Page 203«..1020..202203204205..210220..»

Bitcoin will ‘propel the next leg up’ if key trading pattern confirms Traders – Cointelegraph

Bitcoins (BTC) price could see a bullish trend reversal and propel the next leg up if the popular trading indicator known as the inverse head-and-shoulders pattern is confirmed, according to a crypto trader.

If we dont break straight through $67.5k then something like this forming over the next month would make sense for a bottom pattern reversal, crypto trader Matthew Hyland explained in a May 4 post on X.

He is referring to the inverse head-and-shoulders pattern a bullish indicator that signals the downtrend is easing, and buyers are becoming more dominant in the market.

It would be a great setup to propel the next leg up, he declared.

Although it is crucial that Bitcoin holds above its short-term holder price of $59,500 to maintain its bullish trend, pseudonymous crypto analyst and co-founder of CMCC Crest Willy Woo told his 1.1 million X followers on May 3.

The setup appears when Bitcoins price forms three troughs below a so-called neckline resistance, with the middle otherwise known as the head deeper than the left and right shoulder.

Bitcoins price has slightly rebounded from the head at $58,614 on May 1, and if the pattern continues as Hylands model suggests, it will find support around its second shoulder, at $60,000 a key support level.

The decline would represent a 5% from its current price of $63,350, according to CoinMarketCap data. Dropping to this level would liquidate $530 million in long positions, according to CoinGlass data.

According to Hylands model, Bitcoin may rise above the neckline and exceed its current all-time high of $73,800 by June.

On top of this, buyer interest in the crypto market is slowly increasing, according to the Fear and Greed Index.

The index is currently sitting on a Greed score of 69, a major recovery from three days ago when it indicated Fear with a score of 43.

Related: Bitcoin opens $63K futures gap as thin liquidity threatens BTC price

Meanwhile, some traders expect Bitcoins price to remain stagnant in the near term, but they dont necessarily view this as a bearish signal.

The longer the Bitcoin consolidation takes, the higher its price will meet the trendline, added pseudonymous crypto trader Titan of Crypto.

Bitcoins previous cycle all-time highs tend to slow down price and make Bitcoin stall for some weeks, pseudonymous crypto trader Daan Crypto Traders told his X followers in a May 4 post.

Magazine: Meme coins: Betrayal of cryptos ideals or its true purpose?

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

More here:
Bitcoin will 'propel the next leg up' if key trading pattern confirms Traders - Cointelegraph

Read More..

First Bitcoin-backed synthetic dollar to launch with 25% yield – Cointelegraph

Hermetica has announced the launch of the first-ever Bitcoin-backed synthetic United States dollar with yield-generating capabilities in the latest development for Bitcoin-native decentralized finance (DeFi).

Slated for release in June, the new synthetic dollar, USDh, will offer users yields of up to 25%, according to Hermeticas announcement shared with Cointelegraph.

The new synthetic dollar will enable Bitcoiners to hold and earn yield on their U.S. dollars without the need to trust the banking system or gain exposure to non-Bitcoin-related products, according to Jakob Schillinger, founder and CEO of Hermetica Labs.

Schillinger told Cointelegraph:

Hermetica is a Stacks-native DeFi protocol on Bitcoinand part of a wider movement known as Bitcoin DeFi (BTCFi), which aims to bring DeFi capabilities to the worlds first blockchain network.

Related: Mr. 100 buys the Bitcoin dip for the first time since halving Is the BTC bottom in?

The launch of the first Bitcoin (BTC)-backed synthetic dollar comes two months afterEthenas USDe launched with a 27.6% yield for holders, creating widespread concerns about the protocols sustainability.

Similar concerns could arise for Hermeticas USDh, as the 25% annual percentage yield (APY) is considerably higher than the 20% yield offered by Anchor Protocol on TerraUSD (UST) before the algorithmic stablecoin issuer Terra collapsed in May 2022.

According to Hermeticas CEO, the yield is sustainable and derived from futures funding rates. Schillinger explained:

Schillinger added that the demand for Bitcoin futures will keep USDh yield sustainable:

Increasingly, more protocols are building more utility and DeFi capabilities around Bitcoin, the worlds most secure blockchain network. Schillinger believes that the introduction of Ordinals was among the most important catalysts for BTCFi. He said:

Related: Biggest Friend.tech whale dumps tokens as users struggle to claim airdrop

Excerpt from:
First Bitcoin-backed synthetic dollar to launch with 25% yield - Cointelegraph

Read More..

Back to extreme greed past $65K? 5 things to know in Bitcoin this week – Cointelegraph

Bitcoin (BTC) starts a new week with bullish sentiment back on the radar as $64,000 returns.

In a stirring comeback, BTC price action has managed to leave its latest swing lows far behind it, gaining nearly $8,000 versus the pit of last weeks sell-off.

Despite some of those gains coming during the weekend, they proved to have staying power, and during the May 6 Asia trading session, bears are having no luck pushing the market back down.

The mood is thus considerably different into the second week of May but increasing greed is already visible.

Can Bitcoin and altcoins manage sustainable momentum toward all-time highs?

This is the question that traders and analysts will pose after a trip to two-month lows and a considerable flushing out of leverage.

On exchanges, things remain promising, with funding rates neutral, and there are few signs of a mass desire to long BTC at current levels.

Should things take a turn for the worse, however, it is key support levels that will come in for a fresh test. These include the short-term holder (STH) cost basis and 100-day moving average both classic bounce levels.

Cointelegraph takes a closer look at the current state of Bitcoin as the average trader recovers from a hair-raising start to the month.

The weekend ultimately posed no threat to Bitcoin bulls, providing some unexpected upside that ended up holding into the weekly close.

This came in at around $64,000 on Bitstamp, data from Cointelegraph Markets Pro and TradingView confirms around $900 higher versus the end of April.

While not a giant weekly candle, the performance represents an impressive return to form for BTC/USD, which saw a trip to $56,500 in the intervening period.

Unsurprisingly, market observers are quietly optimistic.

Swept all the liquidity below that was built up over the past 2 months and bounced quickly afterwards, popular trader Daan Crypto Trades summarized in part of his latest commentary on X.

Tony Severino, founder of crypto technical analysis platform CoinChartist, noted similarities between last weeks snap drop and similar ones during the bull market.

Every higher swing low in Bitcoin since November 2022 was a weekly hammer, he revealed over the weekend.

In a prior post, Severino added that price was attempting to reclaim the upper monthly Bollinger Band something acting as support since February.

This is potentially a positive development, he suggested.

Data from monitoring resource CoinGlass meanwhile puts BTC/USD up 5.8% in May so far, reducing overall second quarter losses to under 10%.

Crypto markets are notoriously fickle and an emerging trend can quickly fade, pulling sentiment down with it.

If Bitcoin sees a change of trajectory, traders and analysts will be interested in seeing to what extent nearby support levels succeed at limiting any fresh downside.

Michal van de Poppe, founder and CEO of trading firm MNTrading, is one commentator highlighting the significance of $60,000 despite this level offering little consolation to bulls last week.

Bitcoin above $60K and retail isn't here, he told X followers about the relative lack of fanfare accompanying the market comeback.

As Cointelegraph continues to report, $60,000 coincides with several trendlines, which have buoyed BTC/USD since the bull market began in early 2023.

These include the 100-day simple moving average (SMA) and STH realized price the aggregate cost basis of entities holding coins for 155 days or less.

These two levels sit at $60,650 and $59,920 as of May 6, with the latter figure provided by the statistics resource Look Into Bitcoin.

In a research note on May 6, meanwhile, financial commentator Tedtalksmacro added the 50-day exponential moving average (EMA) to the mix.

The 50D EMA stands at $64000 - where BTC is currently trading, a reclaim of that level is significant in defining the high timeframe market structure, he explained.

The upcoming week is relatively quiet when it comes to macroeconomic data, but recent events provide traders more than enough to monitor.

The latest United States employment figures gave risk assets a boost across the board late last week something firmly on the radar for crypto.

With the Federal Reserve increasingly expected to lower interest rates in the coming months, easing of financial conditions is becoming a question of not if but when.

For Van de Poppe, there is even a chance of quantitative easing (QE) making a reappearance a return to the Fed increasing available liquidity.

Very significant chance that most of the pain is already in for Altcoins, he argued.

U.S. dollar strength took a hit on the jobs data, with the U.S. Dollar Index (DXY) declining precipitously to spike to its lowest levels since April 10.

Attention will thus be focused on jobless claims data when it comes to Fed rate cut timing, this due on May 9.

The atmosphere on derivatives markets is noticeably calm as Bitcoin approaches $65,000 but like sentiment, this could change in an instant.

Current data shows practically neutral funding rates for Bitcoin, which is, per trading suite DecenTrader, a reflection of speculators licking their wounds.

Bitcoin funding rates have returned to a more neutral state after going negative at the end of last week, an X post confirmed.

Others described funding rates as still healthy after witnessing a massive reset on the way to $56,500.

Lets hope it can stay that way for a healthy next leg up, Daan Crypto Trades added.

A cursory look at the Crypto Fear and Greed Index provides potential food for thought. Along with the BTC price recovery has come a snapping back of sentiment from neutral to greed, with extreme greed just around the corner.

The Index, which is a lagging indicator, is currently at 71/100, versus just 43/100 on May 2.

$64,000 is not quite enough to allow Bitcoin to avoid a difficulty drop at the next automated readjustment on May 9.

Related:Bitcoin reaches one billion transactions

The second readjustment of the new difficulty epoch is currently predicted to see it decrease by around 1.3%, per data from monitoring resource BTC.com.

Difficulty is nonetheless at all-time highs, a feat mimicked by hash rate as miners digest Aprils block subsidy halving, raw data from MiningPoolStats confirms.

Last week, Cointelegraphreported on miners ongoing resilience, showing no signs of capitulation despite market volatility.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

Here is the original post:
Back to extreme greed past $65K? 5 things to know in Bitcoin this week - Cointelegraph

Read More..

Bitcoin opens $63K futures gap as thin liquidity threatens BTC price – Cointelegraph

Bitcoin (BTC) pushed to $64,500 on May 4 as out-of-hours trading produced fresh BTC price gains.

Data from Cointelegraph Markets Pro and TradingView confirmed new local highs of $64,522 on Bitstamp a new peak for May.

The strength that appeared on United States employment data gathered speed into the daily close, fueled by encouraging crypto market recovery signals, including the first inflows for the Grayscale Bitcoin Trust (GBTC) in nearly three months.

BTC/USD was up 5% month-to-date at the time of writing, per data from monitoring resource CoinGlass, already contrasting with Aprils 15% losses.

Had a great push into the market close yesterday, popular trader Daan Crypto Trades reacted in part of his latest coverage on X.

An accompanying chart showed a clear divergence from the latest CME Group Bitcoin futures closing price, creating a gap that BTC/USD tends to fill later on.

Despite the impressive weekend performance, some were concerned about the overall strength of the market in the absence of TradFi participation.

Keith Alan, co-founder of trading resource Material Indicators, warned that a correction could easily come thanks to thin order book liquidity.

Looking for bid liquidity to replenish to keep this rally going, he told X followers, reposting an order book chart from Material Indicators.

Summarizing his market views, meanwhile, popular trader and commentator Credible Crypto said that conditions might favor going short BTC below main resistance around $69,000.

Related:Price analysis 5/3: BTC, ETH, BNB, SOL, XRP, DOGE, TON, ADA, AVAX, SHIB

Uploading a chart to X, he forecast two possible outcomes for current BTC price action, with the current area comparatively short on liquidity.

Green path is ideal. We hold the local highs we broke above and continue up to the major resistance. This will allow me to fill shorts on a number of alts across the board. Red path is not ideal. We fail to hold this reclaim, see an early breakdown, and ideal short zones for most alts I'm eyeing up are not met, he wrote.

Credible Crypto added that long BTC positions would be of interest should BTC/USD dip below $56,000.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

Continued here:
Bitcoin opens $63K futures gap as thin liquidity threatens BTC price - Cointelegraph

Read More..

More than antivirus: What to expect from your security software – PCWorld

Antivirus is just one part of keeping your PC secure. What about backups, password storage, and software updates? Do you use a VPN? Are you monitoring the dark web for your personal data? Thats where security suites come in they bundle all the tools you might need into a convenient package. Everything is available in one place for a single payment, no juggling eight different applications with different subscription fees.

There are all kinds of features youll find in premium security suites. Well use Norton 360 Deluxe as an example here, as its our top antivirus security suite pick here at PCWorld. But all popular security suites from Avast One and AVG Internet Security to Avira Prime and McAfee Total Protection offer a variety of similar features.

Security suites frequently include dark web monitoring for details like your e-mail addresses, phone numbers, and credit cards. The dark web is a place where people can better hide their identity and be anonymous. It may involve using software like the Tor web browser and anonymous .onion sites, for example.

Given the vastly improved anonymity, theres a seedy underbelly of criminal dark web sites where databases full of e-mail addresses and passwords, payment details, and other private information are sold. The dark web scan feature will let you know if your information appears in one of these breaches. Youll be able to see what appears in various leaks.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Norton 360, like many other security suites, offers dark web scanning for your e-mail addresses as well as any phone numbers and credit card numbers you may want to provide. Youll get reports about the contents of each breach the scan finds.

You can get this kind of monitoring in a lot of places. For example, Googles Google One subscription offers dark web monitoring, too.

Premium online security suites usually include built-in VPN services. While our top-rated VPN services arent the ones built into online security applications, VPNs built into security apps work fine. A VPN is a nice to have security feature and having it built into your security app means you dont have to juggle a pile of different system tray icons. Everything is in one place.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

The VPN built into Norton 360, for example, can be configured to automatically start and protect your connection whenever you connect to a public Wi-Fi network. You can turn it on and off whenever you want on any connection and choose what region it connects to. It supports optional features like split tunneling (only sending traffic from some apps through the VPN) and a kill switch (automatically cutting off all network access when the VPN connection goes down to protect your privacy).

Dedicated VPN apps may be shinier and have more bells and whistles, but you may not need them. A capable VPN is a great additional value in a security application. You wont have to pay for a VPN subscription separately and you wont have to deal with the drawbacks of a free VPN like a limited monthly data allowance.

Everyone should use a high-quality password manager. After all, you need to use strong, unique passwords for all your accounts and unless you have a photographic memory, theres no way to remember them all.

Online security suites have bundled password managers. For example, you get Norton Password Manager with Norton 360. Like with other password managers, you can generate and autofill passwords and access them on any browser you use with Android and iPhone apps, too.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

If youre seeking out the absolute best password manager, you may want to look for a dedicated one (check out PCWorlds top password manager picks). But Nortons password manager is perfectly capable.

In fact, there are a wide variety of solid password managers these days. We even think using Google Chromes built-in password manager is fine. An online security suite that bundles a solid password manager means you dont have to pay for anything extra.

Online security suites also often bundle some cloud backup capabilities. Norton 360 Deluxe gives you 50GB of online storage so you can back up your personal files.

These built-in cloud backup tools are nice to have in a pinch. If you need to back up a lot of files, you may want a dedicated cloud backup service.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Likewise, its worth noting that if you pay for a Microsoft 365 subscription, you get 1TB of cloud storage with OneDrive and OneDrive can sync folders like your PCs Documents folder to the cloud.

Still, you only get 5GB of OneDrive storage with Windows unless you pay. That 50GB of cloud backup storage in Norton, for example, will be more than enough for many people, no extra payments required.

Windows application updates are messy. Unlike on an Android phone or iPhone, apps have to update themselves on a PC. You can easily end up with outdated applications installed and they might have security flaws.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Thats why security suites often include software updaters: Theyll scan your computer for installed software, let you know which ones have updates, and tell you how important they are for your security. They may even be able to auto-update these programs for you.

You can get features like this with other free apps, but they may be rather technical. Im a big fan of the free WingetUI tool for updating apps, for example, but it doesnt have the most user-friendly interface. Software updaters in security suites will have an easier-to-understand interface and be easy to find.

Data broker websites collect all sorts of public records on you and make them available to people who want to pay up. You can remove your data from these websites, but its a time-consuming task.

Some security suites have features that will scan for your personal information on these data broker sites and perhaps let you remove it. Norton 360, for example, has a privacy monitor feature that will scan data broker sites for your personal data and let you know where its found.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

You can then contact these sites on your own to get them to remove your data. Unfortunately, Norton charges you extra for the Privacy Monitor Assistant if you want Norton to do the legwork of removing the data on your behalf. Still, its good that Norton and other security suites are letting people know about this privacy concern data broker sites are big business, but they arent often talked about.

Security suites are increasingly bundling their own unique web browsers with their security suites. For example, Norton 360 offers Norton Private Browser. These are totally optional you can keep using Chrome, Edge, Firefox, or whatever other browser you might prefer instead.

These browsers will feel familiar to use. They tend to be based on the same open-source technology that underlies Google Chrome. They also bundle extra features: Nortons browser has Nortons password manager built-in, naturally.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Security suites also tend to offer browser extensions that warn you about dangerous websites in your browser of choice. For example, Norton has the Norton Safe Web extension for Chrome, Edge, and Firefox. Its the kind of thing thats built into Nortons own browser.

In my opinion, a dedicated web browser isnt a critical feature modern web browsers are pretty secure and you probably already have a web browser you use and trust. You can also install your security suites browser extension in whatever browser you currently use. But security-focused browsers are clearly in high demand and theyre fine if you want to use them. Theyre just customized versions of Google Chrome, after all.

Youll often find parental control features built into security suites, too. For example, Norton 360 has Norton Family built in. You can monitor what children are doing on the web, set screen time limits, and access other similar features. With the associated mobile apps, you can also keep track of a childs location (or at least the location of their phone!).

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Available parental control features will vary depending on the application you choose. Its worth doing some research to see whether the parental controls in a security suite fit your needs, or whether you may want a different tool with different features. But once again, its nice to have this thrown in: You get a useful package of software that youd often have to pay for bundled with all the other tools in your security suite of choice.

Security suites offer a lot of features. Many of them, like password managers, VPNs, and online backup, often require separate subscription fees if you go for dedicated apps.

Thats a big difference between paid premium security suites and free antivirus programs: Security suites go beyond antivirus. Free antivirus programs often stick to the basics just antivirus software and youll have to look elsewhere for any extras. Free antivirus software does the job, but paid security suites often have some nice-to-have extras.

Which you prefer is up to you. Maybe you want to seek out the best password manager, top-tier VPN, and and assemble your own security suite from parts. Go right ahead!

But its easy to see the value of a security suite in providing everything in a convenient bundle. Theres a lot of value in simplifying things and saving time. Having all those tools in one dashboard is a much cleaner experience that will be much easier for many people to understand.

Why get eight different pieces of software when you can install one to do the same job?

Read this article:
More than antivirus: What to expect from your security software - PCWorld

Read More..

Top 5 Global Cyber Security Trends of 2023, According to Google Report – TechRepublic

It is taking less time for organisations to detect attackers in their environment, a report by Mandiant Consulting, a part of Google Cloud, has found. This suggests that companies are strengthening their security posture.

The M-Trends 2024 report also highlighted that the top targeted industries of 2023 were financial services, business and professional services, tech, retail and hospitality, healthcare and government. This aligns with the fact that 52% of attackers were primarily motivated by financial gain, as these sectors often possess a wealth of sensitive and therefore valuable information.

Financially-motivated activity was found to have gone up by 8% since 2022, which is partially explained by the parallel rise in ransomware and extortion cases. The most common ways that threat actors gained access to a target network were through exploits, phishing, prior compromise and stolen credentials.

Dr Jamie Collier, Mandiant Threat Intelligence Advisor Lead for Europe, told TechRepublic in an email: Despite the focus on ransomware and extortion operations within the security community, these attacks remain effective across a range of sectors and regions. Extortion campaigns therefore remain highly profitable for cyber criminals.

As a result, many financially-motivated groups conducting other forms of cyber crime have transitioned to extortion operations in the last five years.

TechRepublic takes a deeper look into the top five cyber security trends of 2023 and expert recommendations highlighted by the 15th annual M-Trends report:

According to the M-Trends report, the median dwell time of global organisations decreased from 16 days in 2022 to 10 days in 2023 and is now at its lowest point in more than a decade. The dwell time is the amount of time attackers remain undetected within a target environment and indicates the strength of a businesss cyber posture. This figure suggests that companies are making meaningful improvements to their cyber security.

However, there could be another contributing factor; the average proportion of attacks due to ransomware increased to 23% in 2023 over 18% in 2022.

Dr. Collier explained to TechRepublic: The impact of extortion operations is immediately obvious. In the event when ransomware is deployed, a victims systems will be encrypted and rendered unusable. Alternatively, if data is stolen, a cyber criminal will quickly be in touch to extort a victim.

SEE: Top 7 Cybersecurity Threats for 2024

Organisations in the Asia-Pacific region saw the biggest reduction in median dwell time, with it decreasing by 24 days over the last year. Mandiant analysts link this to the fact that the majority of attacks detected were ransomware-related, and this majority was higher than any other region. Meanwhile, companies in Europe, the Middle East and Africa saw the average dwell time increase by two days. This is thought to be due to the regional data normalising following a concerted defensive effort by Mandiant in Ukraine in 2022.

Another proof that businesses are getting better at detecting cyber threats is that Mandiant found that 46% of compromised organisations first identified evidence of compromise internally rather than by an outside entity like a law enforcement agency or cyber security company, up from 37% in 2022.

Cyber criminals are increasingly targeting edge devices, using living off the land techniques, and deploying zero-day exploits, suggesting a renewed focus on maintaining persistence on networks for as long as possible.

Dr. Collier told TechRepublic: With network defenders increasingly on the lookout for extortion campaigns, evasive tactics increase the chances of a successful operation. Ransomware operations are far more effective when cyber criminals can reach the most sensitive and critical areas of a targets network and evasive tactics help them to achieve this.

Edge devices typically lack endpoint detection and response (EDR) capabilities, so they are solid targets for cyber criminals looking to go under the radar. In 2023, Mandiant investigators found that the first and third most targeted vulnerabilities were related to edge devices. These were:

The report authors wrote: Mandiant expects that we will continue to see targeting of edge devices and platforms that traditionally lack EDR and other security solutions due to the challenges associated with discovery and investigation of compromise. Exploitation of these devices will continue to be an attractive initial access vector for Chinese espionage groups to remain undetected and maintain persistence into target environments.

SEE: Q&A on how Dell sees security at the edge

About 20% of malware families detected by Mandiant in 2023 did not fit into a typical category, which is a higher proportion than previous years. Furthermore, 8% of attacks in this other category involved the use of remote administration tools and other utilities. These are less likely to be flagged by default by EDR, or other security tools, which can keep the attacker undetected, and are often coupled with living off the land techniques.

Living off the land is the use of legitimate, pre-installed tools and software within a target environment during a cyber attack to help evade detection. This can reduce the overall complexity of the malware by allowing the attacker to weaponize existing features that have already been security tested by the organisation. It is particularly effective with edge devices because they are typically not monitored by network defenders, allowing them to remain on the network for longer.

A recent example the Mandiant researchers spotted is a backdoor named THINCRUST, which was appended into the web framework files that were responsible for providing the API interface for FortiAnalyzer and FortiManager devices. The threat actors were able to harness the native API implementation to access and send commands to THINCRUST by simply interacting with a new endpoint URL they had added.

In 2023, Mandiant researchers tracked 97 unique zero-day vulnerabilities exploited in the wild, representing a more than 50% growth in zero-day usage over 2022. The zero-days were exploited by espionage groups and financially-motivated attackers looking to steal valuable data to turn a profit.

The reports authors anticipate the number of identified zero-day vulnerabilities and exploits that target them will continue to grow in the coming years due to a number of factors, including:

Cloud adoption is continuously growing Gartner predicts more than 50% of enterprises will use industry cloud platforms by 2028 and, therefore, more attackers are turning their attention to these environments. According to CrowdStrike, there was a 75% increase in cloud intrusions in 2023 over 2022.

Mandiant analysts say attackers are targeting weakly implemented identity management practices and credential storage to obtain legitimate credentials and circumvent multifactor authentication (MFA).

SEE: UKs NCSC Issues Warning as SVR Hackers Target Cloud Services

Mandiant observed instances where attackers gained access to cloud environments because they happened across credentials that were not stored securely. Credentials were discovered on an internet-accessible server with default configurations or had been stolen or leaked in a previous data breach and not been changed since. They also gained access using different techniques to bypass MFA, covered in more detail in the next section.

Once inside the cloud environment, the authors observed bad actors performing a number of tactics to abuse the cloud services, including:

Now that multifactor authentication has become a standard security practice in many organisations, attackers are exploring new, creative tactics to bypass it. According to Mandiant, the number of compromises against cloud-based identities configured with MFA is increasing.

In 2023, the firm observed an increase of adversary-in-the-middle (AiTM) phishing pages that steal post-authentication session tokens and allow bad actors to circumvent MFA. In an AiTM campaign, attackers set up a proxy server that captures a users credentials, MFA codes and session tokens issued by the logon portal while relaying the connection to the legitimate server.

SEE: New phishing and business email compromise campaigns increase in complexity, bypass MFA

The majority of business email compromise cases Mandiant responded to in 2023 involved the threat actor circumventing the users MFA via AiTM. In the past, the relative complexity of setting up AiTM phishing infrastructure compared to traditional credential harvesting forms may have kept the number of these attacks low. However, there are now a number of AiTM kits and phishing-as-a-service offerings advertised in the cybercriminal underground, according to Mandiant. These products significantly lower the barrier to entry for AiTM phishing, resulting in an uptick.

Other techniques the Mandiant researchers observed attackers using to bypass MFA include:

Red teams consist of cyber security analysts who plan and execute attacks against organisations for the purposes of identifying weaknesses. In 2023, Mandiant consultants used generative AI tools to speed up certain activities in red team assessments, including:

Dr. Collier told TechRepublic: The role of AI in red teaming is highly iterative with a lot of back and forth between large language models (LLMs) and a human expert. This highlights the unique contribution of both.

AI is often well suited for repetitive tasks or fetching information. Yet, having red team consultants that understand the trade craft and possess the skills to apply context provided by LLMs in practical situations is even more important.

AI was also used in Mandiants purple team engagements, where analysts must become familiar with a clients environment from the perspective of an attacker and defender to foster collaboration between red and blue teams. Generative AI was used to help them understand the customers platform and its security more quickly.

SEE: HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking

In the report, the authors speculated on how cyber security analysts could use AI in the future. Red teams generate a substantial amount of data that could be used to train models tuned to help secure customer environments. However, AI developers will also have to find novel ways to ensure models have appropriate guardrails in place while simultaneously allowing for the legitimate use of malicious activity by red teams.

The combination of red team expertise and powerful AI leads could result in a future where red teams are considerably more effective, and organisations are better able to stay ahead of the risk posed by motivated attackers, the authors wrote.

The metrics reported in M-Trends 2024 are based on Mandiant Consulting investigations of targeted attack activity conducted between January 1, 2023 and December 31, 2023.

See original here:
Top 5 Global Cyber Security Trends of 2023, According to Google Report - TechRepublic

Read More..

SANS Institute to Empower Cyber Professionals in the Middle East at SANS Dubai May 2024 – Global Security Mag

SANS Institute to Empower Cyber Professionals in the Middle East at SANS Dubai May 2024

SANS Institute has announced SANS Dubai May 2024 from 11-16 May at the Hilton Dubai, Palm Jumeirah. The course is expertly designed to equip cyber professionals with the skills needed to identify, counter, and prevent emerging cybersecurity threats, particularly those security professionals interested in expanding their knowledge of Red Team engagements and security control requirements.

Recent high-profile cyberattacks indicate that offensive attacks are bypassing defensive strategies, and cybersecurity experts, auditors, engineers and compliance officers are actively seeking practical solutions to protect their systems and data. In line with this, the UAE is witnessing a surge in demand for cybersecurity professionals with the necessary skills, with market projections indicating substantial growth from $0.52 billion in 2023 to an anticipated $0.95 billion by 2028.

SANS Dubai May 2024 offers two specialized courses through both in-person training and simultaneous live online sessions: the newly-launched SEC565: Red Team Operations and Adversary Emulation, and SEC566: Implementing and Auditing CIS Controls.

SEC565 will teach students how to develop and improve Red Team operations for security controls through adversary emulation, cyber threat intelligence, Red Team tradecraft, and engagement planning, ultimately improving the overall security posture of the organization.

In SEC566, students will learn how an organization can defend its information by using a vetted cybersecurity control standard, specifically how to implement, manage, and assess security control requirements defined by the Center for Internet Securitys (CIS) Controls across an organizations complex networks, including cloud assets.

"As threats advance and become more sophisticated, organizations in the Middle East must proactively assess their security measures. Mastering offensive security techniques is necessary today, and thats where the SANS Institute comes in, says Ned Baltagi, Managing Director Middle East, Turkey and Africa, SANS Institute. By leveraging threat intelligence and emulating real-world environments, we teach professionals how red teams provide invaluable insights into an organizations vulnerabilities by identifying weaknesses, enhancing defense strategies, and strengthening incident response capabilities.

Moreover, understanding what to do when addressing threats can be overwhelming when organizations must meet various compliance and framework requirements. We aim to teach professionals how to defend their information systems by the implementation of foundational safeguards, measure control implementation and effectiveness, then report back to leadership at each level."

On May 13, 2024, SANS will also hold a Community Night session on How to Prevent Social Engineering based on Successful Red Team Exercises. Organizations spend a large amount of effort to lock down their technology and the associated process to prevent intrusions, but many times breaches end up happening due to the human factor. David Mayer, Principal Instructor at SANS Institute will present successful social engineering campaigns and provide tips on how companies can train their employees to prevent social engineering from being successful.

For more information and to register for SANS Dubai May 2024 in person or online, please click here. To register for SANS Dubai May 2024 Community Night, please visit: https://www.sans.org/mlp/community-night-dubai-may-2024/

Read the original here:
SANS Institute to Empower Cyber Professionals in the Middle East at SANS Dubai May 2024 - Global Security Mag

Read More..

4 fast, easy ways to strengthen your security on World Password Day – PCWorld

Many arbitrary holidays litter our calendars (ahem, Tin Can Day), but World Password Day is one fully supported by the PCWorld staff. Were all for ditching weak passwords especially when strengthening your security takes only a little effort.

Follow these four easy suggestions and youll thank yourself for years to come. Not only will data breaches and hackers stop being immediate threats, but you wont have to scramble to remember a collection of user name and passwords. Thats especially true if you opt for a newer form of account protection thats simpler to use than passwords.

Trust us, you want to safeguard yourself. Data breaches are common these days, and as Bitwardens latest survey results indicate, a concerning number of people still reuse passwords (31 percent in the U.S. do so for 11 to 20+ sites!). And with so many data leaks, its getting easier and easier for hackers to not just know your passwords, but figure out the personal info you might use in a password another prevailing bad habit (42 percent in the U.S.). Yikes.

Password managers make better account security so easy. You only have to memorize one strong password to safeguard nearly all your other login info. (Heres how to come up with a good master password.)

You shouldnt have an issue finding a password manager that suits you, either its perfectly normal to have reservations about them, but there are so many options out there. Want something that integrates seamlessly with your phone or browser? Google, Apple, and Firefoxs password managers are basic but solid. Hate the idea of all your passwords sitting in the cloud? Try KeePass or one of its variants. Need support for advanced two-factor authentication methods, like a YubiKey? Many paid services include it. Password managers now also generally support passkeys, a simpler yet more secure method of account protection.

Paying for a good solution isnt always necessary either, as youll see when going over our lists of the best paid password managers and the best free password managers. The kinds of features that unlock when paying for services are helpful indeed, especially if youre using multiple devices or want to secure passwords for multiple people, but theyre not absolutely vital otherwise. That said, our go-to solution Dashlane makes managing passwords dead simple and only costs $33 per year, or $2.75 per month. Its money well spent for the added security (and the extra polish).

And dont worry if you try one service and dont like it. Exporting and importing password databases is simple.

Companies like Terahash can combine several hundred GPUs to crack short passwordsinstantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.

Companies like Terahash can combine several hundred GPUs to crack short passwordsinstantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.

Terahash / Twitter

Companies like Terahash can combine several hundred GPUs to crack short passwordsinstantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.

Terahash / Twitter

Terahash / Twitter

Even websites that barely register in your memory deserve a strong, unique password. If youve left behind traces of personal information or financial information, like stored credit card info unauthorized access to your account could lead to future headaches.

Normally, remembering a strong, random, and unique password for every place you visit on the internet would be a pain in the rear. Everything requires a login these days. But with a password manager (which of course youve just set up!), you no longer have that responsibility. So long as you have the browser extension (or app installed on your phone), you can let it choose a password for you. Just tell it how many characters in length and what mix of them. (Security experts currently recommend 24 characters in length, randomly generated with numbers, letters, and special characters; you can also opt for a similarly long passphrase for things you need to manually type.) The fun part is that because you dont have to memorize each password yourself, long and complex strings arent a hassle.

If you want to really level up your login security, you can also use strong, unique user names, too. With a password manager tracking everything, being randominternetuser13960 on one site, ithurtstomove4582 on another, and pizzacoma2259 on a third is a cinch. Have to use an email address for your login? Gmail and some other email providers let you create aliases by adding a plus sign (+) and phrase after your account name. So for example, you could use emailaddress+likesbooks@gmail.com to distinguish that particular site. Or better yet, you can wholesale upgrade to email masks for true anonymity.

Apple

Apple

Apple

We hate to say it, but these days, strong passwords alone arent enough to ward off threats. Data breaches happen, and so do moments of being caught off-guard by phishing attempts.

Two-factor authentication adds another layer to your login process. Instead of having immediate access to your account upon entering your user name and password, youll have to pass another security check before access is granted. (You can read more about how 2FA works in our explainer, which also gives more details on the common forms available.)

Like using a password manager, two-factor authentication doesnt have to be a cumbersome addition to your login process. Apps like Authy, Aegis, and Ravio make accessing your 2FA codes on multiple devices simple, and support easy security measures like biometric authentication to protect those codes from prying eyes.

We of course recommend enabling two-factor authentication on as many accounts as possible, but at minimum, do it for major accounts like email and financial services places with info that could wreak havoc on your life if someone else got unauthorized access. Also consider protecting your Amazon, social media, Steam, and work accounts (and their info ripe for use in social engineering) in this way, too.

For sites that dont have two-factor authentication which sadly includes a large number of e-commerce sites you can help limit damage from unauthorized account access by not leaving your credit card information and address on file.

Google

Google

Google

This newer form of account authentication has been spreading steadily since last year, and just in time, too. Passkeys cut out a lot of the hassle of using passwords while also providing strong security out the gate a quality of life upgrade sorely needed as online security gets more complex.

You just need a device like a phone, tablet, or even your PC to serve as an authenticator. Itll be registered to your account when you generate the passkey. Afterward, youll get prompts on the device to authorize logins, which youll approve using face identification, a fingerprint, or a PIN. Its incredibly simple, and more importantly, passkeys are more resistant to the current effects of data breaches. Because they are an asymmetrical form of encryption, a hacker cant guess at your passkey based on the compromised websites encrypted login data. Only you have the other part of the puzzle, and its a different kind of piece than the part saved to your website account.

You can also use a password manager to store passkeys, though theyre currently a bit less secure than using a physical device.

You can read more about passkeys in our coverage of Googles recent launch of passkey support for its accounts (as well as in Googles own excellent overview of the topic), but basically, this is the cutting-edge of online security. A passkey eliminates the hassles of passwords, along with the pressing need for two-factor authentication, and should make protecting your accounts much easier. Good websites support both passwords and passkeys so you can still have a password + 2FA combo as an alternate method to login (just in case you lose your device with stored passkeys), but use your passkey day-to-day with less hassle.

All set up with your password manager and two-factor authentication, and feeling primed to go even further? Learning more of the ins and outs of your password manager will help integrate it into your life even more seamlessly. Installing your services companion smartphone app and browser extension is just a starting point check out our guide on how to make most of your password manager for more tips. You can also have a look at our story about 5 easy tasks that supercharge your security. If youve followed this articles advice, youre already more than halfway there!

Here is the original post:
4 fast, easy ways to strengthen your security on World Password Day - PCWorld

Read More..

Saints secure with signing of NordVPN – St Kilda FC

St Kilda Football Club is pleased to welcome leading cybersecurity company NordVPN as an official partner.

By saints.com.au

2 days ago

St Kilda Football Club is pleased to welcome leading cybersecurity company NordVPN as an official partner.

The worlds most advanced VPN service provider, NordVPN is used by millions of internet users across the globe.

Were excited to enter this partnership with NordVPN, EGM Commercial and Consumer Chris Larkins said.

We know how much our fans enjoy connecting with the club online, so were excited to partner with NordVPN to help ensure their safety as they do so.

The partnership will aim to educate Saints fans on the potential risks of using unsecured networks to ensure privacy and safety online.

NordVPN Head of PR Laura Tyrylyt said the software not only allows users to stay private online, but also protects them from malware and trackers, as well as screening the dark web to see if other online service providers have leaked accounts associated with users email addresses.

Strong defence is crucial not only on the football field but also in our activities online, thus were honoured to establish our partnership with St Kilda Football Club NordVPN Head of PR Laura Tyrylyt said.

We are sure this partnership will bring more awareness about cybersecurity and online privacy to football fans. Were looking forward to providing them with robust internet security solutions across their devices.

NordVPN is currently running a 75% off sale, including a 30-day money-back guarantee for new customers. In addition, St Kilda members are eligible to an extra month of NordVPN subscription for free.

To learn more about NordVPN or to access the St Kilda member exclusive deal click here.

The rest is here:
Saints secure with signing of NordVPN - St Kilda FC

Read More..

AIOZ, BNB and TON – Altcoins with Potential for New All-Time Highs in May – CCN.com

Key Takeaways

April was a bearish month for the crypto market. Bitcoin and the majority of cryptocurrencies were subject to significant declines. In the case of Bitcoin, the price reached its bottom on April 30, a 20% decrease relative to the price on April 1.

However, May started out in a positive note, leading to a significant bounce in its first week. AIOZ, BNB and TON have been some of the biggest altcoin gainers and are approaching their all-time high prices. Which will be the first to reach it?

The AIOZ price started a rapid rise in November 2023, increasing by 1,675% in less than a month. This was likely the first wave in a five-wave upward movement (white). Afterward, the decrease under a descending resistance trend line was part of the corrective wave two, which ended in February 2024.

A similar but more gradual upward movement marked the completion of wave three between February and March, followed by another correction under a different descending resistance trend line.

AIOZ is in the process of breaking out from this trend line. If history repeats, this will mark the beginning of wave five.

Elliott Wave rules state that wave three cannot be the shortest out of waves one, three and five. Since wave three is already shorter than wave one, it cannot also be shorter than wave five. As a result, the upward trend can continue to a maximum of $5.44. A more likely level is at either $3.43 or $3.58, giving wave five 0.382/0.618 times the length of wave three.

Since the AIOZ all-time high is at $1.20, both these targets would lead to new highs.

Despite the bullish AIOZ price prediction, a close below the resistance trend line will invalidate the breakout. This will indicate the wave four correction is still ongoing.

Similarly to AIOZ, the BNB price has likely begun the fifth and final wave of its increase. However, unlike AIOZ, wave three has been the longest and sharpest for BNB. In contrast, wave one was much more gradual and followed by a long correction.

Since the end of wave three in March, BNB has traded inside a symmetrical triangle, which is the most common pattern for wave four. The price is approaching the triangles endpoint, so a decisive movement outside of it is likely in the near future.

If wave five has the same length as wave one, the BNB price will reach its top at $756. This would be an increase of 30%, well above the all-time high of $669. Conversely, breaking down from the triangle will mean that the wave four correction is still ongoing. In that case, BNB could fall to the next closest support at $440.

Unlike the other two altcoins, TON reached its all-time high in March 2024. After an A-B-C correction (black), TON completed wave four on May 1, bouncing at the 0.382 Fibonacci retracement support level.

The price has increased since and is breaking out from a descending resistance trend line.

During the bounce, the RSI moved increased above 50 (green circle) and the MACD moved into positive territory. Both are signs associated with bullish trends.

A potential target for the top of wave five is at $9.50, created by the 1.61 external retracement of wave four.

Despite this bullish TON price prediction, falling below the resistance trend line will mean wave four is still ongoing. Then, TON could decline toward $4 before completing its correction.

To conclude, all three of AIOZ, BNB and TON are likely to reach all-time highs in May or June. Given its close proximity to its peak and the potential for rapid acceleration upon a breakout, BNB is the most likely candidate to reach its all-time high first.

Was this Article helpful? Yes No

Visit link:
AIOZ, BNB and TON - Altcoins with Potential for New All-Time Highs in May - CCN.com

Read More..