Month: May 2024
Okta warns users to be aware of damaging cyberattacks targeting customers
Someone’s engaged in credential stuffing via cross-origin authentication.
Identity and access management giant Okta has warned customers of an ongoing credential stuffing attack against one of its tools and suggested users either disable it, or apply a set of mitigations to remain secure.
An announcement from the company noted how hackers have been abusing the cross-origin authentication feature in Customer Identity Cloud (CIC) to mount credential stuffing attacks for several weeks now.
“Okta has determined that the feature in Customer Identity Cloud (CIC) is prone to being targeted by threat actors orchestrating credential-stuffing attacks,” the announcement read. “As part of our Okta Secure Identity Commitment and commitment to customer security, we routinely monitor and review potentially suspicious activity and proactively send notifications to customers.”
Stuffing the login page
Okta Customer Identity Cloud is a comprehensive identity and access management (IAM) platform designed to manage and secure customer identities. Cross-origin resource sharing (CORS), being abused, is a security mechanism that allows web applications running at one origin (domain) to request resources from a server at a different origin.
Finally, credential stuffing attack is when hackers “stuff” an online login page with countless credentials obtained elsewhere, in an attempt to break into different accounts.
With CORS, customers add JavaScript to their websites and applications, which sends authentication calls to the Okta API hosted, BleepingComputer explains. However, the feature only works when customers grant access to the URLs from which cross-origin requests can be created.
Hence, if these URLs are not being actively used, they should be disabled, Okta said.
Those interested to see if their infrastructure was targeted already should check their logs for “fcoa”, “scoa”, and “pwd_leak” events, which are evidence of cross-origin authentication and login attempts. If the tenant doesn’t use cross-origin authentication but the logs show fcoa and scoa events, then a credential stuffing attempt has been made.
More from TechRadar Pro
Okta says it is facing unprecented levels of attacksHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now
AI startup EthonAI raises $16M in funding led by Index Ventures to boost factory efficiency with AI
Since the meteoric rise of ChatGPT two years ago, AI startups have largely focused on leveraging AI chatbots to boost office productivity and improve efficiency. However, one AI startup has its sights on revitalizing the struggling manufacturing sector. Enter EthonAI,
The post AI startup EthonAI raises $16M in funding led by Index Ventures to boost factory efficiency with AI first appeared on Tech Startups.
Since the meteoric rise of ChatGPT two years ago, AI startups have largely focused on leveraging AI chatbots to boost office productivity and improve efficiency. However, one AI startup has its sights on revitalizing the struggling manufacturing sector. Enter EthonAI, […]
The post AI startup EthonAI raises $16M in funding led by Index Ventures to boost factory efficiency with AI first appeared on Tech Startups.
Google Zero is here — now what?
Illustration: The Verge
We’ve been covering big changes to Google and Google Search very closely here on Decoder and The Verge. There’s a good reason for that: the entire business of the modern web is built around Google.
It’s a whole ecosystem. Websites get traffic from Google Search, they all get built to work in Google Chrome, and Google dominates the stack of advertising technologies that turn all of it into money. It’s honestly been challenging to explain just how Google operates as a platform, because it’s so large, pervasive, and dominant that it’s almost invisible.
But if you think about it another way — considering the relationship YouTubers have to YouTube or TikTokers have to the TikTok algorithm — it starts to become clear. The entire web is Google’s platform, and creators on the web are often building their entire businesses on that platform, just like any other.
I think about Decoder as a show for people who are trying to build things, and the number one question I have for people who build things on any platform is: what are you going to do when that platform changes the rules?
There’s a theory I’ve had for a long time that I’ve been calling “Google Zero” — my name for that moment when Google Search simply stops sending traffic outside of its search engine to third-party websites.
Regular Decoder listeners have heard me talk a lot about Google Zero in the last year or two. I asked Google CEO Sundar Pichai about it directly earlier this month. I’ve also asked big media executives, like The New York Times’ Meredith Kopit Levien and Fandom’s Perkins Miller, how it would affect them. Nobody has given me a good answer — and it seems like the media industry still thinks it can deal with it when the time comes. But for a lot of small businesses. Google Zero is now. It’s here, it’s happening, and it can feel insurmountable.
Earlier this year, a small site called HouseFresh, which is dedicated to reviewing air purifiers, published a blog post that really crystallized what was happening with Google and these smaller sites. HouseFresh managing editor Gisele Navarro titled the post “How Google is killing independent sites like ours,” and she had receipts. The post shared a whole lot of clear data showing what specifically had happened to HouseFresh’s search traffic — and how big players ruthlessly gaming SEO were benefiting at their expense.
I wanted to talk to Gisele about all of this, especially after she published an early May follow-up post with even more details about the shady world of SEO spam and how Google’s attempts to fight it have crushed her business.
I often joke that The Verge is the last website on Earth, but there’s a kernel of truth to it. Building an audience on the web is harder than ever, and that leaves us with one really big question: what’s next?
Folks like Gisele, who make all the content Google’s still hoovering up but not really serving to users anymore, have a plan.
Illustration: The Verge
We’ve been covering big changes to Google and Google Search very closely here on Decoder and The Verge. There’s a good reason for that: the entire business of the modern web is built around Google.
It’s a whole ecosystem. Websites get traffic from Google Search, they all get built to work in Google Chrome, and Google dominates the stack of advertising technologies that turn all of it into money. It’s honestly been challenging to explain just how Google operates as a platform, because it’s so large, pervasive, and dominant that it’s almost invisible.
But if you think about it another way — considering the relationship YouTubers have to YouTube or TikTokers have to the TikTok algorithm — it starts to become clear. The entire web is Google’s platform, and creators on the web are often building their entire businesses on that platform, just like any other.
I think about Decoder as a show for people who are trying to build things, and the number one question I have for people who build things on any platform is: what are you going to do when that platform changes the rules?
There’s a theory I’ve had for a long time that I’ve been calling “Google Zero” — my name for that moment when Google Search simply stops sending traffic outside of its search engine to third-party websites.
Regular Decoder listeners have heard me talk a lot about Google Zero in the last year or two. I asked Google CEO Sundar Pichai about it directly earlier this month. I’ve also asked big media executives, like The New York Times’ Meredith Kopit Levien and Fandom’s Perkins Miller, how it would affect them. Nobody has given me a good answer — and it seems like the media industry still thinks it can deal with it when the time comes. But for a lot of small businesses. Google Zero is now. It’s here, it’s happening, and it can feel insurmountable.
Earlier this year, a small site called HouseFresh, which is dedicated to reviewing air purifiers, published a blog post that really crystallized what was happening with Google and these smaller sites. HouseFresh managing editor Gisele Navarro titled the post “How Google is killing independent sites like ours,” and she had receipts. The post shared a whole lot of clear data showing what specifically had happened to HouseFresh’s search traffic — and how big players ruthlessly gaming SEO were benefiting at their expense.
I wanted to talk to Gisele about all of this, especially after she published an early May follow-up post with even more details about the shady world of SEO spam and how Google’s attempts to fight it have crushed her business.
I often joke that The Verge is the last website on Earth, but there’s a kernel of truth to it. Building an audience on the web is harder than ever, and that leaves us with one really big question: what’s next?
Folks like Gisele, who make all the content Google’s still hoovering up but not really serving to users anymore, have a plan.
Mastercard’s new ‘Crypto Credential’ service aims to simplify crypto transfers
Mastercard has unveiled its new “Crypto Credential” service, which aims to simplify peer-to-peer crypto transfers by replacing addresses with simple… Continue reading Mastercard’s new ‘Crypto Credential’ service aims to simplify crypto transfers
The post Mastercard’s new ‘Crypto Credential’ service aims to simplify crypto transfers appeared first on ReadWrite.
Mastercard has unveiled its new “Crypto Credential” service, which aims to simplify peer-to-peer crypto transfers by replacing addresses with simple aliases.
The service announced in a May 29 press release, was already launched and allows the users of participating crypto exchanges to send and receive digital assets using a user-friendly alias. This is supposedly a less confusing alternative to the lengthy and complex alphanumerical blockchain addresses that are difficult to distinguish from one another. The company wrote in a tweet:
Mastercard Crypto Credential has gone live with its first peer-to-peer transactions! This solution not only replaces complex wallet addresses with user-friendly aliases, but also makes sending #blockchain transactions secure, transparent and accessible.
The approach
The Crypto Credential service verifies users and assigns them an alias. When users send their cryptocurrency, the software checks the validity of the alias and ensures protocol compatibility before sending the assets.
If the recipient’s address is incompatible with the assets being sent, the transaction will not be processed. This would prevent the loss of funds due to user error — a common occurrence in the crypto space. The aliases could also protect against address poisoning scams, where attackers deceive wallet users into sending coins to a similar-looking address.
As ReadWrite reported earlier this month, a cryptocurrency trader has recently fallen victim to a sophisticated “address poisoning” scam, resulting in the loss of tens of millions of dollars. This kind of scam sees scammers create fake accounts that mimic the last and first characters of a victim’s address.
Due to their confusing and long nature, it is common practice to only check the first and last few characters of an address before sending assets. So by interacting with the victim with similar addresses, the victim is likely to send to one of those addresses by mistake.
Currently, the Crypto Credential service is available at Bit2Me, Lirium, and Mercado Bitcoin exchanges — with a notable lack of adoption by top exchanges such as Binance and Coinbase. The service will soon roll out in Brazil, Chile, France, Guatemala, Mexico, Panama, Paraguay, Peru, Portugal, Spain, Switzerland, and Uruguay, with more European countries to be added in the future. Martin Kopacz, chief operating officer of Lirium, said:
With Mastercard Crypto Credential, we can ensure the traceability of all blockchain transactions with a higher level of compliance, while also providing an exceptional user experience.
The post Mastercard’s new ‘Crypto Credential’ service aims to simplify crypto transfers appeared first on ReadWrite.
After Cyberattack, Christie’s Gives Details of Hacked Client Data
Its disclosure came after RansomHub claimed responsibility for the cyberattack and threatened to release client data on the dark web.
Its disclosure came after RansomHub claimed responsibility for the cyberattack and threatened to release client data on the dark web.
Joe Biden campaign engages with crypto industry ahead of US election
President Joe Biden has begun seeking input from the the cryptocurrency industry amid the presidential race. This crypto-friendly approach is… Continue reading Joe Biden campaign engages with crypto industry ahead of US election
The post Joe Biden campaign engages with crypto industry ahead of US election appeared first on ReadWrite.
President Joe Biden has begun seeking input from the the cryptocurrency industry amid the presidential race. This crypto-friendly approach is a significant departure from when Biden proposed imposing a 30% tax on crypto mining power.
According to anonymous sources reported by industry news outlet The Block, the campaign has started reaching out to crypto experts and industry players, seeking guidance on the “crypto community and crypto policy moving forward.” The requests for comment are seemingly a consequence of Biden recognizing the potential impact of crypto-related issues on the upcoming election.
A sudden shift
The campaign’s engagement with the crypto industry follows the crypto community’s opposition to the Biden administration’s vow to veto the repeal of SAB 121. The controversial bill in question was criticized for potentially discouraging financial institutions from providing crypto asset custody services by placing it on their balance sheets. Sen. Cynthia Lummis (R-Wyo.) commended on the repeal:
This is a win for financial innovation and a clear rebuke of the way the Biden administration and Chair Gary Gensler have treated crypto assets and marks the first time both chambers of Congress have passed standalone crypto legislation. President Biden needs to take note of the bipartisan support this CRA received in both the House and Senate and sign this into law.
The newfound interest in the crypto industry on Biden’s part also follows Trump campaign’s announcement that it will accept crypto donations and his recent pro-cryptocurrency remarks. This marks a significant change in Trump’s stance as well, as he had previously called Bitcoin (BTC) “a scam against the dollar” in 2021.
Bitcoin’s price action
According to CoinGecko data, Bitcoin — the world’s largest cryptocurrency by market cap — is currently trading at $68,567, up 1.79% in the last 24 hours. The price has seen a significant increase of 11.99% over the past 30 days and a remarkable 147.98% over the past year. Bitcoin’s market cap stands at $1.35 trillion, with the 24-hour trading volume reaching $11.11 billion.
The sentiment among traders remains bullish, with 82.06% of votes indicating a positive outlook. Despite being down 7.36% from its all-time high of $73,738 reached on March 14, 2024, Bitcoin continues to dominate the cryptocurrency market.
The post Joe Biden campaign engages with crypto industry ahead of US election appeared first on ReadWrite.
Netflix is teaming up with Microsoft and Mojang to craft a Minecraft animated show, and the timing couldn’t be worse
Netflix and Mojang are putting the building blocks in place for an animated Minecraft TV series.
Netflix is teaming up with Minecraft creator Mojang to craft an animated TV series based on the incredibly popular sandbox video game.
Revealed via a 20-second teaser on its social media channels, the streaming titan revealed it was developing an animated TV show that’ll be set in the block-based world that’s owned by Mojang and parent company Microsoft.
Few details about the in-development series have been revealed, such as a confirmed release date and/or voice cast. However, Netflix and Mojang provided a little insight into its creation via a brief news post on the official Minecraft website, including which animation studio will lead development on the forthcoming project and the fact that it won’t feature everyone’s favorite block star, Steve.
NETFLIX & CRAFT! ⛏️ From Netflix & Mojang Studios, an animated Minecraft series is officially in the works. pic.twitter.com/yo41rEmAPnMay 30, 2024
“We’re thrilled to announce that we’ve joined forces with Netflix to produce an animated series set in our blocky universe,” writer Per Landin said.
“The series will tell an original story with new characters and reflect the world of Minecraft in a new light. It is currently in development by the talented studio WildBrain (creators of Sonic Prime, Ninjago: Dragons Rising, and Carmen Sandiego) and will debut exclusively on Netflix. We couldn’t be more excited, so stay tuned for more information!”
Netflix’s Minecraft series is just the latest animated production to be announced for and/or be in development at the world’s best streaming service. Ultraman: Rising, one of next month’s new Netflix movies, will be the next one to emerge off the streamer’s animated production line, with the flick set to fly onto the platform on June 14.
On the TV front, Arcane season 2, the next entry in one of the best Netflix shows ever, will debut in November. Other highly anticipated animated shows include A Devil May Cry series, a Tomb Raider show, and an animated spin-off of the incredibly popular Netflix TV Original Stranger Things.
Mining the adaptation well
Minecraft Dungeons, one of the franchise’s many spin-offs, wasn’t a universal success. (Image credit: Mojang)
With its cute, block-based graphics and family-friendly appeal, some people (myself included) have found it bizarre that an animated Minecraft series hasn’t been attempted before. The fact that we’re finally getting one from Netflix now feels long overdue.
That said, in some ways, Netflix’s announcement couldn’t have come at a worse time. For one, the reveal comes 13 days after Minecraft‘s 15th anniversary – its actual birthday took place on May 17, for those wondering – which would’ve been a more fitting date to make this announcement on. Unless work is well underway on the animated series, it won’t launch on Netflix until after Warner Bros’ live-action Minecraft movie arrives in theaters, either. The long-gestating film, which will star Jack Black, Jason Momoa, and Kate McKinnon, among others, is currently slated to arrive in cinemas worldwide in April 2025.
If that movie fails to leave its mark on audiences, there might not be much of an appetite for Netflix’s animated offering from viewers whenever it’s released. Indeed, few other Minecraft spin-offs or adaptations – Minecraft Dungeons, Minecraft Legends, and Telltale’s narrative-driven Minecraft video game adaptation to name three – have struggled to match the original game’s unprecedented success. There’s little guarantee, then, that its forthcoming movie and TV reworkings will do likewise. We’ll find out if Netflix and Warner Bros. have built adaptations befitting Mojang’s universally adored video game in the months and years to come.
You might also like
The Umbrella Academy season 4 trailer teases one final world-saving mission and lots more Ben before the hit Netflix show endsNetflix’s Knives Out 3 will be a mini James Bond reunion as Spectre actor joins the Daniel Craig-starring movieThese are the best Netflix movies to stream today
Homelander shows off move set in gory new MK1 trailer
Homelander, the egotistical super tyrant, has joined Mortal Kombat 1’s ranks in a new move set trailer. The notorious antagonist… Continue reading Homelander shows off move set in gory new MK1 trailer
The post Homelander shows off move set in gory new MK1 trailer appeared first on ReadWrite.
Homelander, the egotistical super tyrant, has joined Mortal Kombat 1’s ranks in a new move set trailer.
The notorious antagonist from The Boys takes the spotlight, showcasing a unique and brutal set of moves, fatalities, and a gruesome finisher. Netherealm Studios, the game’s developer, has also nailed his signature smirk and love of lactose. He is joined by the classic “Kameo” character Ferra as part of the Mortal Kombat 1 downloadable content (DLC) pack.
Homelander and Ferra join MK1
Ferra joins in with the bloodshed of Homelander’s bloody battles with Liu Kang and Kitana in the announcement trailer. The iconic leader of Image Comic’s The Seven can be seen wielding his signature heat vision and tossing his prey into the air before peeling them off an airplane and whipping them through a turbine as his finisher.
Homelander joins Omni-Man, Quan Chi, Peacemaker, Ermac, and Takeda to take the set of playable DLC characters to five of a rumored six possible playable. This first installment of downloadable content heavily focuses on superheroes, but it isn’t the first time the pages have come to life.
The Joker, Hellboy, and Spawn have all left their mark on previous installments of the gaming series. Anthony Starr’s likeness is used in the game, but the actor will not reprise his role as he responded to a fan query on Instagram saying, “Nope,” when asked if he would be adding his vocal talents to this installment of the beat-em-up. J.K. Simmons and John Cena have reprised their roles respectively, but Starr didn’t give a specific reason for his omission from the voice lines.
Netherrealm Studios, the game’s publisher, takes this opportunity to cash in on fan loyalty to an iconic character. Fans look forward to the cast that drop as DLC in Mortal Kombat’s many entries.
Sadly, the content is paid for and not accessible to the series’ loyal fans for free. Mortal Kombat 1 has received critical acclaim and placed in the top 10 best-selling games of 2023.
Homelander will be available to play on June 4 for early-access players and be purchasable for those without the Kombat Pack a week later. Ferra joins the Kameo roster later in June. Image: Netherrealm Studios.
The post Homelander shows off move set in gory new MK1 trailer appeared first on ReadWrite.