City Union Bank hit by a cyber attack that used SWIFT to transfer fundsSecurity Affairs

Fb-Button

The Indian bank Kumbakonam-based City Union Bank announced that cyber criminals compromised its systems and transferred a total of US$1.8 million.

During the weekend, the Russian central bank revealed a new attack against the SWIFT system, unknown hackers have stolen 339.5 million roubles (roughly $6 million) from a Russian bank last year.

Even if the SWIFT international bank transfer system enhanced its security after the string of attacks that targeted it since 2016, the news of a new attack made the headlines.

The victim is the Indian bank Kumbakonam-based City Union Bank that announced that criminals compromised its systems and transferred a total of US$1.8 million.

Taiwan bank hach

On Sunday, February 18, the Kumbakonam-based City Union Bank issued a statement after local media reported that three unauthorized transactions were initiated by staff. The Indian bank confirmed that it has suffered a security breach launched “international cyber-criminals and there is no evidence of internal staff involvement”.

“During our reconciliation process on February 7, it was found out that 3 fraudulent remittances had gone through our SWIFT system to our corespondent banks which were not initiated from our bank’s end. We immediately alerted the correspondent banks to recall the funds,” reads the statement issued by City Union Bank.

The three transactions took place before February 7, when they were discovered during the reconciliation processes.

One transaction of $500,000 that was made through Standard Chartered Bank, New York, to a Dubai based bank was immediately blocked.

A second transaction $372,150 was made through a Standard Chartered Bank account in Frankfurt to a Turkish account, and the third transaction of 1 million dollars was sent through a Bank of America account in New York to a China-based bank.

The City Union Bank confirmed it was working with the Ministry of External Affairs and officials in Turkey and China to recover the funds.

“With the help of Ministry of External Affairs through Consulate General of Shanghai and Istanbul and office of the National Cyber Security Council (PMO) all possible efforts through diplomatic and legal channels are being taken to repatriate the money,” continues the statement.

Summarizing the security features implemented for the SWIFT were able to detect only the transfer to Dubai.

The SWIFT system is now back in operation with “adequate enhanced security”.

At the time of writing the root source of the problem is still unclear

Pierluigi Paganini

(Security Affairs – Mueller’s indictment, 2016 Presidential election)

City Union Bank hit by a cyber attack that used SWIFT to transfer fundsSecurity Affairs

Fb-Button

The Indian bank Kumbakonam-based City Union Bank announced that cyber criminals compromised its systems and transferred a total of US$1.8 million.

During the weekend, the Russian central bank revealed a new attack against the SWIFT system, unknown hackers have stolen 339.5 million roubles (roughly $6 million) from a Russian bank last year.

Even if the SWIFT international bank transfer system enhanced its security after the string of attacks that targeted it since 2016, the news of a new attack made the headlines.

The victim is the Indian bank Kumbakonam-based City Union Bank that announced that criminals compromised its systems and transferred a total of US$1.8 million.

Taiwan bank hach

On Sunday, February 18, the Kumbakonam-based City Union Bank issued a statement after local media reported that three unauthorized transactions were initiated by staff. The Indian bank confirmed that it has suffered a security breach launched “international cyber-criminals and there is no evidence of internal staff involvement”.

“During our reconciliation process on February 7, it was found out that 3 fraudulent remittances had gone through our SWIFT system to our corespondent banks which were not initiated from our bank’s end. We immediately alerted the correspondent banks to recall the funds,” reads the statement issued by City Union Bank.

The three transactions took place before February 7, when they were discovered during the reconciliation processes.

One transaction of $500,000 that was made through Standard Chartered Bank, New York, to a Dubai based bank was immediately blocked.

A second transaction $372,150 was made through a Standard Chartered Bank account in Frankfurt to a Turkish account, and the third transaction of 1 million dollars was sent through a Bank of America account in New York to a China-based bank.

The City Union Bank confirmed it was working with the Ministry of External Affairs and officials in Turkey and China to recover the funds.

“With the help of Ministry of External Affairs through Consulate General of Shanghai and Istanbul and office of the National Cyber Security Council (PMO) all possible efforts through diplomatic and legal channels are being taken to repatriate the money,” continues the statement.

Summarizing the security features implemented for the SWIFT were able to detect only the transfer to Dubai.

The SWIFT system is now back in operation with “adequate enhanced security”.

At the time of writing the root source of the problem is still unclear

Pierluigi Paganini

(Security Affairs – Mueller’s indictment, 2016 Presidential election)

City Union Bank hit by a cyber attack that used SWIFT to transfer fundsSecurity Affairs

Fb-Button

The Indian bank Kumbakonam-based City Union Bank announced that cyber criminals compromised its systems and transferred a total of US$1.8 million.

During the weekend, the Russian central bank revealed a new attack against the SWIFT system, unknown hackers have stolen 339.5 million roubles (roughly $6 million) from a Russian bank last year.

Even if the SWIFT international bank transfer system enhanced its security after the string of attacks that targeted it since 2016, the news of a new attack made the headlines.

The victim is the Indian bank Kumbakonam-based City Union Bank that announced that criminals compromised its systems and transferred a total of US$1.8 million.

Taiwan bank hach

On Sunday, February 18, the Kumbakonam-based City Union Bank issued a statement after local media reported that three unauthorized transactions were initiated by staff. The Indian bank confirmed that it has suffered a security breach launched “international cyber-criminals and there is no evidence of internal staff involvement”.

“During our reconciliation process on February 7, it was found out that 3 fraudulent remittances had gone through our SWIFT system to our corespondent banks which were not initiated from our bank’s end. We immediately alerted the correspondent banks to recall the funds,” reads the statement issued by City Union Bank.

The three transactions took place before February 7, when they were discovered during the reconciliation processes.

One transaction of $500,000 that was made through Standard Chartered Bank, New York, to a Dubai based bank was immediately blocked.

A second transaction $372,150 was made through a Standard Chartered Bank account in Frankfurt to a Turkish account, and the third transaction of 1 million dollars was sent through a Bank of America account in New York to a China-based bank.

The City Union Bank confirmed it was working with the Ministry of External Affairs and officials in Turkey and China to recover the funds.

“With the help of Ministry of External Affairs through Consulate General of Shanghai and Istanbul and office of the National Cyber Security Council (PMO) all possible efforts through diplomatic and legal channels are being taken to repatriate the money,” continues the statement.

Summarizing the security features implemented for the SWIFT were able to detect only the transfer to Dubai.

The SWIFT system is now back in operation with “adequate enhanced security”.

At the time of writing the root source of the problem is still unclear

Pierluigi Paganini

(Security Affairs – Mueller’s indictment, 2016 Presidential election)

Digital transformation in the public sector: balancing the risks with data-driven cyber security

The 35 million people who saw Skyfall back in 2012 were in for a treat – thrills, tension, and a spectacular hacking attempt against the UK public sector. While many have picked up on the evident flaws in the Bond version of MI6’s approach to cyber security, the film provokes an interesting reminder that in our rush to digitise public services, there is certainly more to be done in ensuring that these services are secure. Cloud adoption in the public sector has risen to 78% in the UK in 2017 according to the Cloud Industry Forum. This is encouraging in showing that the public sector is moving towards adopting digital cloud-based technologies, but it is debatable whether the current cyber-security protocols are up to date for this new type of environment.

Public sector BYOD

These days most employees in both public and private firms have at least two devices connected to the company network – a personal phone and a work computer, often a laptop. While the organisation itself may have robust network security, with these types of devices, it is very easy for users to download confidential information from a cloud server and then access it while connected to a different, less secure network. In fact, 52% of data breaches are attributed to human error, according to CompTIA.

While organisations can ensure they are educating their employees about the importance of not sharing confidential information over unsecure connections, it can also be useful for organisations to be able to track who has accessed which bits of information in the cloud environment. This is especially effective in monitoring for corporate whistle-blowers, or habitual leakers. Data lineage technology can keep track of who is accessing, copying or changing information, while big data analytics can be used to spot erroneous activity from different individuals or groups within an organisation. For example, if a person is channelling terabytes of data out of the organisation, or repeatedly accessing information that isn’t pertinent to them, the system can spot this and alert management. The advantage of automating this is that the system can scale to detect these types of activity across the organisation, in a way that humans cannot.

The rise of DDoS

According to recent research from Corero Network Security, organisations in the US were hit by 237 DDoS attacks per month on average, during Q3 2017. This represents a 91% increase compared to Q1, highlighting that this ever-popular cyber-attack remains a pertinent threat to organisations both in the public and private sectors.

When it comes to public sector services, the damage that downtime can cause is often not just financial, but can severely hamper essential public services. The 2007 cyber-attacks on Estonia impacted the parliament, several news organisations, banks and presented a major threat to national security on a scale that had previously been unprecedented. As we increasingly digitalise services such as health and transport, it’s not hard to imagine the potential for chaos should a successful DDoS take one of these critical infrastructure networks offline.

However, far from being immitigable, sophisticated real-time mitigation software can make use of big data analytics to identify and block IP addresses making repeat suspect requests. The very size of a DDoS attack’s botnet could actually work against it, providing more data to help the intelligent computer system learn to detect and stop current and future threats.

Compared to the traditional approach to mitigating DDoS attacks by preventing all connections to the service, blocking only the suspect IP addresses allows the majority of users to continue accessing the network without experiencing significant disruption. Machine learning and big data processing form the essential backbone of this, allowing computers to bear the brunt of analysing, categorising and pattern detection of different IP addresses.

The threat of malware

The public sector only needs to look back a few months to the Petya, NotPetya and WannaCry malware attacks to see the types of chaos that ransomware Trojan horses can cause. At NHS hospitals in the UK, doctors were unable to check patient records, issue prescriptions, or order vital tests – leading to delays in treatment and risk to patients. Unsurprisingly, the review by the Department of Health found that there were lessons to be learned in developing a response plan for such attacks.

The sad truth of the matter is that ransomware attacks are more likely than ever before. Attacks are increasing in both volume and complexity, and without a more advanced approach to analytics, the public sector risks falling prey to more such attacks in future.

Unlike DDoS attacks where there are identifiable sources that can be blocked and redirected, malware is harder to spot. When a malware threat emerges, there will be certain pieces of information connected to it that remain consistent – either a behavioural pattern or physical bytes of code. Historically, these could be detected by humans, but modern malware tends to adapt and evolve itself. This makes the signatures almost impossible to track manually. However, big data analytics, which can look at a much wider range of the data, can spot larger-scale patterns and trends in malware – helping security experts detect and combat them.

But if big data is the stitch in time that saves nine for many of the cyber-security threats facing organisations today, then efficient data management is the thread without which the solution would be impossible. Without being able to pull together all of the different data streams from a range of different servers and systems into one consistent format, analysis on this sort of large scale would be impossible. This is where a vendor-agnostic, open-source approach to data integration is a crucial part of the digitisation process for security-conscious public sector entities.

The threat of cyber-attacks should not deter the public sector from adopting data-driven, cloud-based technologies. After all, the potential benefits of such technologies – from centralised medical records to sensor-driven city management – are hard to overstate. However, in the process of digitising, public sector organisations need to ensure they are also sparing resources to embrace the data integration and data analysis tools needed to back up their digital technology with robust cyber security provisions. This will be key to ensuring that the public sector is able to keep pace with the 21st century’s rush on innovation, which requires organisations to be flexible and dynamic, but above all, secure.

Laurent Bride, Chief Technology Officer at Talend

Image Credit: Chombosan / Shutterstock

Related:

  • No Related Posts

Digital transformation in the public sector: balancing the risks with data-driven cyber security

The 35 million people who saw Skyfall back in 2012 were in for a treat – thrills, tension, and a spectacular hacking attempt against the UK public sector. While many have picked up on the evident flaws in the Bond version of MI6’s approach to cyber security, the film provokes an interesting reminder that in our rush to digitise public services, there is certainly more to be done in ensuring that these services are secure. Cloud adoption in the public sector has risen to 78% in the UK in 2017 according to the Cloud Industry Forum. This is encouraging in showing that the public sector is moving towards adopting digital cloud-based technologies, but it is debatable whether the current cyber-security protocols are up to date for this new type of environment.

Public sector BYOD

These days most employees in both public and private firms have at least two devices connected to the company network – a personal phone and a work computer, often a laptop. While the organisation itself may have robust network security, with these types of devices, it is very easy for users to download confidential information from a cloud server and then access it while connected to a different, less secure network. In fact, 52% of data breaches are attributed to human error, according to CompTIA.

While organisations can ensure they are educating their employees about the importance of not sharing confidential information over unsecure connections, it can also be useful for organisations to be able to track who has accessed which bits of information in the cloud environment. This is especially effective in monitoring for corporate whistle-blowers, or habitual leakers. Data lineage technology can keep track of who is accessing, copying or changing information, while big data analytics can be used to spot erroneous activity from different individuals or groups within an organisation. For example, if a person is channelling terabytes of data out of the organisation, or repeatedly accessing information that isn’t pertinent to them, the system can spot this and alert management. The advantage of automating this is that the system can scale to detect these types of activity across the organisation, in a way that humans cannot.

The rise of DDoS

According to recent research from Corero Network Security, organisations in the US were hit by 237 DDoS attacks per month on average, during Q3 2017. This represents a 91% increase compared to Q1, highlighting that this ever-popular cyber-attack remains a pertinent threat to organisations both in the public and private sectors.

When it comes to public sector services, the damage that downtime can cause is often not just financial, but can severely hamper essential public services. The 2007 cyber-attacks on Estonia impacted the parliament, several news organisations, banks and presented a major threat to national security on a scale that had previously been unprecedented. As we increasingly digitalise services such as health and transport, it’s not hard to imagine the potential for chaos should a successful DDoS take one of these critical infrastructure networks offline.

However, far from being immitigable, sophisticated real-time mitigation software can make use of big data analytics to identify and block IP addresses making repeat suspect requests. The very size of a DDoS attack’s botnet could actually work against it, providing more data to help the intelligent computer system learn to detect and stop current and future threats.

Compared to the traditional approach to mitigating DDoS attacks by preventing all connections to the service, blocking only the suspect IP addresses allows the majority of users to continue accessing the network without experiencing significant disruption. Machine learning and big data processing form the essential backbone of this, allowing computers to bear the brunt of analysing, categorising and pattern detection of different IP addresses.

The threat of malware

The public sector only needs to look back a few months to the Petya, NotPetya and WannaCry malware attacks to see the types of chaos that ransomware Trojan horses can cause. At NHS hospitals in the UK, doctors were unable to check patient records, issue prescriptions, or order vital tests – leading to delays in treatment and risk to patients. Unsurprisingly, the review by the Department of Health found that there were lessons to be learned in developing a response plan for such attacks.

The sad truth of the matter is that ransomware attacks are more likely than ever before. Attacks are increasing in both volume and complexity, and without a more advanced approach to analytics, the public sector risks falling prey to more such attacks in future.

Unlike DDoS attacks where there are identifiable sources that can be blocked and redirected, malware is harder to spot. When a malware threat emerges, there will be certain pieces of information connected to it that remain consistent – either a behavioural pattern or physical bytes of code. Historically, these could be detected by humans, but modern malware tends to adapt and evolve itself. This makes the signatures almost impossible to track manually. However, big data analytics, which can look at a much wider range of the data, can spot larger-scale patterns and trends in malware – helping security experts detect and combat them.

But if big data is the stitch in time that saves nine for many of the cyber-security threats facing organisations today, then efficient data management is the thread without which the solution would be impossible. Without being able to pull together all of the different data streams from a range of different servers and systems into one consistent format, analysis on this sort of large scale would be impossible. This is where a vendor-agnostic, open-source approach to data integration is a crucial part of the digitisation process for security-conscious public sector entities.

The threat of cyber-attacks should not deter the public sector from adopting data-driven, cloud-based technologies. After all, the potential benefits of such technologies – from centralised medical records to sensor-driven city management – are hard to overstate. However, in the process of digitising, public sector organisations need to ensure they are also sparing resources to embrace the data integration and data analysis tools needed to back up their digital technology with robust cyber security provisions. This will be key to ensuring that the public sector is able to keep pace with the 21st century’s rush on innovation, which requires organisations to be flexible and dynamic, but above all, secure.

Laurent Bride, Chief Technology Officer at Talend

Image Credit: Chombosan / Shutterstock

Related:

  • No Related Posts

Iranian Anti-Regime Group: Globally-Available IRGC-Linked Apps Used to Spy on Citizens

(CNSNews.com) – Rattled by recent protests against the 39-year-old regime, Iran’s Islamic Revolutionary Guard Corps (IRGC) is accelerating its cyber warfare capabilities, including embedding spyware into apps used by millions of Iranians, a new report claims. Those affected could potentially include expats in the West, who use the apps to contact relatives inside Iran.

The report by the exiled Iranian opposition group National Council of Resistance of Iran (NCRI)/People’s Mujahedeen Organization of Iran (MEK) says technology, mobile devices and message-sharing apps helped the protests that erupted in late December to spread to cities and towns across Iran, and enabled protestors to get their message to the outside world.

“The protesters’ use of cyber technology proved to be the regime’s Achilles’ Heel since it could not, despite a huge show of force, stop the expansion of protests.”

Alongside its violent crackdown on the unrest, the regime moved to restrict Internet access and block apps, particularly the popular encrypted cloud-based messaging app Telegram, which millions of Iranians use – and which offers an optional message “self-destruct” function.

According to the report, the IRGC and ministry of intelligence and security have now “accelerated significantly” a program of spying on Iranians.

MEK sources inside Iran have “established that the regime has focused on mass surveillance through malicious codes embedded in IRGC mobile apps to actively monitor and disrupt the communication of protesters and dissidents,” the report said.

The aim: to counter the expansion of the uprising and avert more protests, in a country where an estimated 70 percent of Iran’s 82 million people have access to the Internet and some 48 million have smartphones.

Alireza Jafarzadeh, deputy director of the National Council of Resistance of Iran’s Washington office, speaks at the launch Thursday of the organization’s new report on Iran’s ‘cyber repression.’ (Photo: NCRI)

Released in Washington DC on Thursday, the report, “Iran: Cyber Repression, How the IRGC Uses Cyberwarfare To Preserve the Theocracy,” claims that IRGC front companies are developing spyware-enabled apps to enable mass surveillance.

It notes that some, such as Mobogram – an unofficial Telegram client or “fork” – are even available on Apple’s App Store and Google Play, “potentially exposing millions of users worldwide to the IRGC’s spyware and surveillance activities.”

The report says Mobogram is developed by Hanista Group, which it identifies as an IRGC front company.

People who install Mobogram are automatically added to Hanista’s own Telegram channel. The channel has some 4.7 million subscribers, so that’s a likely indication of the number of people using Mobogram, it says.

The report also points to Café Bazaar, an Iranian app store modeled after Google Play, saying it is supervised by the IRGC and is “the IRGC’s platform of choice to promote and distribute spyware enabled mobile apps.”

The report says apps like Mobogram are available on global platforms such as the App Store and Google Play “despite reports and user reviews warning they contain spyware embedded by the Iranian regime’s app developers.”

“The spread of these apps outside Iran will put Internet users across the world at significant risk, increasing the rate of malware infections.”

“Millions of mobile users in Iran are victims today and millions more will be victims elsewhere if the Iranian regime’s latest cyberwarfare is not confronted with effective countermeasures.”

Telegram CEO Pavel Durov warned on Twitter last summer that Mobogram was a “potentially insecure fork of Telegram from Iran” and advised against using it.

Alireza Jafarzadeh, deputy director of the NCRI’s Washington office, said the organization developing such apps is also responsible for the regime’s cyber warfare against the U.S.

“What the regime is doing is testing the success of these apps on the people of Iran first,” he was quoted as saying at the report launch. “If not confronted, the next victims will be the people of other nations, and that’s why it’s so important to react and do something.”

Asked about the availability of apps like Mobogram on its app store, a Google spokesman said Thursday the company was investigating.

“We always take feedback from the community seriously and are currently investigating the situation,” he said. “While we don’t comment on specific apps, our Google Play policies are designed to provide a great experience for users.”

Queries sent to Apple brought no response by press time.

(Image: NCRI)

‘Working to penetrate U.S. and allied networks for espionage’

During the recent protests, hardline elements in Iran blamed the continued availability of social media channels that are not under control of the regime.

“Everyone has seen that the Internet fanned the flames,” Ahmad Khatami, Tehran’s Friday preacher and a member of the Assembly of Experts, said in a Jan. 5 sermon, according to a translation by the Middle East Media Research Institute (MEMRI).

As soon as Internet use was restricted, he said, “the fitna [an Islamic term for strife] died out.”

“I agree with an Internet whose key is in the hands of the regime,” Khatami said, calling for Iran to shut out external platforms altogether. “The nation does not agree to an Internet whose key is in the hands of America.”

In his latest worldwide threat assessment report for Congress, Director of National Intelligence Dan Coats warned this week that the greatest cyber threats to the U.S. this year will come from Iran, along with Russia, China and North Korea.

Coats said Iran’s main targets are regional adversaries Israel and Saudi Arabia, but that the intelligence community assesses that Tehran “will continue working to penetrate U.S. and allied networks for espionage and to position itself for potential future cyber-attacks.”

The NCRI/MEK boasts a network of sources inside Iran, including in the IRGC and other regime organs. It has provided invaluable intelligence in the past, including the key information in 2002 that exposed nuclear activities Tehran had hidden from the international community for two decades.

Iran regards the group as a terrorist organization – as did the U.S. until the State Department delisted it in 2012, citing its renunciation of violence and “the absence of confirmed acts of terrorism by the MEK for more than a decade.”

Related:

  • No Related Posts

Iran spying on MILLIONS worldwide using ‘military-made apps on iTunes and Google’

The NCRI report states: “It is highly suspicious why the Iranian regime, which is hell-bent on controlling the Internet inside Iran, would make these apps available to other mobile users around the world through App Store, Google Play, and GitHub.’

It added: “While many of them have negative reviews and complaints about the apps being infected, they continue to be available for download on popular app stores.”

Previously, the group has revealed details about Iran’s nuclear programme but have attracted controversy – being designated as a terrorist group by the US until 2012.

Daily Star Online has contacted Apple, Google and Github for comment.

Related:

  • No Related Posts

New Style Data Platform Trendage Combines AI, Communities and Visual Search To Provide …

Trendage today also announced its team which is comprised of three co-founders: Vineet Chaudhary, co-founder and technical CEO; Roya Ansari, co-founder and business development; and Mohammad Ahmad, co-founder and operations, all of whom have worked together for over 12 years. The company also announced that it has received $1.5M angel funding from notable investors in retail, technology and fashion that include Bhupen Shah, co-founder of Sling Media, Ilaria Galimberti, co-founder of IMPRESSA Hong Kong and O’ahu Sport Ltd., and Nooshin Esmaili, founder of Sutro Footwear and ShoeBiz SF.

Trendage’s insights are powered by its viral consumer product, Style Challenge, a styling game which solves the difficult problem of gathering consumer style preference data. The game, which is currently available on mobile and desktop platforms, enlists millions of community members to determine what clothes, accessories and shoes from leading brands match, building various outfit combinations on a virtual model that are shared and rated by the Trendage community. The game is immensely addicting and a fun way for shoppers to discover new products online in an engaging manner. In January 2018 alone, Trendage’s community created more than three million customized outfits.

Trendage then uses machine learning to automatically generate data that helps customers “complete the look” based on the choices of its community. The end result are recommendations for popular clothes, accessories and shoes matches which retailers can use to personalize product pages and email marketing campaigns with frequently paired items within a shopper’s age and region. This data for apparel and accessories is unique and provides a powerful competitive advantage. The company can also provide a report to help retailers better predict style trends in the fashion industry and avert costly mistakes.

“Retailers are struggling to find ways to compete with online giants and fast growing mail-based startups that have massive data. The challenge of making sense of all the various data points gathered from website views, email campaigns, sale and return data, however, is that the data is often not available until it’s too late to impact a shopper’s decision. By the time the data is ready, the season and trends have changed,” said Vineet Chaudhary, co-founder and CEO of Trendage. “Trendage gathers all the same data without ever having to touch a single item of clothing, or receive a return, giving retailers an important time advantage of leveraging current trends just when they need it most: at the point of sale while customers are making critical purchasing decisions. No other platform makes cross-sell data as readily available, which is why you don’t see it online. Cross-sell product recommendations have been mostly done manually so far. Trendage’s automation fixes this problem.”

“Brands often think they know who their core consumer base is, so they tend to tightly control how their products are styled and marketed. On the flip side, consumers like to stick with brands they are familiar with, and might not consider a brand that’s outside of their comfort zone,” said Roya Ansari, co-founder and business development at Trendage. “Trendage has come up with an ingenious way for brands to put their apparel in front of a broader audience, one they may have never thought of reaching, to learn how consumers might mix and match their items with other brands. It’s also a great way for consumers to discover new brands that they would have never found otherwise. It’s really a win win for both sides.”

About Trendage

Based in Santa Clara, California, Trendage was founded in 2015 to change the way people shop for and discover clothing. The team’s expertise includes industry data normalization, big data analytics, image processing, large scale software integrations, web and mobile app development, adtech and martech, media and brand building.

To learn more about Trendage or to play Style Challenge, please visit: www.trendage.com.

Press Contact:

Jeff Koo

trendage@sparkpr.com

(415) 321-1866

Cision View original content with multimedia:http://www.prnewswire.com/news-releases/new-style-data-platform-trendage-combines-ai-communities-and-visual-search-to-provide-automated-product-recommendations-300598889.html

SOURCE Trendage

Related Links

https://www.trendage.com

Related:

  • No Related Posts

Britain blames Russia for cyber attack that spread across Europe

The Foreign Office said Vladimir Putin’s Kremlin was behind the attack (Picture: Getty)

Britain has publicly blamed the Russian government for a cyber attack which spread across Europe last year.

The NotPetya attack first targeted the Ukrainian financial, energy, and government sectors but it soon spread and hit other European firms in June 2017.

Teenager becomes third stabbed to death in London since January

Ukraine has been locked in a simmering conflict with Russian-backed separatists since Moscow annexed Crimea in 2014.

Foreign minister for cyber security Lord Ahmad of Wimbledon said the UK’s decision to identify the Kremlin as the culprits shows the Government will not tolerate ‘malicious cyber activity’.

He said: ‘The UK Government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyber attack of June 2017.

The NotPetya cyber attack of June 2017 spread across Europe (Picture: Sergei Konkov/TASS)

‘The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds.

‘The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way.

Support grows for homeless man who lives in a phone box

‘We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.

‘The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm.

‘We are committed to strengthening co-ordinated international efforts to uphold a free, open, peaceful and secure cyberspace.’

Defence Secretary Gavin Williamson said Russia is ‘ripping up the rule book’ (Picture: Shutterstock)

Defence Secretary Gavin Williamson added: ‘We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber attacks.

‘Russia is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure, and weaponising information.

‘We must be primed and ready to tackle these stark and intensifying threats.’

Related:

  • No Related Posts

What is Quantstamp (QSP)? | Beginner’s Guide

What is Quantstamp?

Quantstamp is a security-auditing protocol for smart contracts. As a dapps platform, Ethereum has proven its security time and again. However, dapps and smart contracts on top of Ethereum may still have bugs in which malicious players can cause havoc on the network. The two most notable examples of these being the $55 million DAO hack and the $30 million Parity wallet bug. These issues not only affect the people who’ve had their funds stolen, but they also diminish the credibility of the entire ecosystem.

Writing smart contracts is already a tough job. Like any other computer programming, writing them without any bugs is near impossible. To add fuel to the fire, the rate at which smart contracts are being written (estimated 10 million by the end of the year) is outpacing the resources needed to audit them. Even with robust security auditing, a small bug could slip through the cracks causing catastrophe down the road.

Here’s where Quantstamp comes into play. The protocol includes a cost-effective, scalable system to easily audit your Ethereum-based smart contracts. In this Quantstamp protocol guide, we’ll talk about:

How does Quantstamp work?

Although the team is focusing on Ethereum now, they’re building the Quantstamp protocol in a way that’s platform agnostic. This means that it can eventually be used on other smart contract platforms like Lisk and NEO. The Quantstamp protocol has a two-pronged approach to security auditing:

  1. Automated software verification system
  2. Automated bounty payout system

Software Verification

Quantstamp’s Validation Node applies audit techniques from formal methods submitted by Contributors. These techniques include security checks such as concolic tests, static analysis, and symbolic execution as well as automated reasoning tools like SAT and SMT. As a reward for submitting verification software, contributors (who are primarily security experts), receive Quantstamp Protocol (QSP) tokens.

To ensure no bad actors are submitting malicious validation software, Contributors must be voted in according to the governance mechanism (more on this later).

Running the Validation Node takes a significant amount of computing power. Because of this, Validators also receive QSP payment for providing computing power to the network. To ensure that Validators don’t act maliciously, they must stake their QSP tokens to earn their reward.

An Example

As a developer, you want to deploy a smart contract on Ethereum. Considering you don’t want to go down in history as the guy who lost millions of people’s money, you have your contract audited. To do so, you send your smart contract, with the source code in the data field, directly from your wallet to Quantstamp including QSP tokens with the transaction. On the next Ethereum block, Validators perform security checks. After they reach consensus, they append the proof-of-audit and report data to the next block.

You can choose whether your security report is made public or private.

Quantstamp system

Bounty Payouts

When you submit your smart contract for auditing, you also include a set of QSP tokens for bounty rewards and a deadline for when Bug Finders can submit issues. The bounty deadline reward size is up to you. If the deadline passes with no found bugs, the QSP bounty reward is returned to you.

Quantstamp doesn’t guarantee flawless code after this process, but they do assure users that the automated testing and crowdsourced bug-hunting greatly reduce issues.

Protocol Governance

QSP token holders control protocol, validation smart contracts, and Validation Node upgrades. The governance model uses a time-locked multisig in which any token holder can propose a change. The more votes a change has, the quicker it occurs. Changes approved by all members occur within an hour. This time doubles with each 5% of members that don’t vote and quadruples for each 5% that vote against it.

Proof-of-Caring

Quantstamp uses an in-house created Proof-of-Caring system to reward community members and loyal QSP token holders. Once you submit your proof, you’ll receive an airdrop from an ICO that Quantstamp has audited. This proof consists of holding your tokens in a wallet (not an exchange) for a certain amount of time, contributing to social media outreach, and/or any other community activities. You can find more information about the program here.

Quantstamp team & progress

The Quantstamp team consists of 22 members and advisors with over 500 Google Scholar citations. Steven Stuart (CTO) and Richard Ma (CEO) founded the team in June of 2017. Stuart worked 5 years in Canada’s cryptologic agency in the Department of National Defense and previously founded Many Trees, a start-up that uses GPUs for Big Data analytics and machine learning. Ma built production-grade integration and validation testing software at the Bitcoin HFT Fund. During his time there, his trading systems had no notable issues and handled millions of dollars in investment capital.

Quantstamp founders Richard Ma and Steven Stuart

Since their beginning, the Quantstamp team has performed four semi-automatic audits – one of them being on Request Network, a strategic partner. The team has also partnered with the University of Waterloo and has support from Y Combinator, the number one start-up accelerator in the world.

Quantstamp is a first-mover when it comes to automating smart contract auditing. The Bounty0x project is offering a bounty platform similar to Quantstamp’s bounty rewards but doesn’t have a software verification service. The closest competitors to Quantstamp are the security auditing firms already in the market like ConsenSys Diligence. Because the Quantstamp protocol is automated, it should scale better than its manual competitors.

Trading

Quantstamp held a successful ICO in November 2017 in which the team raised a little over $30 million dollars. They distributed 650 million (65%) QSP out of the 1 billion total supply to ICO participants at a price of $0.072 per token.

After the usual post-ICO volatility, the QSP price stabilized at around $0.10 (~0.000005 BTC) through the end of November. The price followed the trend of the altcoin market and rose rapidly to an all-time high of $0.82 (~0.000051 BTC) before slowly falling to its current price of ~$0.286. The QSP price weathered the beginning of the year market downfall better than most other altcoins.

As the Quantstamp auditing service becomes more widely available, more projects will use them and bring value to the QSP token which, in turn, should drive the price upward.

Where to buy QSP

You can find QSP traded against Bitcoin and Ethereum with the most volume on either Binance or Huobi.

If you’re unsure of how to first get Bitcoin or Ethereum, make sure to check out our buying guides here for Bitcoin and here for Ethereum.

Where to store QSP

QSP is an ERC20 token which means you can store it in any wallet with ERC20 support. MyEtherWallet is a community fan favorite when it comes to online wallets.

For more security, albeit at a higher price, the Ledger Nano S is a great hardware wallet for you to use.

Conclusion

Quantstamp is making smart contracts more secure through automated software testing and a system of bug bounties. Although starting with Ethereum, the team is building the protocol to be available on any DApp platform in the long run.

In an industry where security is a primary concern and bugs have caused the theft of millions of dollars, Quantstamp should help to legitimize blockchain projects and ensure that large-scale smart contract hacks are a thing of the past.

Additional Quantstamp resources

Telegram

Medium

Github

Twitter

Reddit

Related

Related:

  • No Related Posts