STE WILLIAMS

Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.

Researchers who analyzed a new pool of malicious Android applications found they contained a new version of the Tushu SDK, which was seen infecting apps on Google Play earlier this year. The Twoshu SDK, as they have dubbed this lookalike, was built with new evasive techniques.

The ad fraud primarily associated with the Tushu Software Development Kit was first seen in Crazy Brainstorming, an Android gaming app available in Google Play from January through March 2019. During those months, it was downloaded more than a million times, mostly in the United States, say researchers with the White Ops Threat Intelligence Team who found it.

Strings in the app’s code indicated the SDK was developed by 1tu1shu[.]com, a China-based company self-described as a “data driven intelligent marketing” firm. Analysis showed 71 other applications with this SDK implemented in their code base. All of the extensions and apps observed during their analysis led to suspicious domains characterized as malware repositories.

“There were definitely a lot of very suspicious things going on with this particular SDK,” says John Laycock, threat analyst with the White Ops Threat Intelligence Team.

The Tushu SDK had a few defining characteristics. It could display full-screen ads out of the app’s context, meaning ads could appear even if the app wasn’t running in the foreground. This let attackers monetize ads while the user attempted to interact with other apps. The SDK was also capable of delivering ads when the screen was locked. Ads could be triggered by network changes such as connecting or disconnecting to Wi-Fi, or plugging a device in to charge.

There were a few red flags that alerted the White Ops team to malicious activity, says Laycock. Its high download count, for one, was “significant and somewhat unusual for a single app,” he explains — especially since it was the only app from a developer under the name Linda Wang, assumed to be a random persona. The app itself wasn’t well done, he adds, and a number of user comments complained of slow processes and too many advertisements. Researchers published their analysis, and Crazy Brainstorming was taken down.

Roughly six months later, the same team investigated six HiddenAd apps shared by ESET Research. The apps were posted on Google Play in mid-August and taken down in September. Analysis revealed code similar to the original Tushu with obfuscation and anti-analysis tactics. The increase in sophistication showed researchers had disrupted the attackers’ cash flow; as a result, they saw a need to improve their tactics before jumping back into the ad fraud space.

The lookalike “Twoshu” SDK contains single-byte XOR obfuscation, says Laycock, while the original Tushu was visible in plaintext. The intent is to slow down analysis, researchers explain. “Instead of storing important strings in clear text within the dex file, there is a call to a decoder function with one of the many statically-assigned byte arrays,” according to a White Ops team blog post.

“What we’re seeing right now with a lot of the Android packages is the different actors out there are trying to increase their sophistication,” says Laycock. It used to be easy to open an app and look at code in plaintext; now attackers are upping their game. “They had repackaged everything and basically made it very difficult to read,” he says of the Tushu developers.

For anti-analysis, Twoshu contains code from a Chinese open source project dubbed EasyProtector, which determines if the device is an emulator. The code enumerates all installed packages on a system and checks them against an internal list of antivirus tools, researchers report. It also checks to see if a target device is connected to known antivirus service set identifiers (SSID).

The code will not run on a device with fewer than 10 apps installed, or with more than three apps that have “.test.” in their package name because it assumes it’s an analysis system.

“It’s a real fun cat-and-mouse game,” says Laycock. Similar to the original Tushu SDK, Twoshu collects an “impressive” amount of data, including GPS coordinates, Wi-Fi SSIDs, and the International Mobile Equipment Identity (IMEI) of each device. White Ops plans to continue monitoring this SDK for continued attempts to evade detection.

Related Content:

• Home Safe: 20 Cybersecurity Tips for Your Remote Workers
• Researchers Explore How Mental Health Is Tracked Online
• The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
• In the Market for a MSSP? Ask These Questions First

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “In the Market for a MSSP? Ask These Questions First“

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/application-security/tushu-take-twoshu-malicious-sdk-reappears-in-google-play/d/d-id/1336464?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Warn your employees to avoid the inevitable scams associated with these two “holidays,” or you risk compromising your company’s network.

With Black Friday and Cyber Monday right around the corner, cybercriminals are switching tactics. Rather than preying on the fear that our Microsoft Office, PayPal, or bank accounts have been locked, criminals are launching phishing scams that prey on our desire to get a great holiday shopping deal. After all, they know that at this time of year, consumers are spending money and looking for bargains.

And let’s be honest with ourselves: Even if your company discourages employees from shopping on their company-supplied computers or smartphones, it’s going to happen — especially at this time of year. And that puts your organization at risk.

Holiday phishing scams lure potential victims with offers of online deals and coupons. E-commerce retailers are primary targets for spoofing — during the holidays, Amazon tops the list of branded phishing scams, beating out Microsoft. However, legitimate brick-and-mortar stores are also aggressively offering coupons for Black Friday and Cyber Monday, making them targets for spoofing as well.

Unfortunately, at this time of year, people are more likely to be less suspicious and to fall victim to phishing emails featuring trusted retailer brands — particularly if they regularly receive emails from those companies. Research from Verizon also shows that users are significantly more susceptible when the attack comes in on a mobile phone.

Telling the Real Deals from the Fakes
The challenge email administrators and users face is how to tell the real holiday deals from the credential-harvesting phishing scams, which make up 40.9% of phishing attacks. In credential-harvesting attacks, the email itself mimics communication from the real brand, often using convincing logos and design.

Instead of the typical “ask” to change a password, however, the holiday phishing email will display a coupon or a special shopping offer of some kind. Other lures include bogus gift card offers, giveaways, contests, and too-good-to-be-true deals. The scams will also try to create a sense of “act now” urgency, like putting time limits on the deals.

The goal of the bad actor is to get the email recipients to click on a malicious link to a web page that spoofs the legitimate retailer or brand — the credential-harvesting page — and fools users into giving up their login credentials, credit card information, or personal data that can be used for identity theft.

Tips to Pass Along to Users
Education is critical to countering phishing scams. Research from Google found that even with on-the-job training and news coverage, 40% of people cannot define phishing correctly, and Gen Z users are even less likely to know what “phishing” means.

Black Friday and Cyber Monday present a great opportunity to caution your employees about the risks out there and tell them how to protect themselves. Share these tips, with the reminder that they apply year-round, not just during the holidays.

• Hover over all URLs and make sure they are going to a legitimate website. Watch out for “lookalikes” such as “Amazon.co” instead of “Amazon.com,” and never trust shortened URLs. Check links for typos, repeated letters, or other flaws that can indicate a spoofed site. When in doubt, type the web address into your browser window by hand.
• Pay close attention to the sender’s email address. The domain name should match the retailer’s legitimate website. If you’re reading email on your cell phone, expand the sender name to see the address.
• Only download shopping apps from trusted stores, like the Apple App Store or Google Play.
• If a coupon or deal is legitimate, the retailer won’t ask you to log in to see it. Don’t give away your login credentials to scammers.
• If the deal seems to be too good to be true, it probably is. Don’t take the bait.

Remember, Black Friday and Cyber Monday scams depend on creating a sense of urgency, using these special shopping days to spur immediate action and grab deals before they’re gone. Resist the sense of urgency. Stop and think before you click.

Related Content:

• 8 Holiday Security Tips for Retailers
• 6 Real Black Friday Phishing Lures
• Black Friday to Cyber Monday: Keeping Hackers from Having Their Day
• Cyber Monday: What Retailers Shoppers Should Watch For

 

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “When You Know Too Much: Protecting Security Data from Security People“

Before co-founding Avanan in 2014, Michael Landewe had over 20 years of internet startup experience, starting with co-founding an ISP in 1996. He was an early employee of Network Physics, an Internet traffic performance company that was one of the first technology companies … View Full Bio

Article source: https://www.darkreading.com/endpoint/time-to-warn-users-about-black-friday-and-cyber-monday-scams/a/d-id/1336432?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Researchers notice year-end phishing attacks starting in July and ramping up in September.

It seems the holiday season starts earlier every year. This trend extends to the world of cybercrime, where this year attackers started to ramp up malicious year-end activity as early as July. By September, phishing URL detections were up over 2.5 times compared with 2018.

The period between September and December is “the most active malware season of the year,” reports the Avira Protection Lab. Researchers charted a 61% increase in phishing during the 2018 holiday shopping season. This year, the seasonal activity started earlier, and it’s moving faster and growing more diverse as attackers map new campaigns for both mobile and desktop devices.

Android, the most common mobile OS, is the most frequently targeted, researchers report. The amount of Android malware typically intercepted, which mostly includes banking Trojans, climbs 50% during the holiday shopping season. The Android/Banker, specifically, climbs 17.5%.

Criminals can distribute a wide variety of malware with a simple WhatsApp message: “Click here to receive the latest Black Friday coupons” may arrive with a link to a new coupon app, researcher say as an example. Banking Trojans, premium SMS fraud, and adware are most commonly delivered in scams like this. Trojans such as the new ExoBot variant have dynamic overlays to collect payment card data and other banking data, such as PIN codes, they say.

Some free coupon apps — for example, Black Friday Ads 2019 — toe the line between adware and traditional ad-supported apps. Researchers advise shoppers to stick with official apps and app stores and, even then, read the reviews and review permissions before downloading.

Read more details here.

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “In the Market for a MSSP? Ask These Questions First“

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/they-see-you-when-youre-shopping-holiday-cybercrime-starts-early/d/d-id/1336449?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Every organization should be paying attention to the attacks targeting financial services systems.

The financial services industry has always been a prime target for criminals. The tools used to attack financial organizations are part of an increasingly large and sophisticated criminal ecosystem. This may seem like an obvious statement at first glance. When you read industry reports, they tend to focus on a single aspect of the whole ecosystem, as if it were unrelated to other types of attacks.

We wanted to do something different for this report.

(Registration required.)

Article source: https://www.darkreading.com/edge/theedge/new-2019-state-of-the-internet---security-financial-services-attack-economy/b/d-id/1336454?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

How can you protect your precious corporate endpoints from the mysterious dangers that might await when you’re not by their side? Empower home office users with these tips.

Image Source: Adobe (glowonconcept)

According to data from Global Workplace Analytics, the population of work-at-home employees among those who work for organizations has grown by 159% since 2005. That’s a growth rate 11 times faster than the workforce itself. This arrangement offers flexibility and productivity to organizations and their workers alike, but it also poses challenges for cybersecurity strategists.

“Digitization has caused a paradigm shift in where and how work is done,” says Nima Baiati, global director and head of cybersecurity solutions at Lenovo. “Increasingly, work is being done from locations outside of the traditional office, with an emphasis placed on hiring the best talent and allowing the flexibility for where and how they work. As this shift accelerates, organizations need to adjust their approach to security.”

A key ingredient to securing home-office workers is providing them with the knowledge and tools they need to work securely and efficiently. Dark Reading recently asked a number of security experts for the most important advice they’d tell IT departments to impart to their remote workers, whether they’re working at home on the road. Here’s what they had to say.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Article source: https://www.darkreading.com/theedge/home-safe-20-cybersecurity-tips-for-your-remote-workers/b/d-id/1336446?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A Russian hacker has been sentenced to four years in US prison for using the NeverQuest banking Trojan to infect the computers of unwitting victims, steal their login information for online banking accounts, and use it to wipe out their accounts.

The US Attorney’s Office for the Southern District of New York announced the sentencing of Stanislav Vitaliyevich Lisov on Thursday.

According to the Justice Department (DOJ), NeverQuest has been used by cybermuggers to try to weasel millions of dollars out of victims’ bank accounts.

Nasty and complex

It’s a nasty piece of work. Researchers have determined that NeverQuest’s origins lie in an evolving threat family called Vawtrack, also known as Snifula, Catch or Grabnew.

Once NeverQuest slips onto a victim’s computer, it wakes up when the system logs onto an online banking website. Then, it transfers the victim’s login credentials, including their username and password, back to a command and control server. That lets the malware’s administrators remotely control a victim’s computer and log into their financial accounts, transfer money to accounts that the crooks control, change the login credentials, write online checks, and purchase goodies from online vendors at their victims’ expense.

According to the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), the Trojan installs what’s called a Virtual Network Computing (VNC) server that disguises malicious activity, escaping detection by making it look like that activity is coming from the victim’s own computer.

NeverQuest can replicate and spread with the help of FTP servers, the Neutrino Exploit Kit, and social networking sites. It uses web-injection to evade detection by antivirus software and can slip by two-factor authentication (2FA). The malware can also launch man-in-the-middle and man-in-the-browser attacks; harvest email, FTP, and stored browser credentials; and can capture video and screenshots.

Lisov: NeverQuest’s daddy

The DOJ says that between June 2012 and January 2015, Lisov worked on “key aspects” of creating and administering a botnet based on computers infected by this malicious NeverQuest beast.

Lisov’s duties included maintaining infrastructure for the criminal enterprise, including by renting and paying for the servers used to manage the botnet. Those servers were stuffed with stolen login credentials – approximately 1.7 million of them, including usernames, passwords, and security questions and answers to get into their bank and other financial accounts.

Lisov was arrested in Spain in January 2017. He was extradited to the US a year later, and in February 2019, he pleaded guilty to one count of conspiracy to commit computer hacking.

At the time of Lisov’s guilty plea, US Attorney Geoffrey S. Berman called Lisov’s crimes “audacious”:

As he admitted today, Stanislav Vitaliyevich Lisov used malware to infect victims’ computers, obtain their login credentials for online banking accounts, and steal money out of their accounts.

This type of cybercrime extends across borders, poses a malicious threat to personal privacy, and causes widespread financial harm. For his audacious crime, this Russian hacker now faces justice in an American court.

It’s good news that one of these bank robbers is off the streets. But this is an ongoing battle, fought against professionally run criminal syndicates, so don’t expect the FBI, Europol or any other crime-fighting organization to be able to rest anytime soon.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/wzl5484w02Q/

The Russian Government’s campaign to control how its citizens use the internet seems to be gathering steam.

Earlier this month, the country passed a controversial new ‘sovereign internet’ law that requires the country’s ISPs to set up deep packet inspection of all internet traffic and ready themselves for the imposition of a separate Domain Name System (DNS) under Government control.

Last week the country’s Parliament passed what might turn out to be an even more significant order – from July 2020 all computing devices sold in Russia will be required to come pre-loaded with what is loosely described as “Russian software”.

According to the BBC, bill co-author and MP Oleg Nikolaev explained that:

[People] might think that there are no domestic alternatives available. And if, alongside pre-installed applications, we will also offer the Russian ones to users, then they will have a right to choose.

…and it will also “provide domestic companies with legal mechanisms to promote their programs for Russian users”, according to a translation of the press release.

The law covers all devices including mobiles, desktop and laptop computers and smart TVs which today ship with Russian language versions of the same apps used elsewhere in the world.

According to Russian sources, in future these applications will be joined by mysterious new Russian Government-approved applications. These will probably include a browser, a search engine, a messaging app, and possibly others which have yet to be specified.

Unhappy Apple

This hasn’t gone down well with the non-Russian tech companies that make the devices and software sold in the country.

The obvious example is Apple, which reportedly lobbied against a law that breaks a basic assumption of its platform that all core software come from Apple itself.

It’s not clear whether it will be possible to de-install the Russian applications, but the implication of the laws, which have still to be signed off by the legislature’s Upper House and President Putin himself, is that they will be part of the factory image.

On that basis, it’s possible that Apple will withdraw its products from the Russian market. Android is unlikely to have the same problems despite Samsung and Huawei’s reported unhappiness although it’s remotely possible Microsoft might baulk at Russian imposing such applications on Windows users.

Not surprisingly, some Russian internet users are also suspicious, believing the Russian applications will simply be proxies for Government surveillance.

The bill’s proponents have claimed that Russians deserve local alternatives to non-Russian applications. The obvious problem with this argument is that they already have access to such things but, presumably, choose not to use them.

However, these applications are discretionary and don’t run with the root privileges it seems likely the Government-approved pre-installed alternatives will have.

Paltry fines

Ironically, if there’s a chink in the law it’s the threat to fine device makers that don’t comply. Again, according to Russian reports, these will be 200,000 roubles, which is just over $3,000.

On the assumption this is a total fine and not per device found to be flouting the final law, that’s a trifling sum for a large phone or device maker to pay to distribute its own software image on its devices. Repeat offenders will, however, apparently face a ban.

It does raise a lot of practical questions about the proposal’s inner workings. Russian consumers might at a push survive losing Apple but losing all the big phone makers would be a major blow.

It’s similarly unclear how the Russian software would be loaded, who would approve it, and what might happen if a large device maker decided the application was doing something it shouldn’t, for example carrying out surveillance.

As with Russia’s plans to set up a parallel DNS ‘Runet’ system to monitor which websites Russians visit, the lawmakers and politicians might simply not grasp how difficult this beast might be to control.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/GmGUPDAdwPA/

Ad-blocking companies have figured out a way to block the unblockable – a pernicious tracker technique that hides advertising networks from your browser in plain sight.

Whenever your browser visits a website supporting third-party advertisers, the site shows it tracking pixels or IFRAME tags that cause it to make extra requests. These requests go to ad companies that use various techniques to identify your browser and track it across multiple sites.

Ad-blocking companies are in a constant battle with the advertisers to block these trackers.

The latest weapon in this fight exploits a long-established web concept called a CNAME record. CNAME stands for Canonical Name. It’s an alias that the owner of a domain (say, example.com) can use to describe a subdomain (like innocent.example.com). You could set the CNAME for ads.example.com to resolve to an entirely different domain, like dedicated-tracker.eviladcompany.com. When your browser reaches out to innocent.example.com, it’ll send a query to the name server, which will look up the second domain instead.

That’s a problem for people that don’t want advertisers to track them. Ad-blocking software tends to trust cookies sent by the same domain that you’re visiting. If innocent.example.com sends you a cookie, it could contain session information that helps the site remember who you are. Blocking it would break the site’s functionality.

So companies that use CNAMEs to hide third-party trackers behind their own domains can fool ad blockers into waving through cookies from their advertising friends.

Those companies reportedly include French marketing outfit Eulerian, which according to a post on ad blocker uBlock Origin’s GitHub site used this ‘unblockable tracker’ approach on a subdomain at liberation.fr, pointing to liberation.eulerian.net. Any company trying to seem innocuous would use a random subdomain – in Eulerian’s case, f7ds.liberation.fr.

Sneaky.

According to another poster who searched for the inline code, the company is doing it on several other sites, too.

This is a simple workaround for advertisers eager to understand what you’re doing online. If you don’t want them doing that, then how can you stop them?

UBlock found an application programming interface (API) in Firefox, which is a way for its browser extension to interact with the underlying browser engine. dns.resolve() looks up the real domain behind a CNAME record (known as the canonical CNAME).

Firefox uBlock users will be protected, but what about users of Chromium-based browsers, which encompasses most other browsers? Chromium doesn’t support this API, meaning that uBlock can’t take the same approach using this browser framework as it does with Firefox. One alternative would be to send the browser’s request data to an online service to have it check for the canonical CNAME record, but uBlock’s developer Raymond Hill doesn’t want to send user information to other online services. He explained:

This would require uBO to send browsing history information to a remote server, this is anti-uBO.

Other ad blockers are jumping into the conversation. In a blog post that was low on detail, Adguard said that it would address the problem because:

On DNS level, it’s trivial to figure that a domain is actually a disguised tracker.

It indicated that it wouldn’t rely on a specific browser framework:

The beauty of this solution is that it’s not limited to any browser or even a single product, and in the end will help everyone.

Adguard’s CTO and co-founder Andrey Meshkov said on 22 November that the company had already started blocking disguised trackers:

AdGuard DNS has already started blocking disguised trackers twitter.com/AdGuard/status… https://t.co/Eu6GCZ1pyu

—
Andrey Meshkov (@ay_meshkov) November 22, 2019

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/GELDo4RpiU8/

A Florida lawyer who boasted of making “50 by 50” – as in, $50m by the age of 50 – is now facing a potential 50+ years behind bars for money laundering and lying to banks about funds flowing from OneCoin, a cryptocoin Ponzi scheme that started in Bulgaria but spread like a money-sucking fungus around the world.

Mark Scott, 51, a former equity partner at the law firm Locke Lord LLP, was convicted in Manhattan Federal Court on Thursday for laundering about $400 million from the massive international OneCoin fraud.

It’s not just an alleged mega-fraud; it’s also led to mega-busts, and its founder – The Missing Cryptoqueen, who talked millions of people into her scheme – has blinked out of sight. Bulgarian Ruja Ignatova was last spotted around October 2017: around the time that the US filed a secret warrant for her arrest. Her brother, Konstantin Ignatov, took over the reins, was arrested at Los Angeles International Airport in March 2019, signed a plea deal, and is facing up to 90 years in jail (though maximum sentences are rarely handed out).

Pop some corn and pull up a chair: you can tune in to the true crime saga from the BBC here as reporter Jamie Bartlett presents “a story of greed, deceit and herd madness.”

As far as the other OneCoin shysters go, most of them have been arrested or, like Ignatova, disappeared. A slew of OneCoin reps were pitching their scam – what they called “the next Bitcoin” – in a Mumbai exurb in April 2017 when financial cops busted in, raided the meeting, and jailed 18 of them, ultimately seizing more than $2 million in investor funds. As The Atlantic tells it, they’d already moved at least $350m in allegedly scammed funds through a German payment processor.

Not that OneCoin has shuttered its “Bitcoin Killer” shop, mind you. It’s humming along as what the US Attorney’s Office in the Southern District of New York calls a “multi-level marketing network” that pays its members commissions for recruiting others to buy cryptocurrency packages, not from actual proceeds from its coins’ supposed value.

In other words, it’s a pyramid scheme, and it sounds just like all the other cryptocoin pyramid schemes we’ve seen blossom and then implode. For more about how these scams work and how to avoid them, check out our deep dive on the subject.

OneCoin Ltd has claimed to have over 3 million members worldwide. An investigation has shown that, between the fourth quarter of 2014 and the third quarter of 2016 alone, the outfit generated €3.353 billion (USD$3.70 billion, £2.88 billion) in sales revenue and earned “profits” of €2.232 billion (USD$2.46 billion, £1.2 billion).

Mined from pure imagination

OneCoin leaders have claimed that their cryptocurrency is mined on the company’s own servers, and that the value is based on supply and demand. As the NY AG tells it, in reality, there are no servers chugging away. Rather, the coin’s “value” – which has grown from €0.50 to about €29.95 as of January 2019 – is actually mined out of the company’s vivid imagination. In fact, the whole thing was set up to defraud investors from the get-go, according to the Department of Justice (DOJ).

The DOJ says that Scott first met Ignatova in late 2015, then began laundering OneCoin proceeds in 2016. He did it by setting up a series of bogus private equity investment funds – the “Fenero Funds” – in the British Virgin Islands and lied about $400m in OneCoin fraud money as being investments of “wealthy European families.” He funneled the money through Fenero Fund bank accounts in the Cayman Islands and Ireland.

He subsequently transferred the funds back to Ignatova and other OneCoin entities, further disguising the transfers as outbound investments from the Fenero Funds. He lied about the real source of the laundered money to banks and other financial institutions around the world.

With the $50m he made, Scott got spendy: he picked up a collection of luxury watches worth hundreds of thousands of dollars, a Ferrari and several Porsches, a 57-foot Sunseeker yacht, and three multimillion-dollar seaside homes in Cape Cod, Massachusetts. He was arrested near one of his Cape Cod homes in September 2018.

Scott was convicted of one count of conspiracy to commit money laundering, which carries a maximum potential sentence of 20 years in prison, and one count of conspiracy to commit bank fraud, which carries a maximum potential sentence of 30 years in prison. But again, maximum sentences are rarely handed down.

Throughout all of this, OneCoin has denied that it’s a scam sandwich. It recently sent this statement to the BBC for its The Missing Cryptoqueen podcast:

OneCoin verifiably [fulfills] all criteria of the definition of a cryptocurrency.

Our partners, our customers and our lawyers are fighting successfully proceedings against OneCoin. We are sure that the vision of a new system on the basis of a financial revolution will be established.

Watch our video

(Watch directly on YouTube if the video won’t play here.)

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/ECTL_dfr8-k/

Promo The IT security landscape changes by the second, as organisations move to new technologies and data thieves devise increasingly ingenious ways to penetrate systems. It’s no surprise that IT security leaders feel the constant need to shore up their defenses.

Help on how to achieve this will be at hand at the major event IT security training specialist SANS Institute is bringing for the first time to Manchester, UK, from 24 to 29 February next year.

Like all SANS training events, it offers a range of intensive courses and hands-on labs taught by industry leaders who bring their real-world experiences into the classroom.

Develop the hands-on cyber security skills most needed right now, network with like-minded security professionals facing similar challenges, and enhance your career prospects by preparing for your GIAC Certification.

One of the key courses at the event will be SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling. This course enables you to turn the tables on miscreants, by helping you gain a detailed understanding of their tactics and strategies. It provides you with hands-on experience in finding security vulnerabilities and discovering intrusions, and equips you with a comprehensive incident handling plan.

The additional four courses on the agenda cover the following topics:

Security essentials, bootcamp style

Do you understand why some organisations get compromised and others don’t? Would you be able to find compromised systems on your network? Are you confident all your security devices are effective? Are proper security metrics communicated to your executives? If you’re not sure, this is the course for you.

Cloud security architecture and operations

Business leaders are turning to cloud services to save money and gain capabilities, but will security be their Achilles heel? The course covers security fundamentals, policy and governance, technical principles, and cloud architecture and design.

SIEM with tactical analytic

Logging systems collect vast amounts of data from a multitude of sources. Students on this course will learn about building a security information and event management (SIEM) platform, covering topics from when to use one to enriching log data and extracting intelligence.

Network penetration testing and ethical hacking

Learn to conduct a full-scale, high-value penetration test. Start with planning, scoping and recon, then dive into scanning, target exploitation, password attacks, and web app manipulation. Find the flaws in your systems before the bad guys do.

Join SANS at their first ever Manchester training event by registering right here today.

Sponsored:
From CDO to CEO

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/11/25/sans_manchester/