This Week In Blockchain and CyberSecurity News - December 14, 2018

Coinbase Lists Five New Tokens on Coinbase Pro And Announces “12 Days of Coinbase”

Coinbase announced on Monday they are going to add four new coins on its retail trading platform Coinbase Pro. The new assets available are Zcash(ZEC), Civic (CVC), district0x (DNT), Loom Network (LOOM), and Decentraland (MANA). The coins are available to trade for all users in the U.S.(except New York), European Union, Singapore, the U.K., Australia, and Canada. Coinbase has also announced “12 Days of Coinbase” where from the dates December 10th- December 21’st each day at noon PST they will announce new features, support for new cryptocurrencies, and more. To spread adoption of cryptocurrencies, on December 10th Coinbase used WeGift to allow customers to use crypto with dozens of vendors including Uber, Nike, Domino’s, and many more.

Read more about the new tokens here

Get more information about 12 Days Of Coinbase here

Attack on Ethereum Wallets Underway on Well Known Port 8545 Attack Vector

A vulnerability in some old Ethereum wallets, network clients, and nodes have become the target of a new attack in groups of hackers who release scanning networks specifically designed to target Ethereum mining hardware and Ethereum wallets on a global scale.  The attackers scan for devices with port 8545 open, which is commonly associated with Ethereum’s “geth” software and JSON-RPC interface. The port and API interface is used by the platform to transport information and data related to mining or funds. Typically, the ports are not created with passwords as the user is expected to configure one. If the interface is left exposed, a hacker can exploit this vulnerability using it to steal Ethereum. Using this same vulnerability and methodology a few months ago, hackers stole over $20 million worth of Ethereum.

Get more info here

State Farm Test Drives Blockchain Technology For Auto Insurance.

As the insurance industry involves a tremendous amount of much paperwork, sensitive data, and manual processes it seems obvious that corporations will gain interest in blockchain technology. Blockchain technology can provide a superior claims process, data storage, and ultimately a more fluent payment processing system to the industry. On December 10th, State Farm announced it is testing a blockchain-based solution to improve the speed and accuracy in areas which auto insurance claims are settled. More specifically, State Farm is looking into blockchains use in subrogation, which is the process by which the at-fault insurer compensates the injured party's insurer for costs paid to settle a damages claim. The Blockchain is a great resource to speed the process of subrogation, as subrogation today is a time consuming and lengthy process that often consumes a lot of resources. State Farm is also looking into using distributed ledger technology that can create a permanent, easily verified record of each transaction, thus cutting costs for insurers and reducing the potential for errors. Expressing a willingness to be a leader in the industry with blockchain technology State Farm states they are “working with another insurer to understand how an enterprise blockchain solution can be used to reduce the time” and that they are interested to explore all the other opportunities the blockchain provides.

Get more information here

Eastern European Banks Lose Tens Of Millions Of Dollars In Hollywood-Style Hacks

At least eight banks in Eastern Europe are believed to have fallen to cyber-criminal attacks. The tactics the cyber-criminals used are methods that “usually are only seen in Hollywood movies.” By acting as a job seeker, representative of a client, or courier, the cyber-criminals entered various bank offices and inserted malicious devices which then connected to the bank’s network. The devices used to conduct such an attack included cheap laptops, Raspberry Pi Boards, or malicious USB thumb drives known as “Bash Bunnies.” After leaving the devices at the bank, the cyber-criminals connected to them from a remote location using a GPRS, 3G, or LTE modem. The malicious attackers scanned local networks for publicly shared folders, web servers, or any computer with open access. At the last stage of their attacks, the criminals left malware on the banks’ network which ultimately allowed them to steal funds from various bank accounts.

Read the fully story here

Hackers Steal Over 40k Logins for Gov. Services in 30 Countries

In the past week, over 40,0000 login credentials for government portals in more than 30 countries were discovered, and are already believed to have been sold on underground hacker forums. Among the victims are government employees, the Israel Defense Forces (idf.il), the Ministry of Finance of Georgia (mof.ge), the Norwegian Directorate of Immigration (udi.no), and the Ministries of Foreign Affairs of Romania and Italy. The passwords and usernames were stolen with the use of malicious emails that distributed spyware tools like Pony Formgrabber, AZORult, and qBOT. By sending an email containing a legitimate-looking file, the attackers tricked victims into opening the attachments and then deployed malware which would look for sensitive information. It is extremely important to educate individuals in the preventative steps they must take to not fall for phishing attacks, as just one comprised government employees account can lead to the theft of commercial or state secrets.

Read more here!