Month: June 2021

Securities and Exchange Commission issues an advisory on XIAN COIN

Photo: https://www.facebook.com/XianCoinBank

XIAN COIN is not registered with the Commission neither as a corporation nor as a partnership and it is NOT AUTHORIZED to solicit investments from the public

Based on its website https://xianco.in/ Xian Coin or XNC is a centralized digital currency powered by the Etherium Blockchain that is exclusively traded by its coin holders. It is owned and issued by a virtual cryptocurrency bank where you can exchange your coins to Xian Coin, Colombian Peso, Mexican Peso, Brazilian Real, Peruvian Sol and Philippine Peso. It also states that the primary function of Xian Coin is to create a powerful, unregulated and untraceable financial payment system that will power transactions and businesses across geographical spheres.

The records of the Commission show that XIAN COIN is not registered with the Commission neither as a corporation nor as a partnership. Further, it is NOT AUTHORIZED to solicit investments from the public since it has not secured prior registration and/or license from the Commission as prescribed under Section 8 and 28 of the Securities Regulation Code.
Likewise, Xian Coin is not a registered Virtual Asset Service Provider (VASP) with the Bangko Sentral ng Pilipinas under Circular No. 1108, series of 2021 or the Guidelines for Virtual Asset Service Providers.

In the same manner, those who invite or recruit other people to join or invest in this venture or offer investment contracts or securities to the public may be held criminally liable under Section 28 of the SRC penalized with a maximum fine of Five Million Pesos (P 5,000,000.00) or imprisonment of Twenty One (21) years or both pursuant to Section 73 of the SRC (SEC Vs. Oudine Santos, G.R. No. 195542, 19 March 2014).
Thus, the public is hereby WARNED that the scheme employed by XIAN COINS clearly shows indication of a possible Ponzi Scheme, where monies from new investors are used in paying “fake profits” to prior investors and is designed mainly to favor its top recruiters and prior risk takers and is detrimental to subsequent member in case of scarcity of new investors.

Elon Musk threatened over crypto tweets by hacktivist group Anonymous

Anon to Elon

Anonymous is a decentralized international activist/hacktivist collective/movement widely known for its various cyberattacks against several governments, government institutions, and government agencies, corporations, and the Church of Scientology.


Anonymous originated in 2003 on the imageboard4chan representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain. Anonymous members (known as Anons) can be distinguished in public by the wearing of Guy Fawkes masks in the style portrayed in the graphic novel and film V for Vendetta.

The most popular Twitter Anonymous account, YourAnonNews, with some 6.7 million followers, has already denied being behind the video. When asked if they could confirm the video was published by them, the tweeted response was “Again, all the best – but no.”

The Anonymous @BscAnon account, that says it opposes “the malevolence that is rife in the space of cryptocurrency” also denies any involvement. It tweeted “That Is Not Our Video To Elon Musk for the record”

PNP launches use of body cameras

Eleazar officially gave the go-signal for police officers to use BWCs on Friday after over 600 personnel completed training on its use.

He added that a BWC-equipped force will also ensure that there will be no violation in police operating procedures or human rights abuses.

It will also protect PNP personnel from malicious and baseless charges.

He also assured the public that the BWCs are tamper-proof and cannot be manually turned off by policemen wearing them.

He added the BWC System, in support of the S.M.A.R.T. (Secured, Mobile, Artificial-Intelligence driven, Real-time Technology) Policing initiative of the PNP, will allow the PNP Command Center to monitor the actual police operations of all units nationwide.

:PNA

Mining Ethereum with Norton 360

NortonLifeLock, a global leader in consumer Cyber Safety, today announced the launch of Norton™ Crypto, a new feature designed to enable consumers to safely and easily mine cryptocurrency through its trusted Norton™ 360 platform. Selected Norton 360 customers in Norton’s early adopter program will be invited to mine for Ethereum.

Norton Crypto delivers a secure, reliable way for consumers to mine for Ethereum without opening themselves and their devices up to pitfalls. Once cryptocurrency has been earned, customers can track and transfer earnings into their Norton Crypto Wallet, which is stored in the cloud so it cannot be lost due to hard drive failure.

Contacts

Jenna Torluemke
NortonLifeLock Inc.
(650) 527-6015
Jenna.Torluemke@nortonlifelock.com

Erin Lundberg
Edelman for NortonLifeLock Inc.
(206) 280-3622
Erin.Lundberg@edelman.com

Critical 0-day on a WordPress Plugin Under Active Attack

On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.

As this is a Critical 0-day under active attack and is exploitable in some configurations even if the plugin has been deactivated, we urge anyone using this plugin to update to the latest version available, 4.6.9, immediately.

Fancy Product Designer is a WordPress plugin that offers the ability for customers to upload images and PDF files to be added to products. Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed. This effectively made it possible for any attacker to achieve Remote Code Execution on an impacted site, allowing full site takeover.

The majority of attacks against this vulnerability are coming from the following IP addresses:

69.12.71.82
92.53.124.123
46.53.253.152

For more WordPress plugins vulnerabilities, check out https://www.wordfence.com/blog/category/wordpress-security/

Source: WordFence

GCash is planning to add cryptocurrency to its services

GCash is an app that you can install on any of your devices—be it a smartphone or a tablet. It allows you to pay your bills, purchase goods and services, and even send or receive money wherever you are.

Mobile wallet GCash is exploring the possibility of adding cryptocurrency to its growing portfolio of financial products and services.

GCash president and chief executive officer Martha Sazon said the company, which is operated by Globe Fintech Innovations Inc., is looking into offering, buying, selling and storing cryptocurrency.

Payment app giants such as PayPal and Square currently allow users to buy and sell cryptocurrency.

GCash now allows its users to shop, save, invest, get insurance coverage, among others, through the app.

Through a feature in the app called GInvest, users are allowed invest for as low as P50 in professionally managed local and global funds.

Another feature called GInsure offers affordable insurance coverage for medical emergencies such as dengue, COVID-19, and accidents for as low as P300.

For easy money management, GSave is a fully digital, secure, and hassle-free savings account that was built in partnership with CIMB Bank.

It is fully accessible once the account is created and has no maintaining balance, no fees, and no initial deposit.

Source: PHILSTAR



Ransomware – Don’t pay the Ransom

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

There are ways to try and recover your files from decryption tools available online.
Look for the file extension of what hit you and try to look for it from the list below:

*https://www.nomoreransom.org/en/index.html

-The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

*https://noransom.kaspersky.com/

-Kaspersky Lab develops and markets antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. It is the fourth or fifth largest endpoint security vendor and the third largest consumer IT security software company.

*https://www.avast.com/en-ph/ransomware-decryption-tools

-Avast develops and markets business and consumer IT security products for servers, desktops, and mobile devices. The company sells both the Avast product line and the acquired AVG-branded products.

*https://www.emsisoft.com/ransomware-decryption-tools/

-Emsisoft’s anti-virus technology is called Emsisoft Anti-Malware. The three versions of Emsisoft Anti-Malware are called Anti-Malware Home, Business Security, and Enterprise Security.

*https://github.com/search?q=ransomware+decryptor

-Some free ransomware decryption tools from Github