A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and for some, it’s a viable way to make ends meet and set up long-term investments. The cryptocurrency realm has also proven to be vulnerable to cybercriminals. For example, the Wormhole hack leaked $320 million, and cybercriminals have targeted crypto platforms with ransomware and mining app scams. 

Whether you’re already in the cryptocurrency game or are thinking about taking the plunge, here’s what you need to know about crypto wallets and tips on how to keep yours safe from cybercriminals. 

What Is a Crypto Wallet?

A cryptocurrency wallet, or crypto wallet, is a software product or a physical device that stores the public and private keys to your cryptocurrency accounts. Keys are strings of numbers and letters that encrypt and decrypt crypto transactions and secure crypto accounts. You can think of public keys as the routing and account numbers that appear at the bottom of paper checks. There’s not much a nefarious character can do with that information, and it’s totally normal to give that information to an acquaintance with whom you’re doing business. Private keys are like your online banking password or debit PIN. Those you must guard very closely because in the wrong hands, your hard-earned bank balance could disappear. A crypto wallet also allows you to transfer funds between crypto types and make transactions.  

What Are Some Types of Crypto Wallets?  

Here are a few basic types of crypto wallets to help you decide which type is right for you. 

Noncustodial vs. custodial

A non-custodial wallet means that you are the sole keeper of the keys to your crypto assets. If you forget your password, there’s no “forgot your password?” prompt to let you back in. While not having this safety net is a little nerve wracking, noncustodial wallets are considered the more secure option. You don’t have to worry about a security breach of a major corporation leaking your private key. If you’re responsible and confident that you’re prepared to look after your assets by yourself, this may be the best option for you. 

A custodial wallet is a little less secure, but you have a third party helping you log in and manage your crypto accounts. Custodial wallets are often web-based, and the biggest tick in their pro column is that they’re generally very easy to use. While reputable custodial wallets take security very seriously, the threat of a breach is always a possibility, especially as crypto accounts are appealing targets to cybercriminals. 

Hardware vs. software

Hardware wallets, also known as cold wallets, are devices you can fit in the palm of your hand. Most models are Bluetooth-enabled devices that look like small remote controls or are flash drives. The device is secured by a PIN that you should never write down or share with anyone else. Also, you should designate a safe and private spot to store your hardware wallet. Similar to a noncustodial wallet, you are solely responsible for keeping track of the device and remembering the PIN. If you lose it, your crypto accounts are locked, and there’s no locksmith to open them for you. As long as you keep track of it, hardware wallets are very secure. Most models are equipped with malware- and virus-proofing security features. 

Software wallets are downloaded and internet-connected mobile or desktop apps. They allow you to make transactions on the run, as you can access your crypto accounts from your phone. In that sense, they’re more convenient than hardware wallets. Additionally, software wallets have the same safety net as custodial wallets: if you lose your phone, forget your password, or require login assistance, the maker of the software can help you access your accounts. Software wallets are very secure when you enable their two-factor authentication login settings; however, since they connect to the internet, there’s always a chance a cybercriminal could break-in. Thus, hardware wallets are considered more secure than the software variety. 

How to Keep Your Crypto Wallet Safe 

Check out these tips to ensure your assets are safe and secure in your crypto wallet: 

Check your accounts regularly. It’s imperative that you check your crypto wallet regularly to ensure that your accounts look in order and you can catch suspicious activity quickly. Crypto wallets and digital wallets are unlike the physical one you carry in your pocket or your bag, because when your physical wallet goes missing, you’re likely to notice it quickly. “Phone, keys, wallet” is a mantra most of us sing before walking out the door. Plus, everyone knows the immediate steps to take when a physical wallet goes missing: retrace your steps, put a hold on credit and debit cards, file for a new driver’s license. If you think something is amiss with your wallet, cancel any credit cards linked to your account, change your password immediately and set up two-factor authentication if you haven’t already.
Set up two-factor authentication. Speaking of login security, always make sure you enable two-factor authentication. It is one of the best ways to deter a thief. If your device has biometric authentication, that’s even better. This means that only a scan of your face, voice, or fingerprint will open your accounts. 
Know how to identify crypto wallet scams. Watch out for phishers who may be persistent in trying to gain access to your cryptocurrency accounts. If anyone by email, text, phone, or snail mail asks for your private key, ignore the correspondence and go on high alert. Never share your private key with anyone! Phishing attempts often use fear or excitement to trick people into divulging personal information, so don’t fall for messages masquerading as contests or as a crypto company that needs your private key to restore your accounts.

Explore Crypto Safely and Confidently

Cryptocurrency value is reaching galactic heights like the spaceships depicted in prime-time ads. Don’t feel pressured to hop aboard the crypto rocket, but if you do decide to jump on, make sure you do your research carefully and make the best decisions for your crypto goals. 

The post What Is a Crypto Wallet and How to Keep Your Wallet Secure? appeared first on McAfee Blog.

Read More

This will be law soon:

Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress.

[…]

The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours.

Even better would be if they had to report it to the public.

Read More

The widescale DDoS attack is suspected to have been conducted by a nation-state actor

Read More

In February 2022, Arechlient2, CryptoWall, and Delf. CryptoWall returned to the Top 10, while Arechclient2 and Delf made their first appearances.

Read More

Russia is offering its own Transport Layer Security (TLS) certificates to bypass sanctions imposed by Western companies and governments that are limiting citizens’ access to websites amid the nation’s invasion of Ukraine. Restrictions on foreign payments are leaving many Russian websites unable to renew certificates with international signing authorities causing browsers to block access to sites. As a result, the Russian state has launched a domestic TLS certificate authority (CA) for the independent issuing and renewal of TLS certificates. The risks of Russian-owned and -issued TLS certificates are significant and include traffic interception and man-in-the-middle (MitM) attacks.

To read this article in full, please click here

Read More

Zimperium report warns of bugs, malware and misconfigurations

Read More

This blog was written by an independent guest blogger.

The US Office of Management and Budget (OMB) has released a strategy to help the federal government embrace a zero-trust approach to cybersecurity.

Overview of OMB’s Zero Trust strategy

Released on January 26, 2022, the strategy identifies “specific security goals” that heads of Federal Civilian Executive Branch (FCEB) agencies must achieve by the end of the Fiscal Year (FY) 2024. Provided below are some of these objectives.

In its Executive Order (EO) 14028, The White House states that FCEB agencies must develop their own plans for implementing a zero-trust architecture (ZTA). OMB’s strategy goes beyond this mandate by requiring FCEB agencies to incorporate additional requirements and submitting them to OMB and the US Cybersecurity & Infrastructure Security Agency (CISA) within 60 days of the memorandum taking effect. FCEB agencies also need to submit a budget estimate for FY 2024 within that period. In the shorter term, OMB explains that in-scope entities can use internal funding or seek money from alternative sources to achieve primary goals in FY 2022 and FY 2023.
OMB’s strategy notes that FCEB agencies must designate and identify a lead for implementing zero trust at their organization within 30 days of the strategy entering into force. Ultimately, OMB will use those leads to coordinate the implementation of zero trust across the federal government. It’ll also refer to them to orchestrate planning and implementation efforts within each agency. 

Identity and MFA as key tenets

The security goals identified above align with several pillars of zero trust set forth by CISA. “Identity” is one of the most important of those elements. The purpose of “Identity” for zero trust is to have agency staff use enterprise-managed identities to access the applications they need to perform their job duties. The best way to do that is to invest in centralized identity management systems and integrate them into both applications, and common platforms, noted OMB in its federal strategy. Specifically, agencies can implement phishing-resistant multi-factor authentication (MFA) at the application layer as well as require staff, contractors, and partners to enroll in this scheme. (This option must also be an option for public users.) Finally, agencies must design their password policies in such a way that doesn’t require the use of special characters or require regular password rotation.

A driving factor behind the importance of identity and MFA to zero trust is the growth in cloud adoption. In December 2021, 90% of O’Reilly subscribers revealed their organizations were using the cloud at that time—up from 88% a year earlier. The study went on to reveal that at least 75% of respondents in organizations across every sector were using the cloud, with retail & commerce, finance & banking, and software registering as some of the most active industries. Looking ahead, nearly half (48%) of survey participants said that their organizations were planning to migrate at least half of their applications to the cloud in the coming year. One-fifth of personnel said they intended to migrate all their applications within that period.

This growing focus on the cloud means that literally everyone is an outsider, as I told TechSpective last August. In response, organizations need to implement a scheme by which they can validate the authenticity of approved identities and their attributes for users, services, and devices.

Giving authentication and identity the emphasis they deserve

FCEB agencies and other organizations can emphasize authentication and identity protection for zero trust by laying the groundwork for an Identity and Access Management (IAM) strategy. In formulating this plan, organizations should follow the CISA’s MFA guidelines. They then need to clarify which authentication methods they’ll require of their users and plan how to roll out authentication for their users. Finally, entities can develop access rules and policies to shape who can access certain types of data and applications along with the conditions under which they can do so. 

Regarding MFA in particular, agencies and other organizations can consider combining MFA with other best practices such as Single Sign-On to improve account security while reducing user friction. To this end, they can use an integrated service or solution that offers multi-factor authentication, SSO and policy-based access.

Read More

CaddyWiper looks like nothing else, says ESET

Read More

Even in today’s age of digital evolution, malicious hackers continue to use attack vectors dating back decades. Research shows notable periods of resurgence relating to certain methods deemed old-fashioned. What this indicates is that while attack specifics can change with time, points of infection, distribution and proliferation can remain and even lead to the most significant of breaches.

“Cybercriminals tend to return to ‘old favorite’ methods of attack, particularly when newer vectors get shut down or become more difficult to execute due to the efforts of law enforcement and security teams,” says Egress Threat Intelligence Vice President Jack Chapman.

To read this article in full, please click here

Read More