Leading Ethereum (ETH) browser extension Metamask reportedly broadcasts ETH addresses to all websites a user visits in its default settings, a GitHub issue submitted on March 20 states. Metamask is a browser extension featured in the Brave browser — compatible with Mozilla Firefox, Google Chrome and Opera — that enables its users to interact with Ethereum-based decentralized applications (DApps). According to the aforementioned GitHub issue, Metamask broadcasts its users’ ETH address to all the websites visited in its default settings, with the post specifying that the ETH addresses are shown in data objects contained in message broadcasts as opposed to …

Israeli fintech companies that work with forex and crypto trading are being targeted by malware, according to a blog post from threat research department Unit 42 of cybersecurity company Palo Alto Networks published on March 19. Per the report, Unit 42 first encountered an older version of the malware in question, Cardinal RAT, in 2017. Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. The software is a Remote Access Trojan (RAT), which allows the attacker to remotely take control of the system. The updates …

On March 7, news broke that Denver is slated to become the second United States jurisdiction to pilot a blockchain-powered mobile voting platform in its upcoming municipal election. Absentee voting will start on March 23 and will run until the Election Day, May 7. The announcement came almost exactly one year after the first initiative of this kind — deployment of mobile voting solution in West Virginia primaries and then midterm elections — was made public in March 2018. Once again, it was the Tusk Philanthropy foundation that spearheaded the effort, while Boston-based technology company Voatz took care of the …

Cryptocurrency mining is reportedly one of the most observed objectives of hackers attacking businesses’ cloud infrastructures, according to a report by AT&T Cybersecurity on March 14. The cybersecurity wing of United States telecoms firm AT&T stated that organizations of all sizes continue to face major crypto mining attacks despite the ongoing bear market. In the new report, AT&T examined the most significant forms of cryptojacking associated with mining attacks on organizations’ cloud infrastructure. AT&T outlined four major cryptojacking tactics used by hackers such as compromising container management platforms, control panel exploitation, theft of application programming interfaces (APIs), as well as …

Cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift. IT news website ComputerWorld reported on this development on March 14. Data released by cybersecurity company Darktrace reveals that cryptojacking attempts increased by 78 percent in 2018, and, according to ComputerWorld, the company also said that this trend continued in 2019. The ComputerWorld article cites Max Heinemeyer, director of threat hunting at Darktrace, commenting on the findings. He reportedly said that since many ransomware victims may be unable to pay a ransom in Bitcoin (BTC) due to technical ineptitude, …

In Japan, the number of hacked Internet of Things (IoT) devices and cryptocurrency networks nearly doubled in 2018 when compared to the previous year. English-language local media Asahi reported on March 7. Per the report, the Japanese Police Agency data shows that an average of 2,752.8 intrusions per sensor per day were detected last year, up 45 percent from the previous year. Furthermore, the data also reportedly shows that almost all of the attacks came from overseas. According to the article, if one considers only cryptocurrency networks and IoT devices, the data shows an average of 1,702.8 intrusions per sensor …

Eugene Kaspersky, the CEO of the cybersecurity giant Kaspersky, stated in a recent interview that “cryptocurrencies are a great idea, but the world is not ready for them yet.” Kaspersky made the statement to financial news website Arabian Business on March 1. Kaspersky elaborated, stating that he believes that in the future — “perhaps in a 100 years’ time” — the world will be united under a single government, which turn will have a single, digital currency. According to the entrepreneur, “the world must be united if we want to have encrypted currencies. At the moment, governments will want to …

About 400 servers running virtualization software Docker were found to be vulnerable to outside exploitation. Most of them were seemingly running Monero (XMR) mining software, cybersecurity company Imperva reports on March 4. A misconfiguration of the vulnerable Docker hosts permits public access to the Docker API, which should only be locally accessible. This misconfiguration, combined with a newly discovered vulnerability, allows attackers to obtain administrator rights on the server and install software of their choice. Since a hacker could install any software this way, the vulnerability doesn't only permit cryptojacking, but also the installation of any other malware or use …

Big Four consulting and auditing company PwC has linked Iranian nationals behind Bitcoin (BTC) ransomware scheme SamSam to the crypto exchange WEX in a recent report published in February. The report is based on information that was previously disclosed by the United States Department of Justice (DoJ). As per the DOJ, two Iranians — Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri — were responsible for creating SamSam. SamSam is a ransomware demanding Bitcoin that reportedly damaged multiple U.S. companies, government agencies, universities, and hospitals. Within 34 months the hackers managed to extort over $6 million in Bitcoin and cause …

Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spell checker servers in plain (unencrypted) text. The company refuted the claims in an official statement published on Feb. 27. In the statement, Coinomi claims that, unlike what was reported, the seed phrase transmission was encrypted via SSL (HTTPS), with Google being the only recipient capable of decrypting the message. Coinomi notes that the phrase was only transmitted if the user chose to restore his wallet and only on the desktop version. Finally, Coinomi states that the spell-check requests sent to Google were not …

The Central Bank of Bahrain has issued new cryptocurrency regulation, English-language local media TradeArabia reports on Feb. 25. Before, in December last year, the central bank had issued draft proposals to potentially regulate and license crypto asset services. The new rules reportedly concern licensing, governance, risk management, Anti-Money Laundering and Counter-Terrorist Financing measures, business conduct, conflict of interest avoidance, reporting and cybersecurity. The regulation also establishes new supervision and enforcement standards. Cryptocurrency exchanges licensed by Bahrain’s central bank will now also have to respect guidelines concerning order matching, pre and post-trade transparency, market manipulation and market abuse avoidance, as well …

United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero (XMR) coin mining code. The news was reported by Symantec on Feb. 15. Stealth crypto mining — also know as cryptojacking – works by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Symantec, the firm first detected malicious XMR mining code within eight apps — issued by three developers — on Jan. 17. After Symantec alerted Microsoft, the corporation is reported to …