Alternative cryptocurrencies shone bright this week, as the wider cryptocurrency market saw continued resurgence.
The total market capitalization of all cryptocurrencies rose 25 percent week-on-week to $375 billion, according to CoinMarketCap – that’s up from below $250 billion just 10 days ago.
But bitcoin, with 5.4 percent appreciation over the last seven days, ranks only third from last in the list of the biggest gainers among the top 25 cryptocurrencies by market cap this week.
Meanwhile, the bitcoin dominance rate fell from 42.8 to 38.5 percent, indicating a drop in the percent of the total cryptocurrency market capitalization contributed by bitcoin and, conversely, growing investor interest in altcoins.
And, no wonder; names like stellar (XLM), IOTA and Cardano (ADA) are topping the list of biggest gainers, showing appreciation of up to 51 percent.
Other major cryptocurrencies like the Ripple (XRP) and bitcoin cash (BCH), though, have gained at least 30 percent each. While ethereum’s ether token (ETH) has appreciated by 16 percent, and litecoin (LTC) is reporting 16 percent gains.
Weekly performance: +51.26 percent
All-time high: $0.9381
Closing price on April 13: $0.24629
Current market price: $0.372532
Rank as per market capitalization: 8
XLM picked up a bid following a bullish triangle breakout on April 12 and rose to a 7.5-week high of $0.3883 on Bittrex. The rally has been backed by positive news flow, with Novatti group, a global software technology and systems integration provider, integrating XLM into its remittance service.
Further, trading volumes have increased 27 percent since April 13, according to CoinMarketCap. The high volume rally adds credence to the bullish breakout seen in the chart below.
The breach of the long-term falling trendline, bullish triangle breakout and the ascending (bullish biased) 10-day MA, favor further gains in XLM. However, the 14-day relative strength index (RSI) shows overbought conditions, so a minor pullback cannot be ruled out.
Weekly performance: +38.64 percent
All-time high: $5.69
Closing price on April 13: $1.32
Current market price: $1.83
Rank as per market capitalization: 9
IOTA crossed the long-term falling trendline in a convincing manner on April 15, confirming a bull reversal. So, it is not surprising to see the cryptocurrency is well bid and trading at $1.95 on Binance – its highest level since early March.
The rally coincided with the announcement that the first cryptocurrency-powered charging station, set to go live in the Netherlands, will use IOTA. The positive news flow may have strengthened IOTA’s appeal.
The cryptocurrency looks set to test resistance at $2.30 (Feb. 17 high), albeit after a healthy pullback, as the 14-day RSI shows overbought conditions. That said, the bias remains bullish as long as the cryptocurrency trades above the descending trendline.
Weekly performance: +38.60 percent
All-time high: $1.33
Closing price on April 13: $0.200532
Current market price: $0.277932
Rank as per market capitalization: 7
Cardano’s (ADA) impressive rally could be associated with a listing on the Houbi cryptocurrency exchange and the addition of new ADA pairs on Binance.
The cryptocurrency crossed the key resistance of $0.2543 in a convincing manner on April 16 and has hit a high of $0.2928 – a level last seen on March 6. Trading volumes also have jumped 29 percent week-on-week, signaling the rally is here to stay.
However, like XLM and IOTA, ADA also looks overbought as per the 14-day RSI and, hence, we are unable to rule out a pullback.
Weekly performance: -21.48 percent
All-time high: $0.240605
Closing price on April 13: $0.091562
Current market price: $0.071898
Rank as per market capitalization: 23
Verge’s XVG token took a beating on April 17 after Pornhub announced it would accept XVG for payments. The developers had hyped the situation ahead of the official announcement, by describing the mystery partnership as the biggest cryptocurrency collaboration to ever hit the market.
Most, though, were expecting verge to name TokenPay as the mystery partner, so many in the investor community felt disappointed by Pornhub partnership.
As seen in the above chart, the token fell from $0.118 to $0.065 after the partnership announcement on Tuesday and extended losses to $0.06. The ascending trendline seems to have rescued the bulls for now.
However, the relative strength index (RSI) has found acceptance below the rising trendline. Further, the 5-day moving average (MA) and the 10-day MA bearish crossover indicates the short-term bias is bearish. So XVG might re-test and possibly break below the trendline support next week.
Weekly performance: -10.56 percent
All-time high: $22.48
Closing price on April 13: $13.54
Current market price: $12.11
Rank as per market capitalization: 20
Binance coin (BNB) is threatening to drop below the long-term ascending trendline, as seen in the chart below. The cryptocurrency is reporting losses on a weekly basis, despite Binance completing its “coin burn” – a process similar to share buyback, aimed at a reducing the circulation in the market (supply) and boosting demand.
It appears the positive impact of coin burn was priced in well in advance, as the token was better bid last week.
Moving forward, BNB risks a deeper sell-off unless it stages a solid rebound from the ascending trendline support.
Researchers at Trend Micro recently discovered a new strain of Android miner dubbed ANDROIDOS HIDDENMINER that can brick infected devices
Crooks are looking with increasing interest cryptocurrency mining malware developed for mobile devices.
Researchers at Trend Micro recently discovered a new strain of Android malware dubbed ANDROIDOS HIDDENMINER that abuse device CPU to mine Monero cryptocurrency.
HiddenMiner also implements evasion techniques, it is able to bypass automated analysis by checking if it’s running in a virtualized environment by abusing an Android emulator detector found on Github.
“We uncovered a new Android malware that can surreptitiously use the infected device’s computing power to mine Monero. Trend Micro detects this as ANDROIDOS_HIDDENMINER.” reads the analysis published by Trend Micro.
“This Monero-mining Android app’s self-protection and persistence mechanisms include hiding itself from the unwitting user and abusing the Device Administrator feature (a technique typically seen in SLockerAndroid ransomware).”
The experts were able to find the Monero mining pools and wallets connected to the HiddenMiner malware, they learned that one of its operators withdrew 26 XMR (or US$5,360 as of March 26, 2018) from one of the wallets. This information suggests that the operators are currently active.
HiddenMiner abuse the device’s CPU power to mine Monero, unfortunately, the computational effort is so important that the CPU can overheat causing the device to lock, fail, and be permanently damaged.
“There is no switch, controller or optimizer in HiddenMiner’s code, which means it will continuously mine Monero until the device’s resources are exhausted.” continues the analysis.
“Given HiddenMiner’s nature, it could cause the affected device to overheat and potentially fail.”
This behavior was already observed in the past, the Loapi Monero-mining malware caused a device’s battery to bloat.
HiddenMiner, like Loapi, uses to lock the device screen after revoking device administration permissions.
The ANDROIDOS HIDDENMINER is currently being delivered through a fake Google Play update app, experts found it on third-party app marketplaces.
The miner is mainly affecting users in India and China, but experts fear it could rapidly target other countries.
Malware developers are abusing Device Administration Permission, experts pointed out that users can’t uninstall an active system admin package until device administrator privileges are removed first.
Victims of the HiddenMiner’s cannot remove the miner from device administrator as it employs a trick to lock the device’s screen when a user wants to deactivate its device administrator privileges. Experts explained that it exploits a vulnerability found in Android operating systems except for Nougat and later versions.
“Indeed, HiddenMiner is yet another example of how cybercriminals are riding the cryptocurrency mining wave.” concluded Trend Micro. “For users and businesses, this reinforces the importance of practicing mobile security hygiene: download only from official app marketplaces, regularly update the device’s OS (or ask the original equipment manufacturer for their availability), and be more prudent with the permissions you grant to applications.”
MITRE is evaluating a new service dubbed ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) for APT detection.
MITRE is going to offer a new service dubbed ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) to evaluate products based on their ability in detecting advanced persistent threats.
“MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.” reads the MITRE’s official page. “ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.”
The MITRE ATT&CK service will evaluate endpoint detection and response products for their ability to detect advanced threats.
“There are a lot of products on the market that try to detect adversary behavior, and we’re trying to figure out what they can do,” says Frank Duff, principle cybersecurity engineer at MITRE.
Duff explained MITRE will adopt a transparent methodology and knowledge base that will make easy to interpret results obtained with its service.
In my opinion, sharing information about attackers’ TTPs is essential and such kind of initiative is very important for cyber security community.
Jessica Payne from Microsoft Windows Defender praised the MITRE ATT&CK service.
The knowledge base was initially collected as a tool to allow red team members to communicate more easily with blue team members and corporate executives, it comes from publicly available sources.
“ATT&CK provides a common framework for evaluating post-breach capabilities,” said Duff. “We believe that objective and open testing based on ATT&CK will advance capabilities and help drive the entire endpoint detection and response market forward.”
According to Duff, internal MITRE information doesn’t contaminate the knowledge base.
In this phase, MITRE intends to evaluate its service and its efficiency, the first case study will be based on APT3/Gothic Panda and will evaluate the ability of products in detecting this threat.
“As part of their participation in MITRE’s impartial cyber evaluation, cybersecurity vendors will be provided clear articulation of their capabilities, as well as access to MITRE’s cyber experts’ feedback for improving their products.” reads the statement published by MITRE. “Details captured will include the ATT&CK technique tested, specific actions the assessors took to execute, and details on the product’s ability to detect the emulated adversary behavior.”
MITRE, for this first round, call for vendors to contribute until April 13, 2018.
The security researcher Dhiraj Mishra (@mishradhiraj_) has studied how VPNs & Privacy Browsers leak users’ IPs via WebRTC
You might have heard about VPN’s & Privacy Browsers leaking users’ IPs via WebRTC [1
reserved, wrote a Metasploit Module
for this issue which uses WebRTC and collects the leak private IP address, however this module may be implemented as a new library in (browser_exploit_server.rb
) in MSF.
#cheers What is WebRTC ?
WebRTC (Web Real-Time
Communication) provides supports to web browser on a real-time communication via API.So let’s get started….There are “multiple” online services
available which uses WebRTC function. Even if you are using VPN’s or Privacy based browsers it leaks your actual public and private IP address.I think this is more of a privacy issue rather than security if we talk specifically in browser-based bug bounty, however, such information can help an attacker to do further recon/attack if they are in the same network.Most of the browser have WebRTC enabled by default,Mozilla Team says :This is a well-known property of webrtc – see the duplicate bug.
Chrome Team says : We’ve already done what we plan to do, following the guidelines in https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-04. And we offer a “Network Limiter” extension (https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia?hl=en) to turn on more restrictive modes.
Don’t forget Facebook even they have Webkits and it is vulnerable too.
Facebook Team says :
Thank you for your report. We’ve looked into your finding but determined the information being leaked is not sensitive enough to warrant a bounty. We may consider leakage of a victims referrer header, but it would have to display a full and potentially sensitive path. However, we have protections in place which prevent this from happening. Although this finding doesn’t qualify we still appreciate your time and effort sending it in.
Okay if your an android lover, you would be aware with android webkit though, The android webkit also leaks IP address as well, I tested this on Nokia 8 android 8.1.0 and the issue still exists.
Android Team says:
The Android security team has conducted an initial severity assessment on this report. Based on our published severity assessment matrix (1) it was rated as not being a security vulnerability that would meet the severity bar for inclusion in an Android security bulletin.
Pheewww ! then what, I started targeting privacy browser and the very first browser came in my mind was DuckDuck Go which has 1,000,000+download rate in Android market and being an privacy based browser the WebRTC was enabled over there and it leaks your IP address, I reported the same to DD Go Security Team.
Duck Duck Go Team says:
Hi again Dhiraj,
Thank you for trying out the new browser and for sending this report,
including the security team. They’re currently looking into this and
I’ll let you know if any further information is needed.
There’s a similar discussion in the Firefox Focus for Android repository
on GitHub, so we’ll keep an eye on that too:
Hmmmm cool, then CVE-2018-6849was assign for this issue, However I keep on taking follow up for them but they are taking too long time to patch. #Unpatched
Then I thought of creating module for this, many thanks to Brendan Coles who helped me in this and even suggested this can be used has a functionality to a HTTP library would be more useful, as it could be leveraged by existing exploits and info gathering modules.
|Working of my MSF Module on DuckDuck Go Privacy Browser
In between RageLtMan also gave his thoughts that “I could actually see a benefit to this being in lib for use by things like #8648. I can inject the separate script ref in the response via the MITM mechanism, but would be cool to just generate and serve the JS directly (for any script we think will have more than 2 weeks of lifetime in browsers). Thanks for the PR”
So lets see, I started with private IP leak vulnerability which turned to CVE-2018-6849, which gave rise to a Metasploit module, which will in turn became a part of MSF library,
now that’s cool. Hope you like the read……
About the Author: Security Researcher Dhiraj Mishra ()
The Philippine central bank has thrown an alert to local financial institutions following a cyber attack against the SWIFT servers at the Malaysian central bank.
The Philippine central bank has thrown an alert to local financial institutions following a cyber attack against the Malaysian central bank.
According to Malaysian governor, the hackers attempted to steal money through fraudulent wire transfers, the good news is that the attack failed.
Bank Negara Malaysia confirmed that no funds were lost in the cyber attack, the hackers sent fake wire-transfer requests over the SWIFT bank messaging network to the target bank in order to trick it to transfer the money.
“We issued a general alert reminder as soon as we got BNM advisory to be extra careful over the long holiday. Although banks already do that as SOP (standard operating procedure),”Bangko Sentral ng Pilipinas Governor Nestor Espenilla said in a phone message.
“Information sharing is part of enhanced defensive protocols against cyber-crime,”.
At the time of writing is still unclear who is behind the attack or the way the hacker breached the SWIFT systems used by the bank.
“Bank Negara did not say who was behind the hack or how they accessed its SWIFT servers. The central bank, which supervises 45 commercial banks in Malaysia, said on Thursday there was no disruption to other payment and settlement systems the central bank operates because of the cyber attack.” reported the Straits Times.
Bank Negara said it had taken additional security measures to protect its stakeholders.
“All unauthorised transactions were stopped through prompt action in strong collaboration with SWIFT, other central banks and financial institutions,” it said in a statement.
The Philippine banks were also involved in the clamorous 2016 cyber heist
when hackers stole US$81 million from the Bangladesh central bank
, at the time the hackers transferred money into several accounts at Manila-based Rizal Commercial Banking Corp (RCBC) and then used them into the local casino industry.
The Philippine central bank fined RCBC a record one billion pesos (US$20 million) in 2016 for the failure to prevent the fraudulent transfers of money.
RCBC sustained that a rogue employee was responsible for the movement.
Mr Abu Hena Mohd. Razee Hassan, deputy governor of Bangladesh Bank, said the latest attack against the Malaysian central bank showed that the SWIFT platform remained vulnerable.
“After the attack on our central bank, SWIFT took several measures to protect the system globally but yet this is happening, meaning criminals have more ability and more capable weapons,” Mr Razee Hassan told Reuters in Dhaka.
“So this is the time to further improve the financial transfer system globally.”