to increase as the market expands.

However, a large percentage of the population is still reluctant to use cryptocurrencies, given the perceived complexity of the field. Let’s not forget that **cryptocurrencies represent a financial innovation** that’s still in its infancy, and many people are completely oblivious about how it works or how it can benefit them. The lack of knowledge on the topic makes a lot of people shy away from using cryptocurrencies. 

That’s the case with every innovation ever made. The birth of the internet offers a prime example in this regard. It took time for people to get familiarized with the technology and understand the advantages it provided.

Decades later, the internet has become an integral part of our lives. The same thing is happening now with cryptocurrency. Very few people are eager to learn the ins and outs of a new technology that seems extremely complicated at first glance. Most would rather stick to the traditional assets they’ve used all their lives, but that would limit their options.  

**Crypto education** can arm people with the knowledge and skills they need to become proficient crypto users. The more knowledgeable they become, the easier it will be for them to enter the crypto sphere and navigate it confidently. A larger and more stable user base will also help decrease crypto volatility, which is another major deterrent for traders and investors. 

**Mainstream adoption**

In recent years, more businesses have **started accepting digital assets** as a form of payment, and institutional interest in crypto is also on the rise, which means crypto is getting closer to mainstream adoption.

Government opposition is **getting milder**, and many countries have already expressed their intention to include cryptocurrencies in their financial system. Experts estimate that within the next 10 years, cryptocurrencies will enter mainstream usage, on par with fiat currencies and other asset classes. 

It’s one thing to refuse to use cryptos right now, but when they become part of the local economies, people will no longer be able to ignore them. Governments should make sure their population is prepared to embrace this new form of finance to ensure smooth and frictionless adoption, and that can only be achieved by investing in crypto education and awareness. 

**Protection against crypto scams**

Cryptocurrencies have numerous characteristics that have helped increase their appeal on the investment front, and security is definitely one of them. Digital assets have been praised for the unmatched level of protection and security they provide, being built on **decentralized blockchain platforms** that ensure immutability and anonymity. 

However, this doesn’t mean the crypto environment is free of **scams and frauds**. On the contrary, the hype that’s been created around digital assets also led to the rise of crypto criminals.

These scammers have developed all sorts of methods to catch their targets’ attention or trick people into sharing their personal information or sending them money. Teaching people about cryptocurrencies and how they can differentiate a legitimate project from a potential scam can help them avoid common pitfalls and create a much safer crypto environment. 

**Keeping up with the times **

With all their pros and cons, cryptocurrencies are not a simple trend one can ignore until it goes away. Digital assets are part of the current reality and most likely will become part of our future. It’s already been proven they have real-world value and utility, especially as an alternative form of payment and investment, as well as a solution to provide access to financial services for the unbanked in developing countries.  

Therefore, **educating people on cryptocurrency** is simply a matter of helping them step into the future and expand their options so we can create a more inclusive and sustainable world for everyone.

Making a case for crypto knowledge – why the general population has to be educated on cryptocurrency

By Owais Sultan
The top causes of cloud hacking have evolved over the years. Currently, APIs are among the top threats to clouds.
This is a post from HackRead.com Read the original post: Cloud Hacking – Why API Remains the Biggest Threat?

Cloud computing is central to digital transformation. Most enterprises use cloud-based services today. They help enterprises remain agile and resilient in the era of constant changes.

 92% of enterprises host resources and functions in the cloud. These resources and functions are vital to business operations. But how secure are clouds? Not very.

98% of enterprises faced cloud hacking, as per a 2021 study. This figure has shot up over 18 months from 10% in 2020. 

The top causes of cloud hacking have evolved over the years. Currently, APIs are among the top threats to clouds. And API security risk is a disturbing trend in cyber security today. Two-thirds of cloud breaches are due to misconfigured APIs.

Why are APIs the top threats to your clouds? What can you do to protect your clouds and the resources hosted? Keep reading to find out. 

**Cloud Hacking: A Snapshot **

First things first, can the cloud be hacked? Yes, absolutely! CISA warned us last year.

Hackers are aware of the criticality of clouds to enterprises today. They also know that many companies use public clouds. Private/ on-premise clouds are more difficult to hack than public clouds.

With public clouds, enterprises and vendors share security responsibilities. There are growing numbers of vulnerabilities in public ones that attackers can exploit. 

Several enterprises also fail to apply adequate security controls to secure the cloud. As a result, we are seeing an increase in the instances of cloud hacking. 

**Why are APIs Top Threats to Cloud Security? **

Insecure APIs and interfaces are among the top threats to cloud security today. They are second on the list after insufficient identity, access, and key management. 

**Ascent of APIs **

APIs weren’t considered a big threat to cloud security in 2019. Back then, API dependency was minimal. Today, our dependence on APIs is growing rapidly. We are shifting away from web-based infrastructures to API infrastructures for apps. Monolithic apps and websites are fewer. 

APIs provide developers with agile, hassle-free building blocks to develop cloud services. They offer much better connectivity. But these benefits also come with several risks. So, we see that they are top security concerns for CISOs. 

**APIs Widen the Attack Surface **

APIs make it easy for cloud hacking by widening the attack surface. How do they widen the attack surface? Because they are everywhere. Their ubiquity creates an interconnected architecture.

A misconfiguration here or a broken access control there is all a hacker needs. They can hack clouds using these vulnerabilities. 

Further, there is a massive rise in the use of external APIs and third-party cloud services. You will have to face the damage if your vendor doesn’t take API security seriously. 90% of data breaches target cloud assets and servers. 

**APIs Create Data Security Problems by Their Very Nature **

APIs ensure easier access and connectivity to resources and data. In other words, they expose data and resources programmatically. You will expose sensitive data residing in the cloud to attackers if you don’t secure APIs. Attackers can then modify, delete, or steal data easily. 

APIs threaten cloud data security because most enterprises don’t have the: 

*   proper access controls
*   real-time visibility 
*   robust data security policies

**Managing APIs is Complex  **

Enterprises use 15,564 APIs on average. API use has grown exponentially within enterprises in the past year at 201%. Larger enterprises use an average of 25,592 APIs.

This makes it difficult for developers to monitor, manage and secure all their APIs. The lack of centralized visibility further augments this challenge. 

As a result, several vulnerabilities and security weaknesses arise. These unmanaged shadow APIs enable attackers to perform cloud hacking easily. Here are some examples of such vulnerabilities: 

*   SaaS misconfigurations 
*   Disabled security controls 
*   Unauthenticated endpoints 
*   Disabled logging and monitoring 

**API Security Myths Cause Poor Security Posture **

Some of these API security myths are:  

*   Port-based blocking works 
*   Signature-based techniques are enough to secure APIs
*   Firewalls, API gateways, and IAM tools are enough to secure APIs 
*   Single, automated tools work effectively against API threats. For instance – next-gen WAFs and Intrusion prevention systems (IPS)

But the reality is starkly different. You need multi-layered, comprehensive API security solutions that combine 

*   Next-gen WAF
*   API-specific rules 
*   Global threat feeds
*   Real-time, centralized visibility 
*   Advanced Bot and DDoS mitigation
*   Self-learning AI, automation, and analytics
*   Behavioral analysis to detect malicious behavior
*   Expertise of certified security professionals to address more complex issues 

Only such solutions ensure that you don’t get blindsided by exposed APIs.

**Conclusion **

Cloud hacking caused by exposed APIs is a big problem for your business. It causes multiple layers of damage to cloud security. Avert these damaging consequences by hardening your API security.

Choose solutions like **Indusface API Protection** for real-time, context-aware, data-aware, fully managed security. 

1.  Explaining Cloud Native Application Security
2.  What are the future prospects of a Cloud architect?
3.  Secure Email Gateway Vs. Integrated Cloud Email Security

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Cloud Hacking – Why API Remains the Biggest Threat?

By Deeba Ahmed
RapperBot malware is known for brute-forcing SSH servers that can accept password authentication.
This is a post from HackRead.com Read the original post: New RapperBot malware targets gaming servers with DDoS attacks

Fortinet FortiGuard Labs researchers discovered new samples of RapperBot malware, indicating that threat actors are building a botnet to launch crippling distributed denial of service attacks (DDoS attacks) against game servers.

The malware was reported previously in FortiGuard’s article- So RapperBot, What Ya Bruting For?

FortiGurad’s researchers Joie Salvio and Roy Tay noted a drop in the number of samples circulating in the wild in August 2022 from when it was first discovered. They identified new samples from October using the same unique C2 protocol RapperBot malware used earlier. For your information, RapperBot malware is known for brute-forcing SSH servers that can accept password authentication.

This malware is different because it can perform Telnet brute-force apart from supporting DoS attacks through the Generic Routing Encapsulation (GRE) tunneling protocol and UDP floods targeting game servers that run Grand Theft Auto: San Andreas.

The Telnet brute-forcing code is developed for self-propagation. Researchers noted that the Mirai botnet inspires the RapperBot malware since the Telnet code resembles the Mirai Satori.

It is worth noting that Mirai’s source code was leaked in October 2016, and since then, many different variants of Mirai have emerged.

Researchers at FortiGuard are certain that the samples are created for a brand-new DDoS campaign against game servers. It may also be the reappearance of a similar campaign detected earlier in 2022. This new campaign is much different from the older RapperBot campaign detected in February 2022, which later disappeared in April.  

Fortinet researchers wrote in a blog post that the malware could only target appliances running PowerPC, ARM, SH4, SPARC, and MIPS architectures. It can quickly halt its self-propagation mechanism if they are run on Intel chipsets.

> “Based on the undeniable similarities between this new campaign and the previously reported RapperBot campaign, it is highly likely that they are being operated by a single threat actor or by different threat actors with access to a privately-shared base source code.”
> 
> Joie Salvio and Roy Tay – FortiGurad

Top/Featured Image: PixaBay – Victoria\_Watercolor

1.  **Major EU country hit by crippling DDoS attacks**
2.  **Iran’s Largest Steel Producer Hit By Crippling Cyberattack**
3.  **Two major flight tracking services hit by crippling cyberattacks**
4.  **European Banking Authority victim in MS Exchange Server hack**
5.  **Fake WHO Emails on COVID-19 Dropping Nerbian RAT Across Europe**

New RapperBot malware targets gaming servers with DDoS attacks

By Deeba Ahmed
The extension will support all EVM chains and Solana.
This is a post from HackRead.com Read the original post: Trust Wallet Launches Browser Extension Wallet for Desktop

Binance’s Trust Wallet has launched a new browser extension wallet. The world’s leading multi-chain wallet provider’s brand-new extension for desktops will support all EVM chains and Solana. It will provide an enhanced dApp experience to users as they can explore things beyond CEXs (centralized exchanges).

**Trust’s Browser Extension Wallet Details**

This wallet is compatible with Chrome, Opera, and Brave browsers and syncs with Trust Wallet’s mobile wallet. For your information, Trust’s mobile wallet is one of the best mobile crypto wallets in the world, with over 60 million downloads. It receives ten million active users per month, which indicates its global appeal.

As per Trust Wallet CEO Eowyn Chen, users had been requesting for Browser extension with the same quality of experience as they receive on the Trust Wallet Mobile App, including multi-chain coverage. The company tried to empower users regarding the choice of device when accessing the wallet, which led to the development of the new browser wallet.

“This is our initial step, and we will listen to users’ and developers’ feedback to improve,” Chen noted.

Trust Mobile Wallet features such as multi-wallet support, fiat on-ramp and NFT support, and non-EVM blockchain integrations will be added to the new browser extension apart from unique features like hardware wallet support.

**What’s in it for Users?**

Both mobile and desktop versions of the wallet would offer enhanced Web3 accessibility and a seamless wallet experience across the two environments. It enables users to securely store, send/receive, and manage data easily.

The desktop browser extension wallet would let users receive more than eight million tokens across Solana and all available EVM chains, such as Ethereum, Polygon, BNB Chain, and Avalanche. Users can also custom-add EVM chains. It is worth noting that non-EVMs will also be added in the future.

Furthermore, the wallet extension is expected to improve the multi-chain user experience. With network auto-detect, users will enjoy a seamless dApp experience without manually adding networks. Eight million tokens are available out of the box to ease the demand for the manual addition of tokens and improve asset traceability.

In short, the new browser extension wallet will offer an optimized dApp experience so that users “effectively discover things beyond centralized exchanges (CEXs), like Web3 gaming, metaverse, DeFi, tokens not found on CEX, and more,” the company’s press release explained.

1.  Ankr Launches Chainscanner Blockchain Explorer Tool
2.  Improving privacy – Alternative browsers and chrome extensions
3.  Can This Browser Extension Really Protect You From Cybercrime?

Trust Wallet Launches Browser Extension Wallet for Desktop

By Waqas
The planned smart device security labeling program spearheaded by the US government will be introduced next year, although…
This is a post from HackRead.com Read the original post: Will a Labeling System Solve IoT Security Challenges?

The planned smart device security labeling program spearheaded by the US government will be introduced next year, although official details about its implementation are not yet available. From home routers to smart cameras, various connected devices are set to get cybersecurity labels similar to the Energy Star labels used on appliances.

The question is this: Can labels really help address the IoT security challenges associated with smart devices? Some compare this IoT cybersecurity labeling plan to the compulsory “nutrition facts” on food products, which does not appear to inspire optimism. The nutrition information on junk food and sugar-rich food products has not discouraged people from consuming unhealthy products. 

Will the same happen to the US government’s device labeling plan? Can cybersecurity labels drive consumers towards highly secure gadgets, or will they just go on with their usual buying habits, wherein product availability and prices are usually the most important purchase decision-driving factors?

The answers to these questions can be explained more intuitively by discussing smart device and IoT security challenges and presenting the proposed or expected benefits of the cybersecurity labeling program.

**Challenge 1: Lack of visibility**

More often than not, Internet of Things (IoT) manufacturers do not have any system for monitoring their products. Once their devices move to the hands of customers, they no longer exert any effort to check if their products require security updates or patches to address malfunctions and security vulnerabilities. They do not have a system to keep track of changes or product activity histories that can be used to determine the root cause of issues and provide the necessary remedies.

This lack of visibility suggests that products are unlikely to be secure. It is an important fact that should be taken into account when examining the cyber threat readiness of certain smart devices, something that can be reflected in the proposed IoT labeling program.

**Challenge 2: Reactive approach to zero-day threats**

A big majority of IoT and smart device manufacturers do not include the anticipation of zero-day threats as part of their product security strategy. Primarily reactive, their sole solution to threats is security patching, which is useless against zero-day threats. It takes time to develop and release a security patch in response to newly discovered vulnerabilities. It takes even longer for the patches to be applied by the device owners.

Before the security patch is installed, it is likely that threat actors have already managed to exploit an unpatched vulnerability and inflicted damage that could have been preventable. IoT makers need to consider employing cybersecurity solutions that are proactive instead of reactive. Examples of these are simplified network access controls (NAC), web application firewalls (WAF), and extended detection and response (XDR).

This does not mean that security patching is no longer necessary. It is still an important part of securing smart devices, but there have to be ways to address zero-day or newly emerging unidentified threats.

IoT cybersecurity labeling can be used to indicate if specific IoT devices or smart gadgets have proactive security versus zero-day threats. Regulators will be obliged to examine the protection systems baked into devices or their ability to integrate with the proactive cyber defense solutions employed by organizations.

**Challenge 3: Open source and third-party vulnerability exposure**

Many IoT device makers do not develop from scratch their own firmware or the basic software installed in their devices. This is particularly true for mass-produced generic devices that flood the low-cost electronics retail industry. These unknown brands or generic devices rely on open-source or third-party software libraries for their authentication, communication, encryption, and other fundamental functions.

One report indicates that around 84 percent of codebases have components that contain known security vulnerabilities. This figure should alarm those that patronize cheap IoT and smart devices for various purposes. A significant number of “successful” cyber attacks on IoT devices are attributed to open-source and third-party. This makes cyber attacks easier for cybercriminals, as the knowledge of the specific devices used by an organization could be all they need to come up with an efficient attack strategy against specific businesses or organizations.

Cybersecurity labeling for IoT devices can help address this problem by alerting prospective smart device buyers about the possible security flaws or defects of the software in the products they are considering. Regulators can keep a comprehensive and growing guide on all open-source and third-party software security flaws.

**Challenge 4: Performance over security**

IoT devices inherently have limited resources, particularly their CPU, RAM, and ROM. As such, they cannot pack advanced security software tools, which are generally resource-intensive. It would be difficult to bring together security and performance with all the limitations of IoT products.

Many IoT device manufacturers admit that they purposely take out or cut corners on their security features to ensure that their devices can run relatively smoothly. This results in vulnerabilities that make IoT gadgets even less capable of resisting attacks, especially sophisticated tactics.

The planned nonprofit/nongovernmental organization that will be established to oversee the national cybersecurity certification and labeling activities can evaluate devices to ascertain their cybersecurity readiness. Too many security compromises will be indicated in the cybersecurity label or reflected in the overall score/rank written on the label.

**Challenge 5:  Outdated or obsolete security tools and methods**

Some smart device makers demonstrate some inclination to make their devices safe and secure. However, the tools they install or the approaches they undertake may no longer be applicable to the current threat ecosystem. They could be using outdated static analysis and vulnerability discovery solutions, which do not help improve the security of their products. There are also those that employ perimeter defense and network segmentation solutions that have notably limited capabilities in detecting and stopping IoT device assaults.

These facts need to be indicated in the proposed IoT cybersecurity label to encourage device makers to update the security solutions they use. If manufacturers refuse to update their security features, customers will know that they will likely be endangering their IT assets or resources by allowing such devices to connect to their network.

**Guide, not a silver bullet**

Will a cybersecurity labeling system be enough to address the challenges that mire IoT and connected smart devices? It can certainly help, but it is not going to be the be-all and end-all solution. There is and will never be a foolproof solution. However, labels can guide customers in making smart choices. If customers still choose devices with low cybersecurity ratings/scores and various caveats, the risk is theirs to take. 

Nevertheless, authorities may use the labels in setting thresholds for the cybersecurity level acceptability of devices that will be allowed in certain settings. By doing this, they can subtly enforce a policy of only using proven secure devices in businesses and government offices.

1.  Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices
2.  IoT Devices Can Be Hacked to Install Ransomware on OT Networks
3.  Millions of IoT devices, baby monitors open to audio, video snooping
4.  Vulnerable Smartphones, IoT Devices: 400% increase in infection rate
5.  Tiny Mantis Botnet Can Launch More Powerful DDoS Attacks Than Mirai

Will a Labeling System Solve IoT Security Challenges?

By Deeba Ahmed
GAM3 awards are dubbed as the Grammys of the Web3 gaming industry.
This is a post from HackRead.com Read the original post: GAM3 Awards: Leading crypto firms and influencers to honor best in Web3 gaming

The leading crypto firms and influencers have collaborated for the inaugural GAM3 Awards. Dubbed the Grammys of the Web3 gaming industry, this event will be hosted by Polkastarter Gaming. It will be held on December 15 to acknowledge the best Web3 games for 2022.

**The All-Star Jury**

Voting will be conducted by an all-star jury, including industry experts and the wider Web3 community. More than 200 Web3 games and game developers/content creators will compete in this event.

There are 16 award categories, which include the coveted Game of the Year title. The jury deciding the winners comprises Fractal founder Justin Kan, Market Across’ managing partner Itaj Elizur, Urvit Goel, Global Games at Polygon Studios’ head, Solana Foundation’s head of technology Matt Sorg, and ImmutableX’s venture and strategy director, Rachel Levin. 

With their decades-long gaming experience, former Square Enix CTO and creator of games like Sonic: Unleashed and Final Fantasy XIV Online, Yoshihisa Hashimoto, ex-Senior Director of Partnerships at Electronic Arts, Edward Chang, and senior leaders at Riot Games, Xbox Game Studios, Electronic Arts, Amazon Gaming, and Unity Technologies. Some of the senior leaders include the following.

*   Sarutobi Sasuke, Head of Partnerships at YGG
*   Dan Patterson, General Partner at Sfermion
*   Brendan Wong, CEO at Avocado DAO
*   Jesper Lindquist, Senior Manager Web3 Gaming at Animoca Brands
*   Marco van den Heuvel, Co-Founder & CEO at Merit Circle
*   David Hanson, Founder & CEO at Ultra
*   John Izaguirre, BD Director at BNB Chain
*   Abhimanyu Kumar, Co-Founder at Naavik
*   Nathan N., Co-Founder at Ancient8

The jury consists of mainstream Web3 ecosystem partners, thought leaders, and media outlets to ensure a fair voting process.

1.  The Benefits Of Blockchain In The Travel Industry
2.  What is Blockchain Gaming and its Play-to-Earn Model?
3.  The Advantages of a More Secure and Safer Blockchain
4.  How Blockchain Can Revolutionize Personal Data Storage?

**Event Details**

Polkastarter Gaming will broadcast the event on all platforms simultaneously, including its YouTube, Twitch, and Twitter channels. The event will highlight the best Web3 games. Winners of the GAM3 Awards will receive a share of $300,000 worth of rewards and will gain sponsorships from Blockchain Game Alliance, Immutable X, Machinations, Ultra, Naavik, etc. The event is organized to recognize Web3’s best games and highlight the developers’ hard work in creating quality content.

**Award Categories**

Here is the list of categories for which awards will be issued.:

Action Game, Mobile Game, Adventure Game, Casual Game, RPG, Shooter Game, Graphics, Strategy Game, Card Game, Multiplayer Game, Esports Game, Graphics, and Content Creator.

Apart from that, there will be awards for Game’s Choice, Most Anticipated Game, and People’s Choice. The company stated that new categories would be added in the next edition of the awards.

**Judgment Criteria**

It is worth noting that 90% of the decision will be decided by the jury and 10% by the community, except for Games’ Choice, the winner of which will be determined by industry game studios as they will vote for their own version of the Game of the Year. Moreover, Best Content Creator and People’s Choice awards winners will be solely determined by the community, and their votes will carry 100% weight.

Judgment criteria include core loop, accessibility, graphics, replayability factor, playing experience, fun elements, etc. Eligibility criteria entail integration and utilization of blockchain technology.

GAM3 Awards: Leading crypto firms and influencers to honor best in Web3 gaming

By Deeba Ahmed
Dubbed StrelaStealer, the malware is being distributed through malicious email attachments and targets Spanish-speaking people.
This is a post from HackRead.com Read the original post: StrelaStealer Malware Hijacking Outlook and Thunderbird Accounts

The cyber security researchers at DCSO CyTec have discovered a brand-new information-stealing malware targeting Outlook and Thunderbird emails.

Dubbed StrelaStealer, the malware acts just like any other info stealer and tries to steal data from browsers, cloud gaming apps, cryptocurrency wallet apps, the clipboard, and other sources. However, what’s unique about this campaign is that the malware steals data from Thunderbird and Outlook accounts and targets Spanish-speaking people.

**Attack Chain Analysis**

The malware was detected earlier this month. The attack chain involves sending email attachments to the targeted user. These attachments contain ISO files. When a user clicks on the file, it opens an executable (msinfo32.exe). It then sideloads the bundled malware through DLL order hijacking.

The malicious email used in the campaign

In some cases, the ISO contains a .lnk file (Factura.Ink) and an HTML document that’s a polyglot file (x.html). Such as, when you open an HTML file on a web browser, you will see a text document, and when it is opened via an executable, it installs the payload.

1.  VirusTotal Reveals Apps Most Exploited to Spread Malware
2.  Urlscan.io API Inadvertently Leaked Sensitive Data and URLs
3.  Microsoft Office Most Exploited Software in Malware Attacks
4.  Apple Safari Safest, Google Chrome Riskiest Browser of 2022
5.  Top 10 Android Educational Apps That Collect Most User Data

**How does the Attack Works?**

When the user clicks on the .lnk file, it executes the x.html twice. First, it executes it using rundll32.exe and opens the embedded StrelaStealer DLL. Then it opens the HTML file in the device’s default browser to reveal a decoy document.

While the user is busy checking this document, the info stealer starts its malicious tasks in the background. Such as, it searches for login.json and key4.db in %APPDATA%\\Thunderbird\\Profiles\\ directory for stealing account credentials.

In Outlook’s case, the malware accesses the Windows Registry and steals the software’s key, after which it inspects the IMAP User, IMAP Password, and IMAP Server values. If found, the malware exfiltrates the content to a C2 server controlled by the attacker.

Then it waits for the attacker’s response. If received, the malware quits. If not, it repeats the routine after a 1-second sleep session.

In conclusion, email attachments can be a great way to share information and files with others, but they can also be a source of malware. By following some simple guidelines, you can protect yourself from malicious email attachments.

First, never open an attachment from someone you don’t know. If you’re not expecting an attachment from the sender, be wary of opening it. Second, always scan attachments for viruses before opening them. Many email programs will do this automatically, but if yours doesn’t, there are many free virus scanners available online.

Finally, make sure you have an updated security solution installed on your system. One can also use VirusTotal to scan malicious files and URLs.

StrelaStealer Malware Hijacking Outlook and Thunderbird Accounts

By Waqas
Threat actors are using steganography to hide malicious code in images.
This is a post from HackRead.com Read the original post: GitHub Abused to Distribute Malicious Packages on PyPI in Image Files

The Check Point CloudGuard Spectral Data Science team has detected a new malicious package on the Python Package Index (PyPI) repository capable of hiding code in images using a steganographic technique. The malicious package is infecting users via GitHub’s open-source projects.

The new alert came just days after Python developers were warned of malicious packages swapping out their crypto addresses.

**Detailed Analysis**

According to Check Point, the malicious package was found in the PyPI software repository for the Python programming language and is designed to hide code in images via Steganography, which refers to image code obfuscation.

The actual image used in the attack (Image: Check Point)

The campaign’s modus operandi involves infecting PyPI users through open-source projects revealing that attackers have launched this campaign with thorough planning. It also highlights that PyPI-related obfuscation techniques are continually evolving.

**Malicious Package Details**

Check Point’s blog post noted that the malicious package was named Apicolor. Initially, it appeared just like an in-development package on PyPI, but a deeper probe into its installation script revealed a “strange, non-trivial code section at the beginning,” the advisory read.

(Image: Check Point)

This code manually installed additional requirements and downloaded an image from the web. Then it used the newly installed package for image processing and triggering the processing generated output with the exec command.

An unsuspecting user will access these GitHub open-sourced projects when searching for legit projects on the web and installing them without knowing it fetches a malicious package import.

> “It’s important to note that the code seems to work. In some cases, there are empty malicious packages.”
> 
> Check Point

It is worth noting that this malicious package differs from all previously discovered packages as it can camouflage its capabilities in different ways. Moreover, the way it targets PyPI users are targeted and infected with malicious GitHub imports.

Check Point urges users to use threat code scanners and double-check third-party packages before using them. It is also important to ensure GitHub’s ratings for a particular project aren’t synthetically created.

1.  GitHub: Hackers Stole OAuth Access Tokens
2.  GitHub Repositories Cloned in Supply Chain Attack
3.  Chinese Hackers Hiding Malware in Windows Logo
4.  Infected WAV files install malware, cryptominers on PCs
5.  Hackers spoof commit metadata, create false GitHub repositories

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism