Leaderboard
Popular Content
Showing content with the highest reputation on 04/29/22 in all areas
-
Despite the old saying, not everything lives forever on the internet — including stolen crypto. This week, crypto security firm BlockSec announced that a hacker figured out how to exploit lending agreements and triple their crypto reward on the ZEED DeFi protocol, which runs on the Binance Smart Chain and trades with a currency called YEED. “Our system detected an attack transaction that exploited the reward distribution vulnerability in ZEED,” BlockSec said on Twitter this week. The end of the thread threw readers for a loop, though, because BlockSec also said the stolen currency had been permanently lost because of a self-destruct feature the hacker used. “Interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract. Probably, he/she was too excited,” BlockSec said in a following tweet. Possible Vigilante The sheer thought of losing a million dollars is enough to make anybody sweat bullets, but it’s possible the hacker did this on purpose. BlockSec isn’t sure what the motive was, and suggests it could’ve been an accident. A report by VICE published this week says the hacker could’ve been a vigilante with a message or something to prove. Because the self-destruct feature “burned” the tokens, they’re essentially gone forever. VICE suggests the hacker could’ve wanted to watch the crypto world burn — and the mysterious attacker certainly did cause a lot of chaos. After selling the hacked tokens, YEED’s value crashed to near zero. Sales won’t resume until ZEED takes steps to secure, repair and test its systems. Maybe the hacker messed up, or maybe we just witnessed a modern day Robin Hood attack. It’s possible we’ll never know who pulled off the hack, or why. Source: https://futurism.com/the-byte/hacker-steals-destroys Dorele, ce făcuși..... 😂1 point
-
1 point
-
Shodan.io is a search engine with the job of crawing the internet for publically acessible servers, software, and equipment. Intended as a site for cyber security experts and researchers, Shodan is a popular destination for those with other intentions as well. While not an inherently bad site, a hacker might want to cause some trouble by remotely accessing a web server with default credentials found on Shodan. News stories over the last few years talk about how Shodan has been used to log into traffic light controls, web cameras, and find databases to exploit. How do you prevent your network from being scanned and added to Shodan? First you’ll need a router or firewall with more than basic functions. Your device should accept custom firewall rules where you can block by remote IP address. Second you’ll need a list of the servers that Shodan uses to crawl the internet. Below is a list of known Shodan IP addresses and host names. A firewall rule should be created to block each entry. 93.120.27.62 - m247.ro.shodan.io 85.25.43.94 - rim.census.shodan.io 85.25.103.50 - pacific.census.shodan.io 82.221.105.7 - census11.shodan.io 82.221.105.6 - census10.shodan.io 71.6.167.142 - census9.shodan.io 71.6.165.200 - census12.shodan.io 71.6.135.131 - census7.shodan.io 66.240.236.119 - census6.shodan.io 66.240.192.138 - census8.shodan.io 198.20.99.130 - census4.shodan.io 198.20.70.114 - census3.shodan.io 198.20.69.98 - census2.shodan.io 198.20.69.74 - census1.shodan.io 188.138.9.50 - atlantic.census.shodan.io If you have a router capable of displaying active sessions or reporting blocked firewall events, you’ll see something like this. There are of course a number of things you can do to protect yourself from uninvited internet guests. First and foremost, don’t use default credentials for your router, server, database, IP camera, etc. These devices are incredibly easy to find through Shodan and there is never an excuse for defaults! You can also set your router to only allow inbound traffic from known IP addresses. Disabling WAN pings is another way you can try and prevent inbound traffic to your network. The easiest test is to run a Shodan search against yourself. If you know your external IP address, plug it into Shodan and look at the results. Do you see open ports? Do you have devices that are unsecured or running default credentials? The best solution is not to have public facing devices at all and instead to use a VPN to remotely access equipment, but in some situations that just isn't an option and the firewall rules are a fix. There are a number of routers that can provide the necessary firewall capabilities to block sites like Shodan from scanning your network. (Blocking a Shodan IP on a Peplink) The Pepwave Surf SOHO or Cradlepoint MBR1200B will provide adequate blocking for most homeowners or small businesses. Medium to enterprise size companies will want to look at more capable options like the Peplink Balance 380 or the AER3100. SOURCE1 point
-
The Role... Individual with background in development, capable of driving the security engineering needs of the application security aspects of products built in-house and/or integrated from 3rd parties and ensuring alignment with the PPB technology strategy. Work closely with the other Security Engineering areas (Testing & Cloud), wider Security team and project teams throughout the organization to ensure the adoption of best of breed Security Engineering practices, so that security vulnerabilities are detected and acted upon as early as possible in the project lifecycle. In addition to ensuring a continuous and reliable availability and performance of the existing security tools (both commercial and internally developed), the role also involves its continuous improvement (namely to cover emerging technologies/frameworks) and the coordination and hands-on development of the internally developed tools to meet new business and governance needs. What you´ll be doing... Liaise with business stakeholders to ensure all business projects are assessed from a security point of view and input is provided in order to have security requirements implemented before project is delivered; Develop and maintain engineering components autonomously (Python) that enable the Application Security team to ensure internally developed code is following security best practices; Research and evaluate emerging technologies to detect, mitigate, triage, and remediate application security defects across the enterprise; Understand the architecture of production systems including identifying the security controls in place and how they are used; Act as part of the InfoSec Engineering team, coordinating and actively participating in the timely delivery of agreed pieces of work. Ensure a continuous and reliable availability and performance of the existing security tools (both commercial and internally developed); Support the engineering needs of the InfoSec Engineering and wider Security function. Build strong business relationships with partners inside and outside PPB to understand mutual goals, requirements, options and solutions to complex or intangible application security issues; Lead and coach junior team members supporting them technically in their development; Incident response (Security related), capable to perform triage and with support from other business functions provide mitigation advise. Capable of suggest and implement security controls for both public & private clouds Maintain and develop components to support application security requirements in to Continuous Delivery methodologies; Research maintain and integrate Static Code Analysis tools (SAST) according companies' requirements; Plan and develop deliverables according SCRUM. What We're Looking For... Good written and verbal communication skills; A team player, who strives to maximize team and departmental performance; Resolves and/or escalates issues in a timely fashion; Knowledge sharing and interest to grow other team members; Effectively manages stakeholder interaction and expectations; Develops lasting relationships with stakeholders and key personnel across security; Influences business stakeholders to develop a secure mindset; Interact with development teams to influence and expand their secure mindset; Aplicare: https://apply.betfairromania.ro/vacancy/senior-infosec-engineer-6056-porto/6068/description/ Daca sunteti interesati, astept un PM si va pun in legatura cu "cine trebuie"1 point