New data from a cybersecurity firm reveals that recent phishing scams over smart contract platform Solana (SOL) have stolen over $4 million in crypto assets. In a new blog post, security firm Scam Sniffer says that in the past month alone, bad actors were able to exploit $4.17 million worth of digital assets from about […]
The post New Phishing Scams on Solana (SOL) Have Stolen Over $4,000,000 in Crypto Assets: Security Firm appeared first on The Daily Hodl.
A phishing link was posted on the X account of blockchain-focused cybersecurity firm Certik after a bad actor hacked into the protocol’s social media profile. In a new announcement, the cybersecurity company says that a “verified account associated with well-known media” was able to hack into one of their employee’s X accounts, using it to […]
The post Phishing Link Posted to Certik’s X Account After Hacker Compromises Blockchain Security Firm’s Social Media appeared first on The Daily Hodl.
The hacker returned 36 BAYC and 18 MAYC after receiving a 120 Ether bounty payment from Yuga Labs co-founder Greg Solano.
All Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) nonfungible tokens (NFTs) stolen from the peer-to-peer trading platform NFT Trader have been returned after a bounty payment.
NFTs worth nearly $3 million were stolen in the hack on Dec. 16. As per public messages, the attacker attributed the original exploit to another user. “I came here to pick up residual garbage,” they wrote, requesting ransom payments to return the NFTs.
“If you want these NFT’s back then you need to pay me 120 ETH […] and then I will send you the NFT’s, it’s as simple as that, and I never lie, believe me […],” reads one of the messages.
The decentralized exchange (DEX) OKX has suffered a security breach as a result of a compromised private key, according to cybersecurity firms. In a post on social media platform X, blockchain security company PeckShield says the exploit enabled the hackers to get away with $2.76 million worth of Ethereum (ETH), Tether (USDT) and USDC. “PeckShieldAlert […]
The post Over $2,700,000 in Ethereum and Other Crypto Assets Stolen From OKX Decentralized Exchange in Hack: PeckShield appeared first on The Daily Hodl.
The United States National Vulnerability Database (NVD) flagged Bitcoin’s inscriptions as a cybersecurity risk on Dec. 9.
The National Vulnerability Database (NVD) flagged Bitcoin’s inscriptions as a cybersecurity risk on Dec. 9, calling attention to the security flaw that enabled the development of the Ordinals Protocol in 2022.
According to the database records, a datacarrier limit can be bypassed by masking data as code in some versions of Bitcoin Core and Bitcoin Knots. "As exploited in the wild by Inscriptions in 2022 and 2023," reads the document.
Being added to the NVD’s list means that a specific cybersecurity vulnerability has been recognized, cataloged, and deemed important for public awareness. The database is managed by the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce.
Meta believes that this is “the first industry-wide set of cyber security safety evaluations for Large Language Models (LLMs).”
Meta released a suite of tools for securing and benchmarking generative artificial intelligence models (AI) on Dec. 7.
Dubbed “Purple Llama,” the toolkit is designed to help developers build safely and securely with generative AI tools, such as Meta’s open-source model, Llama-2.
The release, which Meta claims is the “first industry-wide set of cyber security safety evaluations for Large Language Models (LLMs),” includes:
U.S. Space Force Major Jason Lowery wants the U.S. military to prioritize the investigation of proof-of-work systems like Bitcoin for the country’s defense.
The United States needs to formally investigate using proof-of-work networks such as Bitcoin (BTC) to protect the country from cyber-inflicted warfare, according to Jason Lowery, a member of the United States Space Force.
In a four-page letter to the U.S.
“As a result, this misconception underplays the technology’s broad strategic significance for cybersecurity, and consequently, national security.”
The Defense Innovation Board is an independent advisory board set up to bring the technological innovation and best practices of Silicon Valley to the U.S.
Lowery used the letter to urge the board to advise the Secretary of Defense to investigate the "national strategic importance” of PoW systems like Bitcoin.
In his letter, Lowery explained that a proof-of-work system like Bitcoin could work to deter adversaries from cyberattacks due to the “steep costs” of a physically resource-intensive computer in the same way military assets help to deter military attacks against the country.
“Proof-of-work mirrors the physical security and deterrence strategies utilized in other domains like land, sea, air, and space,” but instead, it does it in the digital domain, Lowery explained.
BREAKING: US Space Force Major, Jason Lowery sends open letter about #Bitcoin to DOD’s Defense Innovation Board.
“I contend that reusable proof-of-work networks like #Bitcoin represent an offset strategy for the 21st century.” pic.twitter.com/qiLZ71S5MN
From legal issues to hackers, launching a CBDC is fraught with risks, and BIS has a big list of them to consider.
Issuance of a central bank digital currency (CBDC) requires adequate attention to security, the Bank for International Settlements (BIS) reminded central bankers in a report on Nov. 29. An integrated risk-management framework should be in place starting at the research stage, and security should be designed into a CBDC, the report said.
Risks associated with CBDCs will vary across countries, as conditions and goals vary, and they will change across time, requiring continual management. These risks can be broken down into categories and a wide array of individual factors, the study demonstrated. The risks grow with the scale and complexity of the CBDC. In addition:
“A key risk are [sic] the potential gaps in central banks' internal capabilities and skills. While many of the CBDC-related activities could in principle be outsourced, doing so requires adequate capacity to select and supervise vendors. […] A number of operating risks for CBDC stem from human error, inadequate definitions or incomplete planning.”
Cybersecurity may be challenged by other countries, hackers, users, vendors or insiders. The study identified 37 potential “cyber security threat events” from eight specific risks. Distributed ledger technology may be unfamiliar to a central bank and so not undergo full vetting or cause overdependence on third parties.
Related: Security audits ‘not enough’ as losses reach $1.5B in 2023, security professional says
The study suggests an integrated risk management framework to mitigate CBDC risks.
Despite the limited use of CBDCs in real life so far, several examples of risk management failure can be found. China found it was unprepared for the data storage requirements after it launched its digital yuan pilot. The Eastern Caribbean Central Bank’s DCash, a live CBDC, suffered a two-month outage in early 2022 due to an expired certificate in the software.
The head of the Bank for International Settlements (@BIS_org) has highlighted the need for vigilance and preparedness for the “constantly evolving” security challenges facing central bank digital currencies (#CBDCs) in a keynote speech https://t.co/zo7UlQUOxg #CBDC #cybersecurity
— Global Government Fintech (@GlobeGovFintech) November 13, 2023
On the other hand, the DCash pilot project had been considerably expanded the previous year to provide support in Saint Vincent and the Grenadines after a volcanic eruption there, improving the currency’s resilience, the study reminded.
Magazine: HTX hacked again for $30M, 100K Koreans test CBDC, Binance 2.0: Asia Express
The guidelines suggest cybersecurity practices AI firms should implement when designing, developing, launching, and monitoring AI models.
The United States, United Kingdom, Australia, and 15 other countries have released global guidelines to help protect AI models from being tampered with, urging companies to make their models “secure by design.”
On Nov. 26, the 18 countries released a 20-page document outlining how AI firms should handle their cybersecurity when developing or using AI models, as they claimed “security can often be a secondary consideration” in the fast-paced industry.
The guidelines consisted of mostly general recommendations such as maintaining a tight leash on the AI model’s infrastructure, monitoring for any tampering with models before and after release, and training staff on cybersecurity risks.
Exciting news! We joined forces with @NCSC and 21 international partners to develop the “Guidelines for Secure AI System Development”! This is operational collaboration in action for secure AI in the digital age: https://t.co/DimUhZGW4R#AISafety #SecureByDesign pic.twitter.com/e0sv5ACiC3
— Cybersecurity and Infrastructure Security Agency (@CISAgov) November 27, 2023
Not mentioned were certain contentious issues in the AI space, including what possible controls there should be around the use of image-generating models and deep fakes or data collection methods and use in training models — an issue that’s seen multiple AI firms sued on copyright infringement claims.
“We are at an inflection point in the development of artificial intelligence, which may well be the most consequential technology of our time,” U.S. Secretary of Homeland Security Alejandro Mayorkas said in a statement. “Cybersecurity is key to building AI systems that are safe, secure, and trustworthy.”
Related: EU tech coalition warns of over-regulating AI before EU AI Act finalization
The guidelines follow other government initiatives that weigh in on AI, including governments and AI firms meeting for an AI Safety Summit in London earlier this month to coordinate an agreement on AI development.
Meanwhile, the European Union is hashing out details of its AI Act that will oversee the space and U.S. President Joe Biden issued an executive order in October that set standards for AI safety and security — though both have seen pushback from the AI industry claiming they could stifle innovation.
Other co-signers to the new "secure by design" guidelines include Canada, France, Germany, Israel, Italy, Japan, New Zealand, Nigeria, Norway, South Korea, and Singapore. AI firms, including OpenAI, Microsoft, Google, Anthropic and Scale AI, also contributed to developing the guidelines.
Magazine: AI Eye: Real uses for AI in crypto, Google’s GPT-4 rival, AI edge for bad employees
A cybersecurity expert is endorsing Senator Elizabeth Warren’s anti-crypto legislation proposal, saying that it would cut down on scams. According to a new press release, Warren, a Democrat representing Massachusetts, asked cybersecurity expert Steve Weisman during a special Senate hearing on Aging if her proposed legislation would help cut down on crypto scams. Weisman responded […]
The post Cybersecurity Expert Backs Elizabeth Warren’s Anti-Crypto Legislation Proposal appeared first on The Daily Hodl.
