Microsoft

Tips on how to best secure your crypto

By Matt Muller, Head of Security Operations, CoinbaseAs crypto trading becomes increasingly mainstream, our Security team here at Coinbase has seen cybercriminals getting even more creative and persistent in their attempts to steal assets. While that can sound a little scary at first, the good news is that you can dramatically improve your digital security…

By Matt Muller, Head of Security Operations, CoinbaseAs crypto trading becomes increasingly mainstream, our Security team here at Coinbase has seen cybercriminals getting even more creative and persistent in their attempts to steal assets. While that can sound a little scary at first, the good news is that you can dramatically improve your digital security with just a few easy steps. Not only will this help protect your funds on Coinbase, it can be applied to the rest of your digital life as well!When someone is able to log into one of your accounts to perform fraudulent activity, this is called an “account takeover”, or “ATO” for short. But how do these fraudsters get into your account in the first place? One common method is called a “SIM-swap.” In a SIM-swap attack, fraudsters will actually contact your wireless carrier pretending to be you, and persuade the customer service agent to redirect your cell service to a different device, by changing the SIM card number associated with your account (hence the name of the attack.) Once they succeed, they are able to receive all calls and SMS messages sent to your phone number — including any two-factor authentication codes sent to you via SMS. From there, fraudsters will frequently pair those SMS 2FA codes with stolen passwords to try and log into your email account, social media profiles, cloud storage accounts like Dropbox, or financial accounts like Coinbase.At Coinbase, we do a lot of work behind the scenes to detect and try to stop SIM-swap ATOs targeting our customers’ accounts. We also believe that using SMS-based two-factor authentication (2FA) is better than using no 2FA at all. That said, we encourage everyone to follow the two simple steps below and apply them to all the accounts they care about — not just their Coinbase accounts.Use a password managerYour passwords should be at least 16 characters, extremely complex and unique for your accounts. That’s hard to do by yourself, but password managers like 1Password or Dashlane can be used to create and remember your passwords.Are you currently using a password that has been exposed in a third-party data breach somewhere? You can check to see if you’re using a risky password by visiting haveibeenpwned.com/Passwords.Use 2-factor authentication (2FA)In addition to strong passwords, where available, use two-factor authentication (2FA). And always use the strongest type of 2FA the platform allows, ideally a Yubikey or similar hardware security key.If a service provider doesn’t allow Yubikey, use an authentication app like Google Authenticator or Duo Security instead of SMS-based 2FA if possible.If SMS-based 2FA is the only thing available, at the very least require a one-time 2FA code sent to your device every time you login so someone can’t access your account if they have stolen your password.If an organization doesn’t offer any of these options, consider not using that service.Staying vigilant in the wildIt’s not only important to play defense with the right security tools when protecting your accounts, but it’s also important to stay smart in the wild.Some guidelines:Don’t make yourself a targetDon’t brag about your cryptocurrency holdings online, just like you wouldn’t advertise inheriting $50 million.Review your online presence and see how much personal information someone could learn about you to steal your identity. (The good folks at Consumer Reports put together this self assessment.)Don’t fall for tricksHackers posing as tech support — even bad actors posing as Coinbase customer support specifically — may pressure you for account credentials. Coinbase will never ask you for passwords, 2FA codes, PIN numbers or for remote access to your computer.Coinbase will never ask you to create test accounts on other platforms or provide your ID or banking information over email or social media. We do not offer Facebook support chat and we will never call you by phone.If someone reaches out to you and you’re not sure if it’s a scam, you can reach out to security@coinbase.com to confirm whether it’s legitimate. And remember, Microsoft, Google, and Apple will never call you about your computer.Check the URLScammers create fake sites that look like real exchanges but are designed to steal account information. Double check the web address before you login into your account or input any of your credentials.If we emailed you and include a link, copy the link and paste it into a text editor before entering it into your browser to make sure you know where the link is really taking you.This phishing domain uses an Internationalized Domain Name (IDN) which closely resembles www.coinbase.com. However, looking closer will reveal that the domain is actually www.coįnbase[.]com (note the character accent below the “i”).While Coinbase has gone to great lengths to secure our environment, it’s important that everyone understands their role in maintaining the security chain. By following some basic security steps, you can make sure your crypto stays safe. To learn more, visit our Help Center.Tips on how to best secure your crypto was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft

The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy. The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order Cash in hand. Image credit: Obsidian News by Connor Makar Staff Writer Published on July 23

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order

Cash in hand.

A character in a leafy ghilli suit leaps over a platform towards the camera while being shot at from afar.
Image credit: Obsidian

The Outer Worlds 2, the upcoming sci-fi FPS by Obsidian Entertainment will now be sold at $70 dollars, rather than the planned $80. This follows a statement by Microsoft confirming the U-turn earlier today.

Those who have already purchased the game at the $80 price point on Steam will have the purchase refunded and re-bought at the lower figure. On Battle.net, those who pre-ordered the game will have their orders cancelled and refunded, and will have to re-buy the game. Those on Xbox and PlayStation will have the difference refunded in the upcoming days.

This announcement was made on The Outer Worlds official social media accounts, with a cute in-universe statement and graphic. On the official Obsidian website, further explanation on how the price change will affect those who’ve already spent money has been provided.

Cover image for YouTube videoThe Outer Worlds 2 – Official Gameplay Trailer

Watch the gameplay trailer

Read More

Continue Reading
Microsoft

Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions”

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy. Home News Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions” Starting with The Outer Worlds 2 Image credit: Obsidian Entertainment News by Vikki Blake Contributor Published

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions”

Starting with The Outer Worlds 2

Image credit: Obsidian Entertainment

Just weeks after confirming The Outer Worlds 2 will be the first Microsoft game to retail for $80, Microsoft has reversed the decision, revealing the highly-anticipated sequel will now launch for $69.99 in keeping with typical AAA pricing.

This will apply not just to The Outer Worlds 2, but indeed other “full priced holiday releases” launched across the period.

In a statement, a Microsoft spokesperson said Xbox was “focused on bringing players incredible worlds to explore, and will keep our full priced holiday releases, including The Outer Worlds 2, at $69.99, in line with current market conditions.”

On social media, developer Obsidian posted: “We have received your SOS via skip drone about the pricing. As an organization devoted to making sure that corporations do not go unfettered, we at the Earth Directorate have worked with [REDACTED] to revise the price of The Outer Worlds 2. While this will not bring peace to the galaxy, or even your local colony, we assure you all that we are here to fight for all colonies in every way that we can.”

Microsoft announced last month that The Outer Worlds 2 would be the first Xbox title to retail at $80 following Microsoft’s planned price rises in May.

“We understand that these changes are challenging, and th

Read More

Continue Reading
Microsoft

Coyote malware abuses Windows accessibility framework for data theft

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. …

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. …
Read More

Continue Reading
Microsoft

Microsoft Server Software Comes Under Widespread Cyberattack

Breadcrumb Trail Links Home PMN Business Share this Story : Microsoft Rushes to Stop Hackers from Wreaking Global Havoc Copy Link Email X Reddit Pinterest LinkedIn Tumblr Microsoft Rushes to Stop Hackers from Wreaking Global Havoc Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the

Microsoft Rushes to Stop Hackers from Wreaking Global Havoc

Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Article content

(Bloomberg) — Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Article content

Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.

Article content
Article content

Story continues below

Article content

Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google’s Mandiant Consulting.

Article content
Article content

Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they’ve accessed government systems, including ones belonging to the US Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information.

Article content

Representatives of the Department of Education and Rhode Island legislature didn’t respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated “at multiple levels of government” but that the state agency “does not comment publicly on the software we use for operations.”

Article content

Story continues below

Article content

The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. 

Article content

In some systems they’ve broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information.

Article content

“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 

Article content

“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said. “A compromise doesn’t stay contained—it opens the door to the entire network.” 

Article content

(Bloomberg) — Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Article content

Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.

Article content
Article content

Story continues below

Article content

Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google’s Mandiant Consulting.

Article content
Article content

Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they’ve accessed government systems, including ones belonging to the US Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information.

Article content

Representatives of the Department of Education and Rhode Island legislature didn’t respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated “at multiple levels of government” but that the state agency “does not comment publicly on the software we use for operations.”

Article content

Story continues below

Article content

The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. 

Article content

In some systems they’ve broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information.

Article content

“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 

Article content

“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said. “A compromise doesn’t stay contained—it opens the door to the entire network.” 

Advertisement 2
Advertisement
Article content

Tens of thousands — if not hundreds of thousands — of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents. Microsoft said that attackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the tech firm. That could limit the impact to a subsection of customers.

Article content

A Microsoft spokesperson declined to comment beyond an earlier statement.

Article content

“It’s a dream for ransomware operators,” said Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys. He estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of such firms, followed by the Netherlands, the UK and Canada, he said. 

Article content

The breaches have drawn new scrutiny to Microsoft’s efforts to shore up its cybersecurity after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company’s tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company’s security culture as in need of urgent reforms.

Article content

Story continues below

Article content

The Center for Internet Security, which operates a cybersecurity information sharing system for state and local governments in the US, found more than 1,100 servers that are at risk from the SharePoint vulnerability, said Randy Rose, the organization’s vice president of security operations and intelligence. Rose said more than 100 were likely hacked.

Article content

The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers.

Article content

Eye Security was the first to identify that attackers were actively exploiting the vulnerabilities in a wave of cyberattacks that began on Friday, said Vaisha Bernard, the company’s chief hacker and co-owner.

Article content

Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.

Article content

Story continues below

Article content

The SharePoint vulnerabilities, known as “ToolShell,” were first identified in May by researchers at a Berlin cybersecurity conference. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in.

Article content

“There were ways around the patches,” which enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Bernard. “That allowed these attacks to happen.” The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised.

Article content

He declined to identify the identity of organizations that had been targeted, but said they included government agencies and private companies, including “bigger multinationals.” The victims were located in countries in North and South America, the EU, South Africa, and Australia, he added.

Article content
Article content

—With assistance from Lynn Doan, Cameron Fozi, Daniel Cancel, Aashna Shah, Jane Lanhee Lee and Patrick Howell O’Neill.

Article content

(Updates with additional information beginning in third paragraph.)

Article content

Comments
You must be logged in to join the discussion or read more comments.
Create an AccountSign in
Join the Conversation

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

Read More

Continue Reading