Information Technology

Singapore is mulling over additional rules in cryptocurrency trading that it says are necessary to safeguard the general public. These may include restrictions on retail trading and the use of leverage in cryptocurrency transactions. The revelation comes weeks after repeated warnings from the government that cryptocurrencies, due to their “sharp speculative price swings”, are unsuitable retail investments for the public. Recent market events clearly demonstrated the risks with prices of several cryptocurrencies dipping significantly, said Senior Minister and Minister in Charge of Monetary Authority of Singapore (MAS) Tharman Shanmugaratnam. In a written response issued Monday to a parliamentary question, he said MAS since 2017 had issued cautionary notes about cryptocurrency investments.Noting that the industry regulator already had taken steps that went further than most others, Tharman said MAS in January restricted the marketing and advertising of cryptocurrency services in public areas as well as barred the portrayal of cryptocurrency trading as trivial. He added that digital payment token service providers since had adhered to the rules, which included the removal of both cryptocurrency ATMs and advertisements from public areas and public transport venues. Under the country’s Payment Services Act, MAS was empowered to implement further measures to ensure better consumer protection, maintain financial stability, and safeguard the effectiveness of its monetary policies, the minister said. Tharman said: “MAS has been carefully considering the introduction of additional consumer protection safeguards. These may include placing limits on retail participation and rules on the use of leverage when transacting in cryptocurrencies. Given the borderless nature of cryptocurrency markets, however, there is a need for regulatory coordination and cooperation globally. These issues are being discussed at various international standard setting bodies where MAS actively participates.”The European Union last week reached a provisional agreement on cryptocurrency regulations that aimed to “protect investors and preserve financial stability”. Coined Markets in Crypto Assets (MICA), the regulatory framework would cover issuers of unbacked crypto assets and stablecoins, trading platforms, and wallets in which crypto assets were held. For instance, under the new rules, cryptocurrency service providers must adopt “strong requirements” to protect consumers wallets and would be held liable when investors’ assets were lost. French Minister for the Economy, Finance, and Industrial and Digital Sovereignty, Bruno Le Maire, said: “Recent developments on this quickly evolving sector have confirmed the urgent need for an EU-wide regulation. MICA will better protect Europeans who have invested in these assets and prevent the misuse of crypto-assets, while being innovation-friendly to maintain the EU’s attractiveness.”MICA still is subject the approval of the Council and European Parliament, before going through formal adoption procedures.Singapore, though, had stressed the importance of driving the development of underlying technologies often associated with cryptocurrencies, specifically, blockchain. Deputy Prime Minister and Coordinating Minister for Economic Policies, Heng Swee Keat, said last month efforts were needed to bring out the best potential of emerging technologies while mitigating the risks. For instance, he said a consortium was set up to ensure the responsible use of artificial intelligence (AI) in the financial sector and this led to the release of whitepapers and toolkits to guide the industry.  The same approach should be applied to drive the upsides and minimise the downsides of Web 3.0 developments, Heng said, pointing to distributed ledgers and tokenisation, which drove transparency and cost savings.”Crypto assets have more recently been in the spotlight for the wrong reasons. This, however, does not reflect where the greatest value of blockchain and digital assets lies, much of which is away from the retail glare,” he said. He noted that while cryptocurrencies were unsuitable as retail investments due to their volatile prices, the underlying blockchain technology had the potential to streamline and improve wholesale cross-border transactions. MAS in May announced plans to pilot use cases of asset tokenisation and assess the feasibility of autonomous trading powered by blockchain technology. Efforts here would include the development of interoperable networks to facilitate digital asset trading as well as an evaluation of regulations needed to safeguard against potential risks. According to a study released last August, 67% of personal investors in Singapore held cryptocurrencies with 78% owning Ethereum and 69% holding Bitcoin.Investments in Singapore’s fintech sector also grew 47% year-on-year to hit $3.94 billion last year, with blockchain and cryptocurrencies raking in almost half of the funds with $1.48 billion across 82 deals, according to KPMG. RELATED COVERAGE More

Sensitive personal information about over a billion people has apparently been leaked from a government agency and put up for sale on the dark web, in what would be one of the biggest data breaches in history.  Information which has been leaked is said to include names, addresses, national ID numbers and mobile phone numbers, […] More

The largest bug bounty platform HackerOne said it has fired an employee who took bug reports submitted by external researchers and filed the same reports elsewhere for personal gain. HackerOne is one bug bounty platform that big companies and government departments have turned to manage their bug bounties. HackerOne receives bug reports from ethical hackers about software, and then internally triages the reports to determine whether or not to pay rewards to those who report them. There’s big money at stake. By 2020, HackerOne had paid out over $100 million to participants who’d reported over 181,000 vulnerabilities through bounties it manages since launching in 2012. Last year Zoom, a HackerOne customer, paid out $1.4 million through HackerOne managed bounties. HackerOne co-founder and CISO Chris Evans said in a Friday blogpost that the now-former employee — whose role was to triage bugs for numerous customer bounty programs — had improperly accessed security reports at some point between April 4 and June 22 and then leaked the information outside of the HackerOne platform to claim additional bounties elsewhere. The employee wrongfully received bounties in a “handful of disclosures”, according to Evans.  The firm investigated the incident after receiving a customer filed a complaint on June 22 asking it to investigate “a suspicious vulnerability disclosure made outside of the HackerOne platform.” The reporter, using the name “rzlr”, had used “threatening communication” about the vulnerability disclosure. “This customer expressed skepticism that this was a genuine collision and provided detailed reasoning,” said Evans. Evans said that the former employee anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties. “Our investigation has concluded that a (now former) HackerOne employee improperly accessed vulnerability data of customers to re-submit duplicate vulnerabilities to those same customers for personal gain,” he explains later.”This is a clear violation of our values, our culture, our policies, and our employment contracts. In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future.”HackerOne terminated the employee’s system access and remotely locked their laptop on June 23. It interviewed the employee on June 24 and on June 27 “took possession of laptop of suspended threat actor and conducted remote forensics imaging and analysis.” The employee, who had system access since April 4, had been in contact with seven HackerOne customers.HackerOne officially terminated the employee on June 30. By July 1, HackerOne had notified all customers whose bug bounty programs had any interaction with the employee, it said. HackerOne says it is confident the external disclosure was not the work of multiple insider threats, but the one employee. “This was a serious incident. We are confident the insider access is now contained. Insider threats are one of the most insidious in cybersecurity, and we stand ready to do everything in our power to reduce the likelihood of such incidents in the future,” said Evans.Evans admits HackerOne’s existing detection and response systems didn’t proactively detect this threat. The firm plans on enhancing its screening process for employees, improving data isolation and network logging, and will implement new simulations to test whether it can detect insider threats.   HackerOne raised in $49 million in funding in January, bringing its total funding to $160 million. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Microsoft, Singapore’s Ministry of Defense, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo.   More

Image: Vintage Tone/Shutterstock The owner of several metaverse companies has been arrested over an alleged investment fraud scheme that defrauded more than 10,000 victims of over $45 million. Last week, the US Department of Justice (DoJ) said that Neil Chandran, a Las Vegas resident, was arrested over allegations of fraud. The 50-year-old owns companies operating […] More

Image: Getty Images/iStockphoto The British Army is investigating after its Twitter and YouTube accounts were both breached. On July 3, as reported by the BBC, Army accounts were taken over and used to promote NFT and cryptocurrency schemes. This included YouTube videos posted with the image of entrepreneur Elon Musk. The British Army’s YouTube account […] More

Image: Shutterstock / Gorodenkoff Half of the 18 ‘zero-day’ bugs that were exploited before a patch was publicly available this year could have been prevented if only major software vendors created more thorough patches and did more testing.  That’s the verdict of researchers at Google Project Zero (GPZ), which has so far counted 18 zero-day […] More

Image: Getty Microsoft has shared its detailed technical analysis of the persistent problem of ‘toll fraud’ apps on Android, which it said remains one of the most prevalent types of Android malware.  Microsoft’s 365 Defender Team points out that ‘toll billing’, or Wireless Application Protocol (WAP) fraud, is more complex than SMS fraud or call […] More

Image: Shutterstock / Marjan Apostolovic Several US law enforcement agencies have shone a spotlight on MedusaLocker, one ransomware gang that got busy in the pandemic by hitting healthcare organizations.  MedusaLocker emerged in 2019 and has been a problem ever since, ramping up activity during the early stages of the pandemic to maximize profits.  Special Feature […] More