TikTok launches its new monetization program

andreasc
-
0
TikTok launches its new monetization program
[ad_1]

Tons of people have made TikTok their primary source of income, and the popular video-sharing app is finding new ways for people to do so. After beta testing it started in February, TikTok has unveiled its new monetization program for creators. The company outlined the qualifications for this new program, and they can be tough to reach for beginners.

Previously, TikTok unveiled its Creator fund. Launching back in 2020, the Creator Fund promised to shell out a total of $200 million in incentives for creators. It eventually upped it to a full billion dollars after it kicked off. However, some creators were not impressed, as they would receive pennies on the dollar for videos that grossed millions of views.

The new TikTok monetization program aims to give better incentives to creators

The company announced this (via Engadget) today. If you are an eager TikTok creator, then this is something you can definitely work toward. In order to be eligible for this new monetization program, you will need to be a TikTok Creator based in the United States at least 18 years or older.

It seems like a bold move for TikTok to unveil this new platform in the States. The company is still fighting with the US government to avoid being banned in the states. In any case, TikTok creators can reap the benefits for as long as they can.

However, not all of the content creators will be able to because of the high barrier to entry for this program. In order to qualify for the program, you must have at least 10,000 followers. Also, you need to have raked in at least 100,000 views in the last 30 days. More established TikTokers have already cleared that no sweat. However, people just getting onto the platform will have a long road ahead of them.

There’s another barrier to entry that may dissuade some TikTokers. The videos that are posted must be of good quality. This means that the videos must be high-quality videos of original content longer than 1 minute.

Now, there’s no hard line that defines a quality video; however, there are a few objective qualifiers. For instance, reuploading someone else’s videos is a no-no. At this point, there’s no telling if this new program will pay creators more than the old Creator fund. Only time will tell.


[ad_2]
Source link

Meta security reports reveals hackers using ChatGPT-related software to disguise malware

andreasc
-
0
Meta security reports reveals hackers using ChatGPT-related software to disguise malware
[ad_1]

It’s no secret that the launch of ChatGPT and other language processing models has ushered in a new era of AI tools aimed at making our lives easier. However, according to security researchers at Meta, this public interest in AI has also led scammers and hackers to find new ways of injecting malware into people’s devices by disguising it as ChatGPT-related software.

In the Q1 security report, Meta says they identified at least 10 types of malware families posing as AI chatbot-related software such as web extensions and toolbars. And although these web extensions performed most of the advertised tasks, they secretly installed malware on devices, making detection even more difficult.

The ultimate goal of these fake web extensions is to run unauthorized ads from compromised business accounts across the internet. However, some of them also run the NodeStealer malware strain, which can steal passwords, loot cookies, and login information.

Meta’s stance

In an effort to counter this malicious activity, Meta says they have blocked over 1,000 links to ChatGPT-related malware on Instagram and WhatsApp. Additionally, since these threat actors upload the fake browser extensions to official stores like the Google Web Store, the company has also informed industry peers, researchers, and governments about these links.

Furthermore, Meta will also provide additional support to help any businesses impacted by the malware from these fake extensions and introduce new work accounts which will support existing single sign-on (SSO) credential services from organizations that are not linked to any personal Facebook accounts.

Cybercriminals are always eyeing the next big trend to take advantage of and craft their next attack, and ChatGPT is no exception. However, the fact that ChatGPT does not have an official app or web extension has made it easier for attackers to deceive unsuspecting people and scam them.

“In the months and years ahead, we’ll continue to highlight how these malicious campaigns operate, share threat indicators with our industry peers and roll out new protections to address new tactics,” says Meta.


[ad_2]
Source link

WhatsApp launches new features for polls and captions

andreasc
-
0
WhatsApp launches new features for polls and captions
[ad_1]

WhatsApp is bringing new features to those using polls and captions on its messaging platform. Three new updates for polls are now available for WhatsApp users, as well as a new option to share with captions. Three new changes have been added to the polls feature, each significantly improving productivity and the fun factor.The first one is the ability to create single-vote polls. This new type of poll allows people to vote only once. Poll creators must turn off the “allow multiple answers” option to prevent people from voting more than once.

Another interesting new feature introduced today is the ability to search for polls in a chat window. It makes it easier to find a poll that you decide to answer later. A new option to filter messages by polls is now available in WhatsApp, which is similar to the one that filters photos, videos or links. The new filter can be found by pressing Search on the Chats screen and then choosing Polls.

The third and last update for polls is aimed at poll creators. Notifications will now be sent to poll creators when people vote. In addition, poll creators will now be able to see how many people have voted in total with every notification they receive.

As far as captions goes, WhatsApp announced that users can now share documents with captions. Also, when forwarding any type of media that has a caption, new options are now available to keep, delete or completely rewrite it to provide more details when sharing photos between chats. WhatsApp users will also be able to add a caption to photos and videos when they forward them.

According to WhatsApp, all the new features announced today will be rolled out to users globally in the coming weeks, so be patient if these don’t show for you immediately.


[ad_2]
Source link

The top 8 password attacks

andreasc
-
0
The top 8 password attacks
[ad_1]

Did you know that the very first password attack happened in 1962? At that time, MIT’s CTSS (Compatible Time-Sharing System) was the first to utilize passwords for granting individual access. Allen Scherr, a Ph.D. researcher, wanted to use the CTSS beyond his allocated weekly hours. In order to extend his usage time, he decided to borrow passwords from other people. Scherr managed to obtain all the passwords stored in the CTSS system by submitting a request to print the password files using a punched card.

Nowadays, password attacks have become one of the most significant concerns for both companies and civilians. The Verizon Data Breach Investigations Report has stated that more than 80 percent of web application breaches were due to password-related issues.

With the average person juggling around 100 passwords, it is no wonder that individuals often resort to reusing the same passwords for multiple accounts or creating simple passwords that include easily remembered personal details. This situation presents a veritable playground for hackers as passwords are commonly the sole obstacle preventing unauthorized access to confidential data or accounts.

Since password attacks are a persistent problem, below is a list of the most prevalent types of attacks you may encounter and how to guard against them.

Password attack types

1. Simple brute-force attack

A simple brute-force attack is a method employed by attackers to crack passwords by systematically trying every possible combination of characters. This attack can be laborious and resource-intensive, as it involves going through all possible character permutations until the correct password is identified. 

2. Password spraying

A password spraying attack is a technique attackers use to gain unauthorized access to multiple accounts by attempting a limited number of commonly used passwords across a broad range of usernames. Unlike a brute-force attack, which targets a single account with numerous password combinations, password spraying tries popular passwords across many accounts, reducing the likelihood of triggering account lockouts.

3. Keylogger attack

This type of attack can be executed either by installing malicious software on the user’s device or by using a physical keylogging device connected to the computer. As the user types in their username and password, the keylogger secretly captures the keystroke data, which the attacker can later retrieve and exploit to gain unauthorized access to the victim’s accounts.

4. Credential stuffing 

A credential stuffing attack is a technique in which attackers exploit previously leaked or stolen login credentials to attempt unauthorized access to various accounts. This method relies on the assumption that users often reuse the same usernames and passwords across multiple platforms. By utilizing automated scripts or bots, attackers systematically input the compromised credentials across numerous websites and services, seeking a successful match.

5. Rainbow table attack

During a rainbow table attack, hackers try to crack hashed passwords by leveraging precomputed tables of hash values for possible password combinations. Hashing is a cryptographic method that converts plaintext passwords into a fixed-length, unique string of characters, providing a layer of security. A rainbow table attack allows attackers to bypass this by matching the hashed password with its corresponding plaintext password from the precomputed tables.

6. Social engineering

Social engineering is a manipulative tactic cybercriminals employ to deceive individuals into revealing sensitive information, such as passwords. By exploiting human psychology and trust, attackers pose as legitimate entities or authorities, persuading victims to disclose personal data or grant unauthorized access, often through phishing, vishing, baiting, and tailgating.

In most cases, it is far simpler for an attacker to deceive you into revealing your password than to crack it using technical methods.

7. Man-in-the-Middle attack

A Man-in-the-Middle (MitM) traffic interception attack occurs when a hacker intercepts communication between two parties. By positioning themselves between the sender and receiver, the attacker can eavesdrop, manipulate, or steal sensitive data, such as passwords. Hackers can employ various techniques, including ARP spoofing, DNS hijacking and SSL hijacking, to insert themselves into the communication stream, thus gaining access to the transmitted information without the victim’s knowledge. Typically, these attacks find their way through unsecured Wi-Fi networks or connections lacking encryption.

8. Physical password theft

Requiring complex passwords can tempt users to write them down. Thieves may physically steal passwords by rummaging through desks, snapping pictures of notes, or casually observing password reminders in an office environment. This old-fashioned method of password theft remains a threat in the digital age.

How to protect against password attacks

With countless stolen credentials accessible on the dark web and numerous security reports revealing common passwords, cybercriminals do not need to exert much effort to hack you.

Hackers typically seek easy access for the best return on investment. If they do not achieve results quickly, they will shift to alternative attack methods to infiltrate a system. So, not just on World Password Day but every day, commit to securing your accounts by following the advice below:

Asset-level security measures for admins  

  • Provide cybersecurity awareness training to educate employees on safe digital habits. Foster a security culture, encouraging prompt reporting and periodic reinforcement of best practices.
  • Create password rules prohibiting easy-to-guess passwords, such as incremental patterns or previously breached passwords. Require a combination of numbers, special characters, and upper and lowercase letters in passwords. Set a minimum password length of 14 characters or longer for added security. Block users from reusing their previous username and password combinations.
  • Account lockout should happen after a set number of failed login attempts, suspicious activity, prolonged account inactivity, or evidence of a security breach. Consider creating a blocking algorithm based on other metrics like source IP address, user agent, or cookie value. Consider implementing a time delay between login attempts.
  • Provide multi-factor authentication (MFA) as an option for users.
  • Add CAPTCHA to the login process to increase the time it takes for password attacks and verify that login attempts are made by humans, reducing bot access.
  • Consider using multiple secret questions that are not standard. Ensure that the answers to the questions are not easily guessable or publicly available. It is recommended to periodically update the secret questions.
  • Implement secure self-service password reset (SSPR) practices. This includes verifying user identity, using verified contacts, limiting attempts, and encrypting the reset process with SSL/TLS.
  • Implement extended detection and response. XDR provides a centralized platform for monitoring and responding to security threats across multiple endpoints. Using XDR, you can improve visibility and quickly detect potential password-related attacks.
  • Consider switching to passwordless authentication. Here is a list of some common methods:  
    – Biometric authentication: fingerprints, face or voice recognition.
    – Security tokens: hardware – tokens or one-time passwords generated by a mobile app.
    – Public key cryptography: digital certificates/smart cards.
    – Single sign-on (SSO) via social media accounts or other third-party providers.
    – Magic links or URLs: links that grant access to the account without a password.
  • Use a password management solution. Password management solutions offer a centralized platform to store, generate, and organize user credentials securely.
  • Enforce the practice of regularly changing passwords. The longer a password remains the same, the more vulnerable it becomes to hacking attempts. Additionally, it is crucial to mandate password changes after every data breach.
  • Use salting to increase the difficulty for attackers attempting to crack passwords using rainbow tables.
  • Use a digital loss prevention (DLP) solution. DLP tools mitigate data theft by continuously monitoring and securing sensitive information, including passwords. By employing advanced data classification techniques, DLP systems identify and restrict unauthorized access or transmission of passwords.
  • Use a password generator. Password generators produce complex, random passwords.
  • Delete inactive accounts. Getting rid of excess accounts shrinks hacker targets and curbs password attack success rates. 
  • Consider using IDS/IPS systems. IDS detects password attack patterns, alerting security teams. IPS auto-blocks suspicious login attempts, barring system access.

Individual-level security measures for regular users

  • Avoid reusing passwords. If a casual discussion board you have signed up for gets hacked and you use the same password for a corporate account or an online banking app, you could find yourself in serious trouble.
  • Do not share passwords.
  • Use a password manager.
  • Avoid using common passwords consisting of readable words. Instead, create long passwords with a minimum of 14 characters, or consider using passphrases.
  • Enable Multi-Factor Authentication (MFA) on all accounts and platforms when available. 
  • Use up-to-date malware protection and routinely scan your computer. Ensure that antivirus software is installed on all your devices, including smartphones and tablets.
  • Use a virtual private network (VPN). A secure virtual private network helps protect against man-in-the-middle attacks that aim to steal sensitive information, including passwords.
  • Monitor your accounts and utilize free services like haveibeenpwned.com to check if your mailboxes are associated with recent data breaches.
  • Change your passwords regularly. The longer a password remains unchanged, the more likely a hacker finds a way to crack it.
  • Stay informed about cybersecurity trends and learn how to spot phishing attempts. Examine the ‘From’ line in every email to confirm the sender’s identity matches the expected email address. If in doubt, reach out to the supposed sender to verify they sent the message. Be wary of unsolicited requests for personal information, and always verify the identity of anyone asking for your password or sensitive data. Exercise caution when opening links or attachments from unfamiliar sources.
  • If available, enable biometric authentication on your devices.
  • Utilize a password generator for strong, unique passwords.

Stop hackers gaining access to your passwords

While numerous protective measures are available for both home users and administrators, password attacks often continue to succeed. This is primarily because security can be inconvenient and requires ongoing attention.

Striking a balance between security and convenience is challenging, and many people tend to prioritize convenience over security. However, the potential consequences of losing critical data, facing fines, or even having one’s identity stolen serve as strong motivation for both individuals and organizations to prioritize security measures. By taking a few simple and manageable steps, most hackers can be deterred. To enhance protection, consider implementing additional security layers. 


[ad_2]
Source link

ChatGPT Powered Automated Pentesting Tool

andreasc
-
0
ChatGPT Powered Automated Pentesting Tool
[ad_1]
PentestGPT

GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesitng operations.

PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore.

It is constructed on top of ChatGPT and works in an interactive way to direct penetration testers during general and particular procedures.

To access the PentestGPT Tool, ChatGPT plus member is required as it relies on GPT-4 model for high-quality reasoning, also no public GPT-4 API yet. To support PentestGPT, a wrapper for ChatGPT sessions has been added.

According to GreyDGL, “It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration testers in both overall progress and specific operations.”

PentestGPT is capable of solving simple to moderate HackTheBox machines as well as other CTF puzzles. You could discover this example in the materials we used to tackle the TEMPLATED HackTheBox challenge.

You can check here the sample testing process of PentestGPT on a target VulnHub machine (Hackable II).

PentestGPT Demo:

Here a quick video demonstrated by GreyDGL about how effectively pentesters can use the PentestGPT.

Installation:

Installation

  1. Install requirements.txt with pip install -r requirements.txt
  2. Configure the cookies in config. You may follow a sample by cp config/chatgpt_config_sample.py config/chatgpt_config.py. If you’re using cookies:
    • Login to the ChatGPT session page.
    • In Inspect - Network, find the connections to the ChatGPT session page.
    • Find the cookie in the request header in the request to https://chat.openai.com/api/auth/session and paste it into the cookie field of config/chatgpt_config.py. (You may use Inspect->Network, find session and copy the cookie field in request_headers to https://chat.openai.com/api/auth/session)
    • Note that the other fields are temporarily deprecated due to the update of ChatGPT page.
    • Fill in userAgent with your user agent.
    • If you’re using API:
      • Fill in the OpenAI API key in chatgpt_config.py.
  3. To verify that the connection is configured properly, you may run python3 test_connection.py. You should see some sample conversation with ChatGPT. output is below.1. You're connected with ChatGPT Plus cookie. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-4> ## Test connection for OpenAI api (GPT-4) 2. You're connected with OpenAI API. You have GPT-4 access. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-4 --useAPI> ## Test connection for OpenAI api (GPT-3.5) 3. You're connected with OpenAI API. You have GPT-3.5 access. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-3.5-turbo --useAPI>
  4. (Notice) The above verification process for cookie. If you encounter errors after several trials, please try to refresh the page, repeat the above steps, and try again. You may also try with the cookie to https://chat.openai.com/backend-api/conversations. Please submit an issue if you encounter any problems.

PentestGPT Function:

The handler is the main entry point of the penetration testing tool. It allows pentesters to perform the following operations:

  1. (initialize itself with some pre-designed prompts.)
  2. Start a new penetration testing session by providing the target information.
  3. Ask for todo-list, and acquire the next step to perform.
  4. After completing the operation, pass the information to PentestGPT.
    • Pass a tool output.
    • Pass a webpage content.
    • Pass a human description.

There are 3 modules added with PentestGPT.

  • Test generation module – generates the exact penetration testing commands or operations for the users to execute.
  • Test reasoning module – conducts the reasoning of the test, guiding the penetration testers on what to do next.
  • Parsing module – parses the output of the penetration tools and the contents on the webUI.

You can read the complete details here on GitHub and the top 30 best penetration testing tools.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

EHA

[ad_2]
Source link

Google Authenticator WILL get end-to-end encryption. Eventually.

andreasc
-
0
Google Authenticator WILL get end-to-end encryption. Eventually.
[ad_1]

Google has promised to add end-to-end encryption to Google Authenticator backups after users were warned against turning on the new feature.

Following criticism, Google has decided to bring end-to-end encryption (E2EE) to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication (2FA) tokens to the cloud, but the lack of encryption caused some commentators to warn people off using it.

Google Authenticator is an authenticator app used to generate access codes, called one-time passwords (OTPs). These OTPs are only valid for a short period and are generated on demand. They serve as an additional form of authentication by proving that you have access to the device generating the OTP. Google Authenticator is one of the most well-known authenticators. Although it’s made by Google it’s not limited to Google’s own services, but can also be used with Facebook, Twitter, Instagram, and many more.

On April 24, 2023, Google announced an update across both iOS and Android, which added the ability to safely backup the secrets used to generate OTPs to your Google Account. This allows users to create a backup which they can use if their device is lost, stolen, or damaged. Since OTPs in Google Authenticator were previously only stored on a single device, a loss of that device locked you out of any service where you used it to log in.

Shortly after the new feature was rolled out, Mysk’s security researchers advised against turning on the new feature. They analyzed the network traffic that occurs when the app syncs the secrets, and found out that the traffic was not end-to-end encrypted. This would mean that in case of a data breach or if someone obtains access to your Google Account, all of your OTP secrets would be compromised, and they would be able to generate OTPs as if they were you.

The likelihood of someone stealing the secret seeds from Google’s servers is relatively small, but since it is better to be safe than sorry and one problem less is always good to have, users asked Google to add a passphrase to protect the secrets. This would introduce an extra safeguard that makes them accessible only to their owner.

Google’s primary objection to this method was that it heightens the risk of users getting completely locked out of their own data. Meaning that if you lost your device and the passphrase, you would lose all access to your accounts.

Google Group Product Manager Christiaan Brand tweeted that end-to-end encryption (E2EE) will be made available for Google Authenticator down the line, but they are rolling out this feature carefully.

According to Google, the option to use the app offline will remain an alternative for those who prefer to manage their backup strategy themselves. But, if you want to try the new Authenticator with Google Account synchronization, simply update the app and follow the prompts.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Samsung announces One UI 5 Watch update for improved health

andreasc
-
0
Samsung announces One UI 5 Watch update for improved health
[ad_1]

Samsung today is announcing the next phase of its wearables platform, One UI 5 Watch, an update to the software for its Galaxy Watch line. May is officially National Better Sleep Month, and so Samsung is gearing people up for the occasion by trying to spread awareness about the importance of getting better sleep.

Part of that revolves around highlighting how improving your sleep habits can be a boon to your health. And it’s apparently an ongoing issue with adults in the US. As more than one-third of them get less than the recommended seven hours of sleep a night. The other part of that goal is manifested in Samsung’s upcoming update of One UI 5 Watch. Which will have a big focus on health, and better sleep is a central point of that.

When the update lands on devices, the watch will try to help users improve sleep in a number of ways. The foundation of this approach is by better understanding sleep patterns. With that analyzed data the watch will attempt to assist people in building a healthier set of habits and fostering an environment that’s “more sleep-friendly.” The new software will also be able to provide personalized heart rate zones.

Additionally, Samsung is adding an update to the SOS feature. Going forward, the SOS feature can be set to enabled by default for users who are at “advanced ages.”

The One UI 5 Watch update arrives later this year

These updates definitely sound useful. And if you’re using a Galaxy Watch device, no doubt you want to know when your watch will be updated. There’s good and bad news there. Samsung is rolling this update out later this year to the upcoming Galaxy Watch series devices first.

It doesn’t specify a time, unfortunately. However, it does confirm that other updates will be happening. The company states that future updates will be announced soon. What’s more, you can register for the beta program if you’re using a Galaxy Watch 5 or Galaxy Watch 4.

You will however need to be in the US and access the beta signup program through the Samsung Members app. The signups will start in May.


[ad_2]
Source link

UK tech giant Arm files for US share listing

andreasc
-
0
UK tech giant Arm files for US share listing
[ad_1]

In a recent report, it is becoming clear that the Arm US Securities and Exchange Commission share listing is in the works. This move is coming as a result of the chip design giant’s plans to be more profitable in the coming years. According to the reports, ARM looks to raise over $10 billion by stepping into the SEC share listing.

With the increase in competition within the semiconductor design and manufacturing industry, being profitable is a real struggle. Arm’s close competitors Intel and Samsung both recorded massive losses in their quarterly reports. This mounts more pressure on Arm to make a move to scrape up more income from a stock listing.

The geographic location of the SEC is an ideal spot for Arm to get a listing in their stock market. Back at home, in the UK, Arm isn’t seeing much profit when it comes to the sale of stocks and shares. More information on this listing reveals Arm’s plans regarding its business.

Details on the Arm US Securities and Exchange Commission share listing

This entire process of Arm joining the SEC listing has been a confidential one. For now, the listing is still pending, as Arm has submitted a draft to the SEC and is awaiting a response. But netizens familiar with the semiconductor industry might wonder why Arm wishes to file for the SEC listing.

A major reason netizens might question this move is that Arm is a UK-based company. The Japanese conglomerate, Softbank, purchased the firm back in 2016 for £23.4 billion. Before the purchase, Arm was listed on the stock markets in London and New York.

Back in March, Arm pulled out from its London listing whilst finding more profitable markets. Arm’s pull-out is a result of the fact that the London market doesn’t focus so much on tech firms. This lack of interest is bad for Arm’s business if they are looking out to make a profit from the stock market.

Being listed on the stock market means that the public will be able to take part in Arm’s business. This involves the buying and selling of shares from Arm’s stocks, hence earning the chip-designing firm some cash. But this proved to be a bit difficult in the London stock market, hence the need for Arm to pull out and find more favourable markets.

Well, they didn’t need to look so far, as the US Securities and Exchange Commission (SEC) provides a better market. Arm have submitted their draft registration statement, but there is no information regarding the application’s status. In the coming weeks, more information about this process will be made available by Arm.


[ad_2]
Source link

Waze launches new driving experience with the Jonas Brothers

andreasc
-
0
Waze launches new driving experience with the Jonas Brothers
[ad_1]

Waze has just announced a new collaboration with American pop rock band Jonas Brothers. The music group is about to release its sixth studio album on May 12, so the new partnership is meant to advertise The Album and offer fans a way to celebrate the launch in an original way.

Starting today, Kevin, Joe and Nick will guide Waze users while they’re commuting. Each has witty lines like “Exit Right. And if you happen to be on New Jersey Route 3, don’t miss the Tick Tock Diner in Clifton” or “Accident reported ahead. Let’s send positive vibes to everyone involved.”

Many of these lines are related to the brothers’ favorite sports from around the world, as well as memories together while on a tour bus. Speaking of which, the new Jonas Brother experience also includes a custom “Tour Bus” vehicle along with a custom Mood (how drivers appear on the map). Called Limitless, the new mood has been specifically designed to let you fully embrace the free-spirited road trip vibe. “Growing up on the road, our tour bus became our home away from home, so we know the importance of getting places safely and on time. We are excited to partner with Waze for an exclusive driving experience and have our fans around the world join us on their drives and share some of our favorite memories and spots we’ve discovered while touring. See you on the road!

The newly launched Jonas Brothers driving experience is now available globally with navigation in English (the only language available) on Android and iOS devices. Just make sure to enable it from your Waze app before it goes away.


[ad_2]
Source link

FBI Seizes 9 Virtual Currency Exchange Services to Block Ransom Payments

andreasc
-
0
FBI Seizes 9 Virtual Currency Exchange Services to Block Ransom Payments
[ad_1]

The FBI has reportedly shut down 9 Virtual Currency Exchange services belonging to organizations to prevent cyber criminals from laundering their money.

These exchange services were used by threat actors who received ransom payments through criminal activities.

These organizations were knowingly supporting cybercrime activities and were supporting all kinds of threat actors. The domain names that were seized by authorities are as follows,

  • 24xbtc.com
  • 100btc.pro
  • pridechange.com
  • 101crypta.com
  • uxbtc.com
  • trust-exchange.org
  • bitcoin24.exchange
  • paybtc.pro
  • owl.gold

Virtual Exchanges are non-compliant if they have a lax anti-money laundering program or do not collect users’ enough KYC (Know Your Customer) information.

As stated by the FBI, These kinds of services operating in the cybercrime ecosystem are in violation of Title 18 United States Code, Sections 1960 and 1956.

In addition, these kinds of illegal currency exchanges are advertised online to get more and more cybercriminals to use their platform, resulting in an enormous revenue generation.

Most of these platforms were a playground for threat actors responsible for ransomware, scamming, and phishing campaigns. These services were offered in both Russian and English Speaking Countries.

The FBI has been investigating this issue further and will put up a seizure banner for these websites to inform visitors about their actions.

Running a money service business without an operating license and helping with money laundering is a federal crime.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

EHA

[ad_2]
Source link
1...1,2501,2511,252...1,452Page 1,251 of 1,452