Analysis | Does Bitcoin Boom Mean 'Better Gold' or Bigger Bubble? QuickTake - Washington Post

Analysis | Does Bitcoin Boom Mean 'Better Gold' or Bigger Bubble? QuickTake - Washington Post

Analysis | Does Bitcoin Boom Mean 'Better Gold' or Bigger Bubble? QuickTake - Washington Post

Posted: 20 Dec 2020 08:48 AM PST

1. What exactly is Bitcoin?

It's a form of money that's remarkable for what it's not: It's not a currency you can hold in your hand. It's not issued or backed by a national government. At their core, Bitcoin and its imitators are sets of software protocols for generating digital tokens and for tracking transactions in a way that makes it hard to counterfeit or re-use tokens. A Bitcoin has value only to the extent that its users agree that it does.

2. Where did the Bitcoin system come from?

The original software was laid out in a white paper in 2008 by a person or group of people using the pseudonym Satoshi Nakamoto, whose identity remains unknown, despite several efforts to assign or claim credit. Online fantasy games had long used virtual currencies. The key idea behind Bitcoin was the blockchain -- a publicly visible, largely anonymous online ledger that records Bitcoin transactions.

3. How does that work?

Think about what happens if you make an online transfer using a bank. It verifies that you have the funds, subtracts that amount from one spot in a giant database it maintains of accounts and balances, and credits it in another. You can see the result if you log on to your account but the transaction is under the bank's control. You're trusting the bank to remove the right amount of money, and the bank is also making sure you can't spend that money again. The blockchain is a database that performs those tracking functions -- but without the bank or any other central authority.

4. Who performs the bank function for Bitcoin?

It's done by consensus on a decentralized network. Bitcoin transactions can be made through sites offering electronic "wallets" that upload the data to the network. New transactions are bundled together into a batch and broadcast to the network for verification by so-called Bitcoin miners.

5. Who gets to be a miner?

Anybody, so long as you have really fast computers, a lot of electricity and a desire to solve puzzles. The transaction data in each batch is encrypted by a formula that can be unlocked only through trial-and-error guessing on a massive scale. The miners put large-scale computing power to work as they compete to be the first to solve it. If a miner's answer is verified by others, the data is added to a linked chain of blocks of data and the miner is rewarded with newly issued Bitcoin.

6. How does the system prevent cheating?

Because every block contains data linking to earlier blocks, an attempt to spend the same Bitcoin twice would mean revising many links in the chain. Plus, as miners compete, they verify each other's work each step of the way.

7. Who buys and uses Bitcoin?

Bitcoin used to be the domain of Libertarians and drug dealers. Not any more. By now prominent money managers like Mike Novogratz and Alan Howard have invested hundreds of millions of dollars in Bitcoin and other cryptocurrencies. A survey Fidelity Investments conducted earlier this year found that 36% of institutional respondents held crypto in their portfolios. More than six out of 10 expressed interest in Bitcoin and other cryptocurrencies, up from fewer than half in 2019. Amid recent meteoric price appreciation -- Bitcoin has almost tripled in 2020 -- retail investors are getting in on the game, too, with many new users jumping into crypto this year.

8. Why is Bitcoin's price rallying like crazy this year?

Long-time Bitcoin fans point to the so-called halvening that happened earlier this year, and cut in half the amount of new Bitcoins issued to miners for verifying transactions. Halvenings happen every three to four years. Because they limit the growth of Bitcoin, they are typically followed by rallies (often followed by deep crashes). At the same time, the entry of institutional investors, buying up hundreds of millions of the currency, has also pushed the price up.

9. What's the appeal for investors?

Zero and negative yields on traditional assets are driving hedge funds and even companies like MicroStrategy to pour cash into Bitcoin, which while being highly volatile has appreciated substantially over the long term. While nay-sayers have long said that Bitcoin's value will go down to zero, many have recently had to revise their thinking -- simply because enough people seem to believe in Bitcoin.

10. Why is Bitcoin compared to gold?

As a scarce resource, gold has traditionally been a hedge against inflation. Governments can speed up their treasuries' printing presses and thereby debase their currencies, but miners can't flood markets with gold, goes the thinking. Part of Bitcoin's appeal lies in the fact that it isn't controlled by governments or their monetary policies, and that its supply is limited even more strictly than gold's: halvenings help slow down the mining of new coins and production will cease entirely at 21 million coins. With the vast spending by governments and central banks in response to the pandemic raising fears of inflation after economies recover, more attention than ever is being paid to Bitcoin as "digital gold," even as inflation remains muted.

11. What's happening with institutional investors?

They seem to be feeling more comfortable wading into Bitcoin in part because of better safeguards. The U.S. Treasury Department, for instance, has proposed requiring banks and other intermediaries to maintain records and submit reports to verify customer identities for certain cryptocurrency transactions. Over the past few years, Bitcoin has also developed a more substantial financial infrastructure. There are custody and trading services -- with proper licenses and credentials -- that cater specifically to the large regulated investors.

12. So is this another bubble, or is Bitcoin really digital gold?

That's still unclear. As quickly as institutional investors got into it, they could get out of Bitcoin, pushing down prices dramatically: Bitcoin is still a thinly traded market, where so-called whales, controlling large quantities of coin, hold huge sway. In fact, ownership concentration in Bitcoin has increased during the latest rally, since July, with about 2% of anonymous accounts that can be tracked on the coin's digital ledger called blockchain controlling 95% of the available supply, according to researcher Flipside Crypto. A whale's exit -- a more likely event now that Bitcoin is the domain of not just believers but also pragmatic financiers -- can send ripples throughout the ecosystem, and pop the bubble.

13. Could another cryptocurrency supplant it?

As the number of cryptocurrencies and tokens continues to multiply -- they now reach into the thousands -- Bitcoin remains the best-known, time-tested and valuable. It's also the one coin that's considered to be a potential store of value. Others, such as Ethereum, are used for other things, such as issuing tokens for use in decentralized finance applications. While a digital-gold alternative could yet emerge, it's increasingly looking unlikely.

14. How can I buy Bitcoin or invest in it?

There are a bunch of ways, all with different risks. People can buy the coins directly from exchanges like Coinbase. Accredited investors can also invest in vehicles like the Bitcoin Investment Trust, which tracks Bitcoin's price. Now investors can buy or sell Bitcoin futures, and soon may be able to buy Bitcoin exchange-traded funds, once regulators feel comfortable with the idea. But be warned: Even plenty of people who believe in Bitcoin's future think some wild rides lie ahead. The big runup in Bitcoin's price back in 2017 was followed by an 83% rout that lasted a year.

©2020 Bloomberg L.P.

AWS re:Invent 2020: AWS Community Builders Program Top Highlights - hackernoon.com

Posted: 20 Dec 2020 02:02 AM PST

Author profile picture

@BrianHHoughBrian H. Hough

Brand Strategist | Designer | Web Developer | Software Engineer | 4X Global Hackathon Winner

Since becoming an AWS Community Builder on the Data, Databases & Analytics team this Fall, I have often explained the experience to friends, family, and colleagues as one of drinking water from a fire hose. I had known that cloud computing was rapidly transforming how we build, develop, and deploy software, but I did not know what this pace felt like at center of a company like Amazon Web Services.

AWS' Community Builders program is fantastic for so many reasons, but specifically in how they offer technical resources, mentorship, networking opportunities, and exclusive trainings to a global team of AWS enthusiasts, emerging thought leaders, and developers.

From learning about how to deploy AI/ML models in the cloud with SageMaker and DeepComposer, to securely encrypting and storing data in the cloud, this community continues to inspire and push each other to new heights. It might not be possible to learn everything, but we all certainly try as Community Builders 😊

Especially working from home and being remote, there's no better use of extra time than these types of "drinking water from a fire hose" experiences, such as going to AWS' re:Invent virtual conference this year. The entire programming was seamless and I was blown away but the ingenuity, precision, and organization that went into planning the conference. The AWS team and their sponsored partners have done a standout job of making the virtual experience welcoming, collaborative, and interactive — something that is quite hard to coordinate in a remote setting.

I have received so much value from the sessions I attended over the past few weeks and I wanted to share the highlights for anyone who might be interested in learning more about devops, the cloud, serverless computation, and app development.

Let me know what you think and learned about from these sessions! 👇

🌟 Building for the Future with AWS Databases

Shawn Bice — Vice President, Databases, AWS

Key lessons included:

  • Data is at the center of all apps, software, and systems; and because of this, companies must use data effectively and efficiently to build a foundation for future innovation.
  • With a strong data foundation, you stand the best chance to overcome the unexpected and innovate in new ways as the future continues to digitally transform.
  • Considering the transition from on-premises systems to the cloud, it used to take months to get hardware to experiment with ideas or building a monolith application couldn't be easily serviced or scaled, and infrastructure sizing mistakes could delay projects by months. Thanks to the cloud, data architectures and systems can be experimented and iterated on near instantly, at scale.

🌟  Getting Started with AWS Identity Services

Becky Weiss — Senior Principal Engineer, AWS

Key lessons included:

  • An authentication and authorization strategy should include an (1) organization that corresponds to the customer; (2) a management account that pays the bills for these accounts; and (3) identity and access management via service control policies.
  • Someone is authenticated via AWS' IAM (identity access management) service which includes two kinds of principles: IAM users and IAM roles.
  • You can get started right away with AWS' Single Sign-On solution (SSO), which will let you create a user pool directly in your AWS environment

🌟 How LEGO.com Accelerates Innovation with Serverless

Sheen Brisals — AWS Serverless Hero & Senior Engineering Manager, The LEGO Group, AWS

Key lessons included:

  • By LEGO implementing the circuit breaker pattern with AWS Step Functions, the company can manage failure message replays with state machine.
  • LEGO uses Amazon EventBridge to send back-in-stock notifications right to the customer, thanks to the power of AWS and the cloud.
  • A single EventBridge event contains multiple feedback events, allowing LEGO to email feedback event streams with batching.

🌟 How Disney+ Scales Globally on Amazon DynamoDB

Mark Roper — Senior Product Manager, DynamoDB, AWS

Attilio Giue — Director of Content Discovery, Disney+

Key lessons included:

  • Disney+ is one of the world's largest online video streaming platforms, and delivers its near limitless library of digital content to over 60.5 million subscribers, thanks to Amazon DynamoDB.
  • Disney+'s Content Discovery team leverages DynamoDB global tables to scale and deliver features like Continuous Watching, Watchlist, and Personalized Recommendations because of AWS' easily scalable database structures in the cloud.
  • DynamoDB allows the global Disney+ team to enable regional expansions of content and provide this content on-demand instead of a solely provisioned mode.

🌟 The Pragmatic Cloud Developer

Colm MacCárthaigh — Senior Principal Engineer, AWS

Key lessons included:

  • Infrastructure is not the thing — it is just a means to the thing. It is the fundamental blueprint to build the house, but we cannot lose sight of the house that we still need to build.
  • The trade-offs to consider as builders and developers are four key parameters that we must balance: (1) availability, (2) scalability, (3) productivity, and (4) cost.
  • So what makes the most sense to focus on? Colm recommends focusing on: security scanning and patching; working backups and tested restore; resilience and redundancy; and serverless.

🌟 Using Amazon QLDB as a System-of-Trust Database for Core Business Apps

Eric Kramer — Principal Product Manager, AWS

Key lessons included:

  • Amazon QLDB is applying an immutable and distributed process for data provenance and cryptographic verifiability for implementing systems of records with data integrity and verification as a priority.
  • With Amazon QLDB, business applications can leverage scalability (event-driven distributed systems), flexibility (flexible document data models for NoSQL and document databases), consistency (relational database transaction processing), and built-in data integrity (for immutable append-only databases for blockchain and cryptography).
  • Thanks to an immutable ledger database, business applications can leverage auditing databases, event sourcing, transactional systems of records, and an alternative to blockchain to store cryptographically verifiable state and changes with a centralized authority model.

🌟 AWS 2020 Modernization & DevOps Jam

Hosted by Data Dog, VMware, and Netapp

Key lessons included:

  • AWS CodePipeline provides visibility across your application code with numerous stages, such as source, analyze, and build. DevOps can play an important role in the systems of your production workload; for example, enforcing linting practices in the pipeline without increasing build time.
  • For an e-commerce company that is entirely serverless via containers that spans multiple components and microservices, a platform like Datadog can identify and isolate issues within the application and infrastructure to mitigate errors, identify server-side and client-side DNS issues, and more.
  • It can be all too easy to blame the network, but with a platform like VMware's NSX Advanced Load Balancer, you can identify issues within your application, increase its resiliency quickly and easily, all without ever taking the application down for maintenance.

🌟 How Venmo Responded to the Demand for Contactless Payment on Amazon Aurora

Nick Ciubotariu — CTO, Venmo
Pubali Sen — Senior Solutions Architect, AWS

Key lessons included:

  • Venmo is a born-in-the-cloud payment platform running on AWS, and as an early adopter of cloud-based technologies, this helped the innovative company fast-track its business use cases.
  • Venmo's payment volume has grown 9X over the years and is supported by Amazon Aurora's ease-of-use and seamless scale for its 6 TB+ of data while enabling up to 1,000 TPS.
  • Thanks to AWS database solutions (Amazon VPC, EC2, S3, Aurora, Transit Gateway, AWS WAF, DynamoDB, Lambda, EventBridge, SQS, Kenesis, and Amazon EMR to name a few), Venmo is able to pilot new features lightning-fast, stream users' data directly to them, and bring their ingenious contactless payment features to production sooner and with less administrative work.

🌟 AmazonDynamoDB Advanced Design Patterns

Rick Houlihan — Senior Practice Manager, AWS DynamoDB

Key lessons included:

  • Global tables are an ideal use-case for high volume replication and low latency replications.
  • Summary analytics are key for streams and Lambda aggregation methods. DynamoDB Global Replication is fully managed, active-active, and multi-region that enables cross region replication in less than 2 seconds.
  • A technique that can reduce costs is write sharding for selective reads. Partition / shard key is used for building an unordered hash index and this allows tables to be partitioned for global scale.

🌟 Deep Dive on PostgreSQL Databases on Amazon RDS

Jim Mlodgenski — Senior Database Engineer, AWS

Key lessons included:

  • If you're looking for a database to use in your software, PostgreSQL is an open-source technology that's rapidly growing in popularity due to its abundance of features, vibrant community, and compatibility with commercial databases used today.
  • Amazon RDS (Relational Database Service) is a managed regional database that can plug into numerous database engines — such as Amazon Aurora, MySQL, PostgreSQL, MariaDB, Microsoft SQL Server and Oracle — providing you with easy administration, availability and durability, performance and scalability, and security and compliance.
  • Amazon Aurora with PostgreSQL compatibility fully leverages AWS services to give you 2-3x better throughput on the same instance sizes, scalability of up to 128 TiB, and highly-available durability and fault-tolerant storage across 3 availability zones.

🌟 Building Post-Quantum Cryptography for the Cloud

Alex Weibel — Senior Software Engineer, AWS Cryptography, AWS

Key lessons included:

  • Post-quantum cryptography is needed because the key agreement algorithms we use today will break given a quantum adversary and we don't know precisely when (or if) that will happen. We always need to be prepared.
  • It takes 10-15 years of work for algorithms to work their way from invention to standardization in the encryption space. The work being conducted now will curve the need to rush the development of encryption algorithms in the future.
  • AWS is already working on and promoting the use of hybrid key agreements in the ETSI (European Telecommunication Standards Institute) and advocating for it in forums with NIST, as well as deploying hybrid post-quantum TLS to their most security-critical services, like AWS Key Management Services.

I'm curious to hear from others who attended re:Invent this year about what their favorite lessons learned were. From serverless app development to databases, AWS created multiple tracks to ensure that anyone, no matter their interests or backgrounds, could dive into the exciting world of serverless technology.

Let me know below or at @BrianHHough on social media what you enjoyed most about the past few weeks at AWS' re:Invent conference!

Originally published on the AWS Community Builders Blog

My name is Brian H. Hough and I am a branding strategist, UI/UX designer, and software engineer with a passion for innovation. As an AWS Community Builder and 4x global hackathon winner, I love sharing how technology can change the world and increasing accessibility into the industry so others can too.

If you got value from this article, please LIKE 👏 and SHARE ↩️ this post with your network, as well as FOLLOW 📲 my Twitter, Instagram and LinkedIn accounts for further insights on technology, innovation, and our digital world.

Also published on Dev.to

Related

Adf image

pre-emoji story

4 reactions

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.

How to maintain online payment security in your B2B portal - Finextra

Posted: 20 Dec 2020 08:20 AM PST

The modern business-to-business merchants are actively embracing online retail to step up their game. Relying on B2B portal development, they build solutions that bring together business customers from around the globe, supporting a convenient and personalized purchasing experience.

On the downside, the shift to ecommerce aggravated the issue with payment security. Business-to-business transactions have always enticed the underworld, and digitization put these transactions within reach of adept cybercriminals. As a result, the B2B online payment fraud rate runs high: last year, 81% of organizations became targets of attempted or successful fraud attacks, as reported by the Association for Financial Professionals in the 2020 Payments Fraud and Control Survey.

To get to the money or sensitive payment data, hackers leverage a wealth of attack techniques, from DDoS and malware to social engineering. They exploit vulnerabilities in web portal software, payment gateways, and networks or a lack of security awareness of transaction parties. In this article, we outline sustainable security measures to help you reinforce your B2B marketplace protection against the ever-evolving cyber-threats related to online payments.

Refine identity and access management

Identity and access management (IAM) is the baseline network and data security practice that many online business owners know and respect. However, hackers are finding increasingly more ways to bypass the common IAM mechanisms (role-based access, privileged accounts, and so on) with malware, metadata manipulation, or social engineering schemes. To thwart these attacks, B2B portal owners need to ramp up their IAM toolkit.    

Begin by shifting away from the insecure password-based authentication method to embrace the more advanced multi-factor authentication for customer account access. To reinforce access security in a mobile portal app version, you can turn to biometric authentication methods, such as fingerprint, voice or iris recognition. Advancing your identity verification mechanisms this way, you can prevent unauthorized access to your portal and ensure the legitimacy of every transaction.

Conducting business online, a company has no physical opportunity to ascertain whether their counterpart is who they say they are. Cybercriminals often make use of this flaw, setting up fake accounts and masquerading as business owners to scam companies. To nip these fraud attempts in the bud, adopt the Know Your Customer procedure.

KYC originated in the banking sphere and today is actively leveraged in ecommerce to confirm the company's identity before partnering with it. In the context of B2B ecommerce, the procedure involves the submission of documents and other types of information that confirm the customer's identity and solvency. Modern KYC solutions can streamline the identification process, automatically checking the submitted information against numerous publicly available databases.

Set up ongoing activity monitoring

Web portal activity tracking is widely considered an instrument belonging to the marketing toolkit, but its potential is broader than that. When applied for payment security reasons, activity monitoring mechanisms help detect upcoming security threats that can't be detected by antivirus or anti-malware tools.

First and foremost, it is a good practice for security specialists to keep track of the day-to-day B2B portal performance via a web analytics tool. This will allow them to timely notice abnormal or suspicious user activity that may or may not be a security attack. Regular activity monitoring is particularly helpful for forestalling various types of DDoS attacks that aim to disrupt the portal traffic by flooding system bandwidth with multiple requests.

Beyond that, companies that process credit card payments must track access to network resources and cardholder data under the PCI Data Security Standard. Due to the sheer volume and frequency of operations, this activity is commonly automated with an audit trail system. The software will log each customer's event and its type, time and date, whether the operation was successful, and other details. By reviewing the logs (the recommended frequency is once a day), the merchant can pinpoint unauthorized access attempts and other fraudulent activities and investigate them.  

Embed payment tokenization

Credit card stealing malware is running wild on the internet. Typically, this malicious software injects itself or is injected by hackers into the retail portal source code and siphons off credit card data and other sensitive information.

In the recent past, more than two million websites fell victim to the prolific Magecart spyware, with such high-profile merchants as British Airways and Ticketmaster among them. Even though the global business community is aware of Magecart, the spyware still manages to get past online merchants' defenses. The reasons for this differ from the rapid attack innovation to insufficient monitoring coverage, but one thing is clear: to stay on the safe side, you need to set up an additional level of protection over customer payment data.

Tokenization, or the replacement of sensitive data with an algorithmically generated number called a token, has been recently gaining traction among online merchants, edging out encryption as a cost-efficient and secure option. Tokens are not the same as encoded payment card information; instead, it is a numeric map explaining the bank where the card owner's data is stored. During a tokenized transaction, the token is authorized in the credit card network and is matched to the customer's account number. After the bank allows the payment, the token is returned to the merchant for future transactions.

Unlike the encrypted data, a token can't be mathematically reversed and is readable only by payment processors, meaning that hackers will have little use for it even if they somehow intercept the transaction. In addition to payment security, tokenization can also help lessen the burden of PCI DSS compliance and decrease the B2B portal security maintenance costs.  

Promote security awareness

In the modern B2B ecommerce security landscape, social engineering scams proliferate along with technical attack strategies. Leveraging simple methods of psychological manipulation, criminals coax employees to perform certain actions or give away sensitive payment information about customers.

This year saw an alarming rise in the business email compromise type of phishing attacks. Impersonating a company's CEO and other high-rank executives in correspondence, hackers persuade the respondent to transfer funds or pay a fake invoice. In the second quarter of 2020, the average cost of a successful BEC attack amounted to $80,183, according to the Anti-Phishing Working Group's Phishing Activity Trends Report.

While anti-phishing software is the necessary protection measure for B2B portals, with the ongoing evolution of attack methods, it doesn't always provide full-scope security. This makes the promotion of security awareness among your staff and customers an indispensable accompanying measure. Corporate security training should be held regularly for employees at all levels, in order to educate them on current social engineering exploits, their mechanisms and consequences, and offer clear instructions on how to respond to such an attack.   

Since both transaction sides can fall victim to social engineering, the security awareness efforts should also extend to your partners, although the format of full-scale security training will not be appropriate in this case. Instead, you need to provide them with informative but unobtrusive educational resources, outline the advantages of investing in security monitoring tools, and inform timely of the relevant emerging attacks.

Wrapping up

The proliferation of payment fraud and security threats make the path to an efficient and reliable B2B portal thornier than ever. By combining tried-and-true practices with emerging technologies and security awareness promotion, a business can build a many-layered security strategy to navigate the modern threat landscape successfully and offer customers a safe experience.

 

Pardon the Intrusion #33: SolarWinds unleashes a cyber storm - The Next Web

Posted: 20 Dec 2020 06:04 PM PST

Subscribe to this bi-weekly newsletter here!

Welcome to the latest edition of Pardon The Intrusion, TNW's bi-weekly newsletter in which we explore the wild world of security.

Earlier this week, several major US government agencies — including the Departments of Homeland Security, Commerce, Treasury, and State — discovered that their digital systems had been breached by hackers in what's fast turning out to be a highly sophisticated supply chain attack.

Such attacks often work by first compromising a third-party vendor with a connection to the true target.

Infiltrating a third-party provider that has access to their customers' networks also vastly increases the scale of an attack, as a successful break-in opens up access to all those businesses that rely on it, making them all vulnerable at once.

In this case, the attackers turned out to SolarWinds, a Texas-based IT infrastructure provider, to inject malicious code into its monitoring tool that was then pushed to nearly 18,000 of its customers as software updates.


SolarWinds counts several US federal agencies and Fortune 500 firms among its clients.

According to cybersecurity firm FireEye, which also appears to have been a victim of the same attack, called it a meticulously planned espionage campaign that may have been ongoing at least since March 2020.

Although there hasn't been any concrete evidence tying the attacks to a specific threat actor, multiple media reports have pinned the intrusions on APT29 (aka Cozy Bear), a hacker group associated with Russia's foreign intelligence service.

It may take months to fully understand the breadth and depth of the hack, but the SolarWinds incident once again highlights the severe consequences of compromising a supply chain.

Of course, supply chain attacks have happened before. What's more concerning here is how little has been done since then to prevent them from happening again.

What's trending in security?

Signal added support for encrypted group calls, the Zodiac Killer cipher was cracked after 51 long years, and a former Cisco engineer was sentenced to 24 months in prison for deleting 16,000 Webex accounts without authorization.

  • The Zodiac Killer cipher was cracked after 51 years. "It was an exciting project to work on, and it was on many people's 'top unsolved ciphers of all time lists,'" said Dave Oranchak, one of the three men who cracked the encoded message. [Ars Technica]
  • Hackers are getting creative with web skimmers designed to steal payment info from users when they visit a compromised shopping website. Researchers found criminal gangs experimenting with storing the malicious code in CSS style sheetsand social media buttons. [ZDNet]
  • GitHub found that security vulnerabilities in open-source projects often go undetected for more than four years before being disclosed. What's more, 17% of all vulnerabilities in software were intentionally planted for malicious purposes. As they say, open-source does not equal secure. [GitHub]
  • Apple and Cloudflare joined hands for a new initiative called Oblivious DNS-over-HTTPS (ODoH) that hides the websites you visit from your ISP. [Ars Technica / Gizmodo]
  • Former Cisco engineer Sudhish Kasaba Ramesh, 31, was sentenced to 24 months in prison for deleting 16,000 Webex accounts without authorization, costing the company more than $2.4 million, with $1,400,000 in employee time and $1,000,000 in customer refunds. [ZDNet]
  • Secure messaging app Signal added support for encrypted group video calls with up to five participants. [Signal]
  • A German court forced encrypted email provider Tutanota to create a backdoor that allows it to monitor an individual's inbox in connection with a blackmail case. [CyberScoop]
  • Just a couple of weeks ago, we learned that the company behind the X-Mode SDK had been selling customer location data to government contractors. Now Forbes' Thomas Brewster has reported how surveillance vendors like Rayzone and Bsightful are siphoning location data from smartphones with the help of tools used to serve mobile ads on third-party apps. [Forbes]
  • Operatives with an Arabic-speaking hacking group, known as MoleRATs, used mainstream technology services like Facebook and Dropbox to obscure their malicious activity and exfiltrate data from targets across the Middle East. [Cybereason]
  • Critical flaws discovered in dozens of GE Healthcare radiological devices could allow an attacker to gain access to sensitive personal health information, alter data, and even compromise the machines' availability. Worse, these devices are secured with hardcoded default passwords that could be exploited to access sensitive patient scans. [CyberMDX]
  • Apple, Google, Microsoft, and Mozilla banned a digital certificate being used by the Kazakhstan government to intercept and decrypt HTTPS traffic, after the country began requiring citizens in its capital of Nur-Sultan to install the certificate on their devices to access foreign internet services as part of a cybersecurity exercise. [ZDNet]
  • The past fortnight in data breaches, leaks, and ransomware: European Medicines Agency, Foxconn, Intel's Habana Labs, Kmart, Kopter, Netgain, Randstand, Spotify, Vancouver's TransLink, UiPath, 45 million images of X-rays and other medical scans, and the personal data of 243 million Brazilian citizens.

Data Point

According to latest stats from the National Vulnerability Database, 2020 saw a record number of reported flaws, with as many as 17,537 bugs recorded during the year, slightly up from 17,306 in 2019.


Over the past 12 months, 4,177 high-severity vulnerabilities, 10,767 medium-severity vulnerabilities, and 2,593 low-severity vulnerabilities were reported. In 2019, there were 17,306 flaws published: 4,337 high-severity, 10,956 medium-severity, and 2,013 low-severity vulnerabilities.

That's it. See you all in two weeks. Stay safe!

Ravie x TNW (ravie[at]thenextweb[dot]com)

Read next: Christmas is better with Tom Vasel's YouTube board game reviews
-

Comments

Post a Comment

Popular Posts

Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian

Image
Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian Posted: 13 Oct 2019 06:58 AM PDT Anne Sacoolas, the wife of a US intelligence official who was involved in the road collision that killed 19-year-old Harry Dunn, has agreed to meet with his grieving parents and cooperate with a British police inquiry. But amid continuing questions over her right to diplomatic immunity, it is not clear if she will return to the UK to fulfil a promise to answer police questions about her role in the car crash. The reversal of position on a meeting appears to have come after lawyers specialising in diplomatic immunity started to advise Dunn's parents last week, leading them to say they would pursue Sacoolas in the US courts for a civil claim. Mark Stephens, one of the legal specialists advising the parents, told the Guar...
Read more

Top 100 cool tech gadgets you can't miss - Queensland Times

Image
Top 100 cool tech gadgets you can't miss - Queensland Times Top 100 cool tech gadgets you can't miss - Queensland Times Posted: 21 Nov 2020 08:22 PM PST From 5G smartphones and next-gen consoles to gadgets designed to listen to your heart, straighten your hair, light up in your hand, capture your memories and keep you connected, technology is playing a bigger role in our lives than ever this year. Analysts say the trend is likely to continue under the Christmas tree with a bumper list of shiny new devices launched mere weeks before the big day, and some so popular they are selling out in record time (good luck, PlayStation 5 buyers). To take the pain out of finding the best devices for your friends, family and yourself, we've rounded up the top 100 tech gifts to add to your cart in 2020, ranging from what you'll need in 2021 to gadgets that will just make life a bit more entertaining. SMARTPHONES SAMSUNG GALAX...
Read more

A Look At Blockchain Smartphones Available Now - I4U News

Image
A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
Read more