Latest News

2019/04/16

Trading Bots Are Running Wild on Crypto Exchanges

“Flash Boys”-like trading manipulation is rampant on certain cryptocurrency exchanges, according to a paper from researchers at Cornell Tech and several other universities.

Special arbitrage bots are anticipating and profiting from ordinary users’ trades on decentralized exchanges, which let them trade more directly, the authors said in a report released last week. The firms that deploy the autonomous trading programs manage to get priority ordering by paying higher fees, and use that advantage for practices such as front running, in which traders can see orders from others and manage to place their own first.
2019/04/16

Gread read: A look at IBM S/360 core memory

The IBM System/360 was a groundbreaking family of mainframe computers announced introduced in 1964, and much of the success of System/360 was due to core memory technology. The S/360 was an extremely risky "bet-the-company" project that cost IBM over $5 billion. The project was nearly derailed as the operating system OS/360 grew out of control: it was originally targeted for 16 KB systems, but grew to require 32 KB and then 64 KB. Fortunately, IBM was able to build larger core memories at a price that customers could still afford, so the operating system was usable. The System/360 project ended up being a huge success and ensured IBM's dominance of the computer industry for the next two decades.
2019/04/16

Breach at IT Outsourcing Giant Wipro

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

Earlier this month, KrebsOnSecurity heard independently from two trusted sources that Wipro — India’s third-largest IT outsourcing company — was dealing with a multi-month intrusion from an assumed state-sponsored attacker.
2019/04/15

Nearly one billion Chrome users vulnerable to exploit patched in later versions

Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome.

Although the security flaw has been patched in Chrome’s version 8 JavaScript engine, a fix hasn’t been developed for Chrome version 73 leaving at least an estimated billion users at risk. Kurucsai pointed out that this situation isn’t unique to Google, but said in his blog post it’s important that users dig deep into a patch to know if it applies to an exploitable security vulnerability.

Skilled adversaries could use the gap between the zero day’s announcement and the release of the patch to launch a more effective attack, said Craig Young, computer security researcher for Tripwire’s VERT (Vulnerability and Exposure Research Team) told SC Media.
2019/04/15

Massive SIM swap fraud leaves traditional 2FA users at risk

As two-factor authentication becomes more popular, threat actors have proven once again how this security feature can be exploited if not implemented properly.

Kaspersky researchers uncovered large-scale SIM swap fraud operations targeting users in both the Portugese-speaking nations of Brazil and Mozambique were able to use social engineering, bribery, and simple phishing attacks to ultimately steal money from victims.