Last Week In Blockchain and CyberSecurity News - March 26, 2019

<br />

IBM Launches a Blockchain-Based Global Payments Network Using Stellar’s Cryptocurrency

IBM has developed a real-time, global payments network to support cross-border and international exchange in more than 50 countries using cryptocurrencies. The transition to blockchain based payments network skips through the process of going through a series of intermediaries when sending money internationally. IBM Blockchain World Wire is now “in limited production” and available in 72 countries. Using the Stellar protocol, World Wire acts as a network “provider for international payments, enabling point-to-point money transfers in lieu of the complexities of conventional correspondent banking” (Forbes). This service provides financial institutions to optimize and accelerate foreign exchange and cross border payments. According to IBM, World Wire is the first blockchain network of its kind to “integrate payment messaging, clearing and settlement on a single unified platform” (Forbes). IBM Blockchain World Wire has enabled payments with 48 currencies, and 44 banking endpoints. This announcement will undoubtedly help spread awareness regarding the benefits blockchain technology may provide in everyday services.
Read more here

Facebook Stored Passwords in Plain Text for Years

It seems as if Facebook makes headlines every week concerning privacy issues. Last week KrebsOnSecurity said that “specifically between 200 and 600 million passwords were stored in plain text as early as 2012 and were searchable by thousands of Facebook employees.” Having a password in plaintext means that the passwords are unencrypted and can be simply read by an employee who had access to Facebook’s internal data storage systems. The report by Krebs reported that “2,000 engineers or developers made around nine million internal queries for data elements containing plain text user passwords,” causing concern over the security practices Facebook practices. Having passwords exposed in plaintext can be a threat to not only the information stored on the account but other accounts that have Facebook login information attached to them. Password reuse attacks can also occur if plain text passwords leak. Facebook acknowledged the issue and quickly fixed it as well as notified the affected users.

43 Vulnerabilities Detected in Major Cryptocurrency Platforms: Report

Over 40 software bugs were detected and reported to HackerOne, a vulnerability disclosure platform. Numerous types of vulnerabilities were found in some of the largest cryptocurrency networks including Coinbase, Eos, Monero(XMR) and Brave. The blockchain that contained the most vulnerabilities were Esports gambling platform Unikrn, which had 12 bugs flagged via its disclosure program. OmiseGo developer Omise came in second with six bug reports, followed by EOS with five (cryptoglobe). Coinbase, Crypto.com, Electroneum, and Brave’s “software all had various software bugs which could potentially be critical, the White hat hacker team noted.”

Get more information here

Microsoft Defender ATP Brings Enterprise Protection to Macs

Last week Microsoft announced that the Windows Defender Advanced Threat Protection enterprise platform would be available for macOS. Microsoft Defender ATP supports macOS Mojave, macOS High Sierra, and macOS Sierra. Currently, the service is in a limited public preview that allows users to run scans, review detected threats, and perform various configurations.

Full features include

Running scans, including full, quick, and custom path scans (we recommend quick scans in nearly all scenarios)
Reviewing detected threats
Taking actions on threats, including quarantine, remove, or allow
Disabling or enabling real-time protection, cloud-delivered protection, and automatic sample submission
Adding exclusions for files and paths

Managing notifications when threats are found
Manually checking for security intelligence updates

Norsk Hydro Calls Ransomware Attack ‘Severe’

One of the world’s largest Aluminum producers, the Norwegian Norsk Hydro, fell victim to a serious cyber-attack last week. The attack has forced the company to shut down or isolate several plants into manual mode. The CFO Eivind Kallevik stated “The situation is quite severe. The entire worldwide network is down, affecting all production as well as our office operations.” Areas impacted include the digital systems at its smelting plants and metal extrusion plants. The company ultimately isolated many plants to make sure the virus does not spread to other plants. They also plan to use the backup data they have in their systems. Some media outlets have reported the ransomware in question is the LockerGoga ransomware. The cyber-attack had a significant impact on the industry and altered the spot price of aluminum.