Category: Main

Securities and Exchange Commission issues an advisory on XIAN COIN

Photo: https://www.facebook.com/XianCoinBank

XIAN COIN is not registered with the Commission neither as a corporation nor as a partnership and it is NOT AUTHORIZED to solicit investments from the public

Based on its website https://xianco.in/ Xian Coin or XNC is a centralized digital currency powered by the Etherium Blockchain that is exclusively traded by its coin holders. It is owned and issued by a virtual cryptocurrency bank where you can exchange your coins to Xian Coin, Colombian Peso, Mexican Peso, Brazilian Real, Peruvian Sol and Philippine Peso. It also states that the primary function of Xian Coin is to create a powerful, unregulated and untraceable financial payment system that will power transactions and businesses across geographical spheres.

The records of the Commission show that XIAN COIN is not registered with the Commission neither as a corporation nor as a partnership. Further, it is NOT AUTHORIZED to solicit investments from the public since it has not secured prior registration and/or license from the Commission as prescribed under Section 8 and 28 of the Securities Regulation Code.
Likewise, Xian Coin is not a registered Virtual Asset Service Provider (VASP) with the Bangko Sentral ng Pilipinas under Circular No. 1108, series of 2021 or the Guidelines for Virtual Asset Service Providers.

In the same manner, those who invite or recruit other people to join or invest in this venture or offer investment contracts or securities to the public may be held criminally liable under Section 28 of the SRC penalized with a maximum fine of Five Million Pesos (P 5,000,000.00) or imprisonment of Twenty One (21) years or both pursuant to Section 73 of the SRC (SEC Vs. Oudine Santos, G.R. No. 195542, 19 March 2014).
Thus, the public is hereby WARNED that the scheme employed by XIAN COINS clearly shows indication of a possible Ponzi Scheme, where monies from new investors are used in paying “fake profits” to prior investors and is designed mainly to favor its top recruiters and prior risk takers and is detrimental to subsequent member in case of scarcity of new investors.

Elon Musk threatened over crypto tweets by hacktivist group Anonymous

Anon to Elon

Anonymous is a decentralized international activist/hacktivist collective/movement widely known for its various cyberattacks against several governments, government institutions, and government agencies, corporations, and the Church of Scientology.


Anonymous originated in 2003 on the imageboard4chan representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain. Anonymous members (known as Anons) can be distinguished in public by the wearing of Guy Fawkes masks in the style portrayed in the graphic novel and film V for Vendetta.

The most popular Twitter Anonymous account, YourAnonNews, with some 6.7 million followers, has already denied being behind the video. When asked if they could confirm the video was published by them, the tweeted response was “Again, all the best – but no.”

The Anonymous @BscAnon account, that says it opposes “the malevolence that is rife in the space of cryptocurrency” also denies any involvement. It tweeted “That Is Not Our Video To Elon Musk for the record”

PNP launches use of body cameras

Eleazar officially gave the go-signal for police officers to use BWCs on Friday after over 600 personnel completed training on its use.

He added that a BWC-equipped force will also ensure that there will be no violation in police operating procedures or human rights abuses.

It will also protect PNP personnel from malicious and baseless charges.

He also assured the public that the BWCs are tamper-proof and cannot be manually turned off by policemen wearing them.

He added the BWC System, in support of the S.M.A.R.T. (Secured, Mobile, Artificial-Intelligence driven, Real-time Technology) Policing initiative of the PNP, will allow the PNP Command Center to monitor the actual police operations of all units nationwide.

:PNA

Mining Ethereum with Norton 360

NortonLifeLock, a global leader in consumer Cyber Safety, today announced the launch of Norton™ Crypto, a new feature designed to enable consumers to safely and easily mine cryptocurrency through its trusted Norton™ 360 platform. Selected Norton 360 customers in Norton’s early adopter program will be invited to mine for Ethereum.

Norton Crypto delivers a secure, reliable way for consumers to mine for Ethereum without opening themselves and their devices up to pitfalls. Once cryptocurrency has been earned, customers can track and transfer earnings into their Norton Crypto Wallet, which is stored in the cloud so it cannot be lost due to hard drive failure.

Contacts

Jenna Torluemke
NortonLifeLock Inc.
(650) 527-6015
Jenna.Torluemke@nortonlifelock.com

Erin Lundberg
Edelman for NortonLifeLock Inc.
(206) 280-3622
Erin.Lundberg@edelman.com

Critical 0-day on a WordPress Plugin Under Active Attack

On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.

As this is a Critical 0-day under active attack and is exploitable in some configurations even if the plugin has been deactivated, we urge anyone using this plugin to update to the latest version available, 4.6.9, immediately.

Fancy Product Designer is a WordPress plugin that offers the ability for customers to upload images and PDF files to be added to products. Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed. This effectively made it possible for any attacker to achieve Remote Code Execution on an impacted site, allowing full site takeover.

The majority of attacks against this vulnerability are coming from the following IP addresses:

69.12.71.82
92.53.124.123
46.53.253.152

For more WordPress plugins vulnerabilities, check out https://www.wordfence.com/blog/category/wordpress-security/

Source: WordFence

GCash is planning to add cryptocurrency to its services

GCash is an app that you can install on any of your devices—be it a smartphone or a tablet. It allows you to pay your bills, purchase goods and services, and even send or receive money wherever you are.

Mobile wallet GCash is exploring the possibility of adding cryptocurrency to its growing portfolio of financial products and services.

GCash president and chief executive officer Martha Sazon said the company, which is operated by Globe Fintech Innovations Inc., is looking into offering, buying, selling and storing cryptocurrency.

Payment app giants such as PayPal and Square currently allow users to buy and sell cryptocurrency.

GCash now allows its users to shop, save, invest, get insurance coverage, among others, through the app.

Through a feature in the app called GInvest, users are allowed invest for as low as P50 in professionally managed local and global funds.

Another feature called GInsure offers affordable insurance coverage for medical emergencies such as dengue, COVID-19, and accidents for as low as P300.

For easy money management, GSave is a fully digital, secure, and hassle-free savings account that was built in partnership with CIMB Bank.

It is fully accessible once the account is created and has no maintaining balance, no fees, and no initial deposit.

Source: PHILSTAR



Ransomware – Don’t pay the Ransom

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

There are ways to try and recover your files from decryption tools available online.
Look for the file extension of what hit you and try to look for it from the list below:

*https://www.nomoreransom.org/en/index.html

-The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

*https://noransom.kaspersky.com/

-Kaspersky Lab develops and markets antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. It is the fourth or fifth largest endpoint security vendor and the third largest consumer IT security software company.

*https://www.avast.com/en-ph/ransomware-decryption-tools

-Avast develops and markets business and consumer IT security products for servers, desktops, and mobile devices. The company sells both the Avast product line and the acquired AVG-branded products.

*https://www.emsisoft.com/ransomware-decryption-tools/

-Emsisoft’s anti-virus technology is called Emsisoft Anti-Malware. The three versions of Emsisoft Anti-Malware are called Anti-Malware Home, Business Security, and Enterprise Security.

*https://github.com/search?q=ransomware+decryptor

-Some free ransomware decryption tools from Github

Wil to Play – Mobile game with real prizes

Wil To play is Kuya Wil's official mobile game where you can win "real life" prizes and surprises. It is not just a single game but a collection of mini-games where five games can be played by game testers.

You need an android phone or tablet, Gmail, and Internet to download and play the game. You will not be able to install the game if you do not have an invitation to join.

The Exclusive INVITE ONLY GAME LAUNCH has only 2,000 slots. If you are not lucky enough to participate in the game launch today, just wait for the official launch where everyone can download and play Wil To Play.

Prizes can change weekly or daily but for game testing the winners are "a sack of rice", Android tablet and Android Mobile phone.

Official FB Page: https://www.facebook.com/WilToPlay/
Offical website: https://www.wiltoplay.com/

Have I Been Pwned is now Open Source

The primary function of Have I Been Pwned since it was launched is to provide the general public a means to check if their private information has been leaked or compromised. Visitors to the website can enter an email address, and see a list of all known data breaches with records tied to that email address. The website also provides details about each data breach, such as the backstory of the breach and what specific types of data were included in it.

Have I Been Pwned also offers a “Notify me” service that allows visitors to subscribe to notifications about future breaches. Once someone signs up with this notification mailing service, they will receive an email message any time their personal information is found in a new data breach.

Pwned Passwords is Now Open Source via the .NET Foundation

It’s a very simple codebase consisting of Azure Storage, a single Azure Function, and a Cloudflare worker.

It has its own domain, Cloudflare account, and Azure services so can easily be picked up and open-sourced independently to the rest of HIBP.

It’s entirely non-commercial without any API costs or Enterprise services like other parts of HIBP (I want community efforts to remain in the community).

The data that drives Pwned Passwords is already freely available in the public domain via the downloadable hash sets.

 There’s a Have I Been Pwned organisation in GitHub that has the following 2 repositories:

  1. Azure Function
  2. Cloudflare Worker

There’s a third repository in that organisation. Because there was so much enthusiasm over this 3D print earlier in the week, I’ve dropped the .stl into the 3D Prints repository so you can go and grab it and print it yourself

Check if your email or phone has been compromised by a data breach here: https://haveibeenpwned.com/

Beware of Fake Anydesk Spread Via Google Ads

AnyDesk is a remote desktop application distributed by AnyDesk Software GmbH. The proprietary software program provides platform independent remote access to personal computers and other devices running the host application. It offers remote control, file transfer, and VPN functionality.

A fake AnyDesk installer is distributed through malicious Google ads placed by the threat actor, which are then served to unsuspecting people who are using Google to search for ‘AnyDesk.’

The fraudulent ad result, when clicked, redirects users to a social engineering page that’s a clone of the legitimate AnyDesk website, in addition to providing the individual with a link to the trojanized installer.

The company also said it notified Google of its findings, which is said to have taken immediate action to pull the ad in question.

Be sure to download only from their official website at https://anydesk.com/en