By Waqas
Pinduoduo has confirmed the incident, but denied the presence of malware in its app.
This is a post from HackRead.com Read the original post: Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

****The company has criticized the cherry-picking of its app, arguing that other apps have been suspended at the same time and it’s not fair to single out their app.****

Google has temporarily suspended Pinduoduo, a leading Chinese budget shopping app, from its Play Store due to the discovery of malware in certain versions of the app.

The news of Pinduoduo’s ban came just a couple of weeks after Shein, another Chinese shopping giant, was caught copying clipboard content on Android phones of users who were using its older version.

In a statement issued on Tuesday, Google stated that it found malware in some versions of the app that were not available on the Play Store. The company has enforced Google Play Protect, which scans installed Android phone apps for malicious behaviour, on these allegedly harmful apps.

Google has set the Play Protect enforcement to block the installation of these apps and prompt users to uninstall them if they have already downloaded them to their devices.

Pinduoduo has confirmed that it is in communication with Google for further information, and it has also stated that several other apps have been suspended at the same time. Pinduoduo has over 900 million users and is one of China’s most popular e-commerce platforms.

Pinduoduo made a name for itself with its group-buying business model, which allowed users to save money by pooling together and buying items in bulk.

The app’s US-listed parent company, PDD, launched Temu, an online shopping platform in the United States last year, which has quickly become the most downloaded app in the US for both iOS and Android.

The app has been downloaded 24 million times since its launch in September and has more than 11 million monthly active users.

At the time of publication, the Pinduoduo app was unavailable on the Play Store. (Screenshot: Hackread.com)

In a statement, Pinduoduo said that “we strongly reject the speculation and accusation by some anonymous researcher and non-conclusive response from Google that Pinduoduo app is malicious.”

Malware refers to any software developed to steal data or damage computer systems and mobile devices. When hidden in apps, it can be used to gain unauthorized access to information on a user’s phone.

Google has not mentioned Temu in its statement, and the app is still available to download on the Play Store. Pinduoduo has strongly rejected the accusations of malicious activity and speculation surrounding the suspension of its app.

1.  Google removes ClearURLs Chrome extension
2.  Google Ads drop FatalRAT in fake messenger apps
3.  Apple removes Clearview AI iPhone app from Store
4.  Zombinder Lets Hackers Add Malware to Legit Apps
5.  Google bans Avast security extensions over snooping

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

By Waqas
Microsoft has stated that they are aware of the issue and are investigating, adding that they will take action to help keep customers protected.
This is a post from HackRead.com Read the original post: Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure

****The vulnerability could potentially be used to access sensitive information by others.****

New research has revealed that Microsoft’s Snipping Tool for Windows 11 and the Snip & Sketch tool in Windows 10 has a vulnerability that could allow sensitive information to be accessed by others.

The vulnerability was discovered by David Buchanan, who found that if a screenshot was taken, saved and then cropped and saved again, the data may still be available in the file, and with a few “minor changes” the information could be accessed.

While the vulnerability appears to be somewhat limited, Buchanan warns that information people thought they had deleted may still be floating around on the internet.

> – Take a screenshot.  
> – Press the save icon.  
> – Crop the screenshot.  
> – Press the save icon and save to the same file (the default!)
> 
> — David Buchanan (@David3141593) March 21, 2023

This discovery comes on the heels of a previous report by Buchanan and researcher Simon Aarons about the “acropalypse” vulnerability for Pixels, which highlighted the risk of sensitive information being left intact in images created using the tool.

Microsoft has stated that they are aware of the issue and are investigating, adding that they will take action to help keep customers protected.

1.  Fake Windows 11 Downloads Drop Vidar Malware
2.  9-year-old Windows flaw drops ZLoader malware
3.  Chinese Hackers Hiding Malware in Windows Logo
4.  QBot Exploits Windows Calculator to Hack Devices
5.  Software bug lets one gain admin rights on Windows

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure

By ghostadmin
Ferrari, the renowned Italian luxury car manufacturer, suffered a cyber incident that compromised the company’s client data. According…
This is a post from HackRead.com Read the original post: Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom

Ferrari, the renowned Italian luxury car manufacturer, suffered a cyber incident that compromised the company’s client data. According to a statement released by Ferrari, the incident resulted in unauthorized access to certain company systems.

The company has not disclosed the exact nature of the attack, but it has confirmed that it involved a ransomware attack.

“Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details,” the statement said.

**More Context**

1.  Ferrari Subdomain Hacked to Host NFT Scam
2.  Automotive Industry Have Major API Vulnerabilities
3.  Denso ransomware attack – Pandora gang steals data

The cyber incident is a significant blow to Ferrari’s reputation, given the company’s image as a symbol of luxury and exclusivity. The company has always prided itself on its attention to detail and its commitment to excellence, but this incident suggests that it may have been vulnerable to cyber threats.

Ferrari has not disclosed the extent of the data breach, but it has confirmed that some of its data was stolen by hackers. The company has also revealed that it was asked to pay a ransom to the hackers to prevent the stolen data from being made public. However, it made its stance clear in the refusal to pay the ransom. The amount of the ransom demanded has not been disclosed. 

“As a policy, Ferrari will not be held to ransom, as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the company said.

“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident,” Ferrari said.

The incident underscores the importance of cybersecurity for all businesses, regardless of their industry or size. Even companies as prestigious as Ferrari are not immune to cyber threats, and they must take proactive steps to protect themselves against cyber attacks.

Ferrari has said that it is cooperating with law enforcement agencies to investigate the incident and has also engaged a third-party cybersecurity firm to help bolster its defences against future cyber threats. The company has also pledged to take all necessary measures to protect its customers’ and stakeholders’ data. It further confirmed that the breach did not affect the operational functions of the company.

The incident should serve as a wake-up call for other companies to take cybersecurity seriously and to invest in robust cybersecurity measures. Cyber threats are an ever-present danger in today’s interconnected world, and businesses must remain vigilant and proactive to protect themselves and their customers from cybercriminals.

In conclusion, the cyber incident at Ferrari is a reminder that no company is immune to cyber threats. Ferrari’s response to the incident demonstrates the importance of transparency and accountability in the face of a cyber attack. It also highlights the need for all businesses to prioritize cybersecurity and invest in comprehensive cybersecurity measures to protect themselves and their customers.

1.  PGA Golf Championship hit with Bitcoin ransomware
2.  Hackers show US Police Dept Vehicles can be hacked
3.  LockBit Ransomware Data Breach at SpaceX Contractor

Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom

By Habiba Rashid
Are you wondering why your ChatGPT conversation history has been unavailable since yesterday? Well, here is why!
This is a post from HackRead.com Read the original post: ChatGPT Bug Exposes Conversation History Titles

****A ChatGPT user on Reddit first reported the bug after noticing Chinese language characters in the title of their conversation history.****

Recently, a major bug has been affecting ChatGPT, the language model trained by OpenAI, which resulted in the exposure of conversation histories and caused a temporary outage.

This bug has raised concerns over users’ privacy as some users were able to see other people’s conversation histories. Although the issue was first reported on Reddit by a user who suspected that their account was hacked, it turned out that the bug was responsible for the display of Chinese text in the sidebar.

“I never had these conversations, Reddit user

After the news spread, other users on Twitter also claimed to have seen someone else’s chat histories on their accounts.

Many users criticized ChatGPT for the exposure of conversation histories, calling it a severe violation of user privacy. However, it is important to note that the bug only leaked conversation titles and not the full histories.

Following the incident, ChatGPT temporarily disabled its chat service on Monday to investigate and fix the bug. The chat sidebar now states that the history feature is temporarily unavailable and will be restored as soon as possible.

This ChatGPT bug that exposed conversation histories highlights the need for robust privacy and security measures in online communication platforms. It serves as a reminder of the vulnerability of online communication and the importance of keeping sensitive information secure.

1.  ChatGPT Clone Apps Collecting Data on iOS, Play Store
2.  Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware
3.  Alert: Scammers Pose as ChatGPT in New Phishing Scam
4.  Polymorphic Blackmamba malware created with ChatGPT
5.  Russian Hackers Eager to Bypass Restrictions in ChatGPT

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

ChatGPT Bug Exposes Conversation History Titles

By Waqas
One of the Breach Forums administrators who goes by the alias Baphomet has decided to shut down the forum permanently.
This is a post from HackRead.com Read the original post: Breach Forums to Remain Offline Permanently

****The decision to shut down the Breach Forums came after the admin noticed someone had logged into an old forum CDN server on March 19th, 1:34 EST, 2023, indicating that federal authorities had access to Fitzpatrick’s devices.****

Hackread.com has learned that the infamous hacker and cybercrime forum Breach Forums has been permanently shut down. On March 18th, 2023, it was reported that Conor Brian Fitzpatrick (aka Pompompurin, aka Pom), the owner, founder, and administrator of Breach Forums, was arrested in New York.

The question regarding the forum’s future after Fitzpatrick’s arrest was echoed across different forums, with speculations about whether the forum would be seized by authorities, like its predecessor forum Raid Forums.

The day the news of Fitzpatrick’s arrest surfaced, one of its administrators, who goes by the alias Baphomet, claimed responsibility for taking over the forum to keep it running and protect it from being seized. They also claimed to have cut all of Fitzpatrick’s access to the forum.

However, in a statement made on the official Telegram channel of Breach Forums earlier today, Baphomet has announced the permanent shutdown of the forum. In a statement, Baphomet apologized to forum users for any inconvenience and emphasized that their decision was made for the betterment and safety of everyone.

It is worth noting that Baphomet plans to start a new Breach Forums-like community in the near future. However, for now, all forum domains will be redirected to a website owned by Baphomet.

**Reason for Sudden Shutdown**

The initial plan of administrator Baphomet was to keep Breach Forums online, but what changed their mind? In a statement, the administrator explained that the decision to shut down the forum came after they noticed someone had logged into an old forum CDN server on March 19th at 1:34 EST, 2023, which indicated that federal authorities had access to Fitzpatrick’s devices.

Baphomet stated that running a forum with the fear of law enforcement access would be risky, and the best solution for everyone’s safety was to permanently shut it down. Here’s what Baphomet had to say:

    This will be my final update on Breached, as I've decided to shut it down. I'm aware this news will not please anyone, but it's the only safe decision now that I've confirmed that the glowies likely have access to Pom's machine.
    
    As I said early on in all of this, anything related to production Breached infrastructure was locked down immediately - however I was kind enough to leave a few old, non-essential servers completely unchanged. One of those servers I left unchanged is an old CDN from months ago that no longer hosts any CDN files or configs but rather was used to just download large files from time to time.
    
    Throughout the migration I checked to see if anything was going on that would cause concern during the migration. One of the servers checked was the old CDN server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server. 
    
    Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I'm put into a position where nothing can be assumed safe, whether it is our configs, source code, or information about our users - the list is endless. This means that I can't confirm the forum is safe, which has been a major goal from the start of this shitshow.
    
    As for what this means now, It's complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around. I will redirect all the Breached domains to my baph.is domain. The Telegram group and channel will remain up for now, but I will make a new Telegram group for those interested in seeing what I have planned next. I will always be willing to sign a message to prove my identity to the community.
    
    While the community of Breached will die, I'm going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I'm hoping to work with some of those people to build a new community, that will have the best features of Breached while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.
    
    I'll be taking 24 hours from the sharing of this message to just rest and think. I'll be back online to talk with everyone, and we'll go from there. The domains for the time being shouldn't be seized, but I'll let the community know if any of that happens.
    
    For now - see you, space cowboy.
    
    Baphomet

**What’s Next?**

Although the shutdown of Breach Forums is seen as a positive initiative, for investigators, cybersecurity journalists, and researchers, it may become a rabbit hole. With no reliable community to turn to, cybercriminals could move to Russian-language forums to dump stolen databases, which is a bigger and larger-scale threat to unsuspecting users and organizations.

It is worth noting that Russian hacker forums are already forming alliances with Chinese-speaking hacker groups, which could eventually become a perfect recipe for disaster for adversaries on the opposite side.

1.  WT1SHOP Cybercrime Market Seized
2.  SSNDOB Cybercrime Marketplace Seized
3.  World’s largest private torrent site Filelist seized
4.  Hive ransomware disrupted; servers, site Seized
5.  NetWire malware site, server seized, admin arrested

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Breach Forums to Remain Offline Permanently

By Habiba Rashid
The company has disclosed the wallet addresses and three IP addresses used by the attacker in the hack.
This is a post from HackRead.com Read the original post: Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft

****The hacker was able to download usernames, access password hashes, turn off two-factor authentication, and send funds from hot wallets.****

On March 17th, 2023, General Bytes, a major manufacturer of cryptocurrency automated teller machines (ATMs), experienced a security incident that resulted in the theft of over $1.5 million worth of Bitcoin. The incident was first reported by General Bytes on their official Twitter account on March 18th.

On Saturday, the company explained, “We released a statement urging customers to take immediate action to protect their personal information. We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin.”

According to the company’s security bulletin, an attacker was able to remotely upload a Java application using the master service interface, which allowed access to BATM user privileges, the database, and API keys used to access funds in hot wallets and exchanges.

As a result, the hacker was able to download usernames, access password hashes, turn off two-factor authentication, and send funds from hot wallets.

General Bytes has produced 9,505 ATM machines globally, thousands of which are located in the US. However, following the attack, all US operators using General Bytes machines were shut down, and the servers will have to be rebuilt from scratch.

General Bytes is reportedly transitioning crypto ATM operators to self-hosted servers after discontinuing its cloud service. This process can be time-consuming, and it is likely that some operators will be offline for an extended period.

The hacker was able to steal 56.28 bitcoin, worth around $1.5 million, and liquidated other cryptocurrencies, including ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The bitcoin address holding the stolen funds has not moved since March 18, and some digital currencies were transferred to different locations, including a decentralized exchange platform.

The company has disclosed the wallet addresses and three IP addresses used by the attacker in the hack. However, some sources have indicated that the company’s full node is secure enough to prevent unauthorized access to funds.

If you or someone you know has been affected by this incident, follow the solution detailed in General Bytes’ security bulletin, which can also be found below:

A user on Twitter speculated similar sentiments stating that it is likely that the attack was conducted by an individual familiar with the cryptocurrency ATM industry.

“This was made by somebody that knows the system very well, a crypto ATM company/ rogue employee that owns GB ATMs. Is not like the hacker go with a USB stick and plugs it into the ATM and uploads the attack,” they said.

Nonetheless, the breach highlights the need for increased security measures in the cryptocurrency industry to prevent future attacks.

1.  ATMJackpot Malware Stealing Cash From ATMs
2.  OpenSea flaw allowed crypto theft with malicious NFTs
3.  You can now buy ATM malware on Dark Web for $5000
4.  Access:7 Supply Chain Flaws Impact ATMs, IoT devices
5.  ATM bombing suspect blew himself while filming tutorial

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft

By Owais Sultan
Revolutionizing Business Operations with Innovative Software Solutions: How Technology is Reshaping the Business Landscape. Starting a business is…
This is a post from HackRead.com Read the original post: Technology and Software Redefine Business Operations

****Revolutionizing Business Operations with Innovative Software Solutions: How Technology is Reshaping the Business Landscape.****

  
Starting a business is something that can come with certain preconceptions. While these preconceptions may occasionally help you (gut feeling should be considered), they can also blind you to elements, and because you weren’t expecting to encounter them, they can have a serious impact on your new business.

Prejudging the steps of starting a business is the equivalent of taking a lax or half-hearted approach to your business. Instead, you want to incorporate a more widespread and thorough understanding into your business plan, as this can make you as prepared and informed as possible, which can only be positive.

However, there are so many possibilities in the entrepreneurial world that it can be easy to place some of them on the backburner compared to more seemingly pressing priorities. To give a helping hand, make sure not to forget about these 3 things. 

**Compliance**

There will always be standards, usually established by the government, that you will need to be compliant with, and these are going to change how you run your business in often crucial ways. Sometimes, this might be something such as health and safety, which can become a routine concern for those in the hospitality industry.

For businesses that aim to be more technologically focused, though, it might be about SOX compliance, which can lead you to software solutions that can help you to meet it. It’s easy to think when starting out that you have total freedom in how you run your business, but limitations such as this can restrict your movements somewhat.

**Insurance**

  
Additionally, when you’re making your business plan, and you’re thinking about how you’re going to spend the income that you’re predicting to make early on, it’s important that you consider absolutely everything that you need.

Insurance is always frustrating in this regard, as it can feel like preparing for something that might never come. If the event in question does occur, though, you’ll be more than glad to have business insurance, and it’s often a legal requirement besides.

Tallying up unexpected costs can be disheartening and cost a lot more than if you had just paid the insurance fee in the first place. Therefore, thoroughly understand everything you need to pay to make your business plan as comprehensive as possible and prevent you from getting caught off-guard by something you left off the list down the road. 

**Tax**

  
The way that you pay tax as a business is going to function differently from what you’re used to, and that is easy to forget or simply not think about as being a problem. As an individual who registers as self-employed, you might technically be categorized as a business entity and know your way around tax, but the kind of money that you’re dealing with for your business, and the type of business you are, could see you handling more tax tasks than you envisioned.

Business tax in itself could refer to any number of different types of tax, which can make this a slightly overwhelming topic to dive into. Don’t forget about this or ignore it. You might find that they don’t all apply to you right off the bat, but going through it, maybe even with financial assistance, could once again put you in a prepared and informed position for your business. 

1.  Businesses Need to Focus More on Cybersecurity
2.  How to choose secure software for your business
3.  Find Trustworthy Tools and Software for Business
4.  Top learning management system (LMS) software
5.  What are the benefits of having ‘pandemic’ software

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Technology and Software Redefine Business Operations

By Deeba Ahmed
Researchers suspect that the malware may be operated by Russian-speaking groups, given the references to the language in its code.
This is a post from HackRead.com Read the original post: DotRunpeX: The Malware That Infects Systems with Multiple Families

****Currently, **DotRunpeX malware**** **appears to be primarily distributed through phishing emails and malicious Google Ads, presenting a significant threat to users’ systems.****

A new malware that distributes multiple known malware families, including Agent Tesla, FormBook, Ave Maria, NetWire, LokiBot, Raccoon Stealer, Remcos, RedLine Stealer, Vidar, and Rhadamanthys, has been discovered by Checkpoint researchers.

Dubbed DotRunpeX, the malware is a new injector written in .NET, created using the Process Hollowing technique, and used to infect systems with different malware families.

The researchers noted that DotRunpeX is being actively developed. Its infection chain invades the system as a second-stage malware, usually deployed via a downloader or loader delivered via malicious attachments in phishing emails.

Additionally, it can leverage malicious Google Ads that appear in search results to direct unsuspecting users when they search for commonly used software such as LastPass and AnyDesk and send them to copycat sites delivering trojanized installers.

A malicious Google Ad and phishing email that drop the malware (Image: Check Point)

Though the injector is fairly new, there are several similarities it shares with its previous versions. For example, the injector’s name is derived from its version information, which is the same for both versions across all samples the researchers analyzed. They also noted that it contained ProductName – RunpeX.Stub.Framework.

Their analysis revealed that each malware sample had an embedded payload of a specific malware family to be injected, which becomes possible by abusing the vulnerable procexp.sys process explorer driver incorporated into the malware for obtaining kernel mode execution.

They analyzed publicly shared data by independent researchers regarding DotRunpeX but learned that the malware was misattributed to a well-known malware family. Furthermore, they learned that the first-stage loader and the second-stage loader had no connection.

The most recent activity of DotRunpeX was detected in October 2022. It was noticed that using the KoiVM virtualizing protector adds an extra obfuscation layer. These findings were somewhat similar to a malvertising campaign discovered by SentinelOne in February 2023. In that instance, the loader and injector components were referred to as MalVirt.

Researchers suspect that the malware may be operated by Russian-speaking groups, given the references to the language in its code.

1.  New YTStealer Malware is Hijacking YouTube Channels
2.  YouTube Tutorial Videos Spread Vidar, Raccoon Malware
3.  Adsense abused: 11,000 sites hacked in a backdoor attack
4.  Google Drive behind most malicious Office doc downloads
5.  Google Ads drop FatalRAT in fake messenger, browser apps

DotRunpeX: The Malware That Infects Systems with Multiple Families

By Deeba Ahmed
HinataBot can launch Distributed Denial of Service (DDoS) attacks reaching 3.3 TBPS. 
This is a post from HackRead.com Read the original post: Threat Actors Using Go-based HinataBot to launch DDoS Attacks

****The botnet is based on the Mirai botnet, and since it is actively updated, the new versions have additional features like functional improvements and anti-analysis.****

Akamai’s Security Intelligence Response Team (SIRT) cybersecurity researchers have discovered a brand-new botnet, dubbed HinataBot. This botnet can launch DDoS attacks of up to several terabytes in volume. Its distribution started earlier in 2023 and is still ongoing.

**New Botnet can Launch DDoS Attacks of 3.3 TBPS**

Akamai’s research report read that HinataBot can launch Distributed Denial of Service (DDoS) attacks reaching 3.3 TBPS. It is a Go-based botnet named after a character from the famous anime series, Naruto. While researching, Akamai’s honeypots detected this botnet as it tried to exploit old vulnerabilities, including CVE-2017-17215 and CVE-2014-8361.

The flaws impact Realtek SDS, Hadoop Yarn servers, and Huawei routers. To exploit these flaws, attackers use brute force, RCE payloads, and infection scripts. HinataBot evidence was found in Akamai’s SSH and HTTP honeypots, but researchers believe malware authors are actively updating it.

**What Makes Hinata Different?**

The researchers imitated the attackers’ C2 server with a range of reverse engineering techniques and simulated attacks to get a deeper understanding of the malware functionalities and its unique attributes. They learned that previously DDoS flooding attacks were launched over multiple protocols.

But, the recently discovered HinataBot uses only HTTP and UDP flooding techniques. Attackers exploit the miniigd SOAP service on Realtek SDK with CVE-2014-8361, exposed Hadoop YARN servers with an unspecified flaw, and Huawei HG532 routers with CVE-2017-17215.

**Attack Volume**

Akami noted that HinataBot’s DDoS attack’s packet size for HTTP reached 484 to 589 bytes whereas, for UDP packets, the size was considerably large at 65,549 bytes. It may seem low but could cause sufficient digital destruction for the targets.

Akamai, however, noted that the malware could generate over 20,000 requests and reach 3.4 MB whereas, with a thousand nodes, the attack data volume may reach 3.3 TBPS.

**Threat Actors Distributing Mirai Binaries**

Further probe revealed that the threat actors operating HinataBot distributed Mirai binaries. There are several nods to the open-source, Go-based botnet.

“HinataBot is the newest in the ever-growing list of emerging Go-based threats that includes botnets such as GoBruteForcer and the recently discovered (by SIRT) kmsdbot,” Akamai researchers noted.

The malware is based on the Mirai botnet, and since it is actively updated, the new versions have additional features like functional improvements and anti-analysis. Its previous versions supported UDP, HTTP, TCP, and ICMP floods, but the new version only supports UDP and HTTP.

1.  Akamai Mitigated Record-Breaking DDoS Attack
2.  RapperBot hits gaming servers with DDoS attacks
3.  Tor Network Hit By a Series of Ongoing DDoS Attacks

Threat Actors Using Go-based HinataBot to launch DDoS Attacks

By Owais Sultan
The cryptocurrency market is extremely volatile. The unpredictable nature is both good and bad for traders and investors.…
This is a post from HackRead.com Read the original post: Analysis of the recent volatility in the cryptocurrency market

The cryptocurrency market is extremely volatile. The unpredictable nature is both good and bad for traders and investors. Regardless of that, it gives you countless opportunities to make profits, but losses too are real. If you’re investing in Ether or any other crypto, there are multiple ways you can earn passive crypto income.

Discover effective strategies to manage your investment in ETH during market downturns while ensuring the security of your digital assets.

**Staking**

Blocking one’s funds on Ethereum or any other PoS blockchain helps validate transactions. Plus, you get the opportunity to earn rewards. On staking ETH, the buyers are putting their souls in the game to secure the network. In return, they earn considerable rewards in the form of tokens or ETH.

If you are a newbie, stalking may turn out to be expensive. As an alternative method, you can use ETH stalking service providers which will cost you less in terms of fees.

**HODL**

Referred to as “hold on for dear life”, HODL is a practice to hold cryptocurrency for a long-time with the aim of profitable investment. Holding ETH is a way to ensure that its price will elevate in the future and they will sell it on getting a profitable deal.

Since crypto prices are volatile, you can expect them to fluctuate rapidly. Having said that, it means you must prepare yourself for losses and invest only a limited amount you can afford to lose.

**Lending**

As the name signifies, lending is another significant way that enables investors to generate a steady passive income stream. The investors lend crypto to borrowers at a high-interest rate using centralized or decentralized platforms. Keep in mind, centralized platforms are vulnerable to hacking attempts.

It’s worth mentioning that decentralized platforms ensure top-notch security and transparency. Amateur investors can use these exchanges to maximize their profits.

**Automated Trading**

Investors also use bots for automated trading of Ethereum. These bots are software applications that utilized specialized algorithms for selling and purchasing crypto. Using these software apps, the trades are set up automatically based on certain market conditions.

Successful automated trading can ensure stable passive income. However, you must keep in mind the risks that come complimentary.

**Liquidity Mining**

Also known as yield farming, liquidity mining is one of the most feasible ways to earn passive income from cryptocurrency. In this technique, traders lend their ETH to liquidity pools, particularly on decentralized platforms, and earn rewards.

When trading cryptocurrency, you need to pay a certain amount of fee which is later divided among the farmers.

Hope learning these ways in detail will help you to earn passive income through cryptocurrency.

1.  Could Bitcoin Be The Future Of DeFi?
2.  6 of the Best Crypto Bug Bounty Programs
3.  Is This The Crypto Winter or a Huge Discount?
4.  Smarter Smart Contracts To Prevent DeFi Hacks

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Source

HackRead