Connect with us

Cyber Security

Mirror Completes Bridge to Binance Smart Chain to Bring Synthetic…

Avatar

Published

on

News Image

We’re thrilled to extend access to Mirror’s synthetic assets to the Binance Smart Chain community.

Mirror, the synthetic assets protocol built on the Terra blockchain, has completed the integration of a cross-chain bridge to Binance Smart Chain (BSC) — bringing synthetic assets to the BSC community. The bridge enables porting of Terra’s stablecoin UST, its native token LUNA, governance token MIR, and Mirrored Assets (mAssets) to BSC. Initially, the assets will be rolled out on BSC DeFi applications PancakeSwap and StableXSwap.

“We’re thrilled to extend access to Mirror’s synthetic assets to the Binance Smart Chain community,” says Terraform Labs Co-Founder & CEO, Do Kwon. “The exposure to mAssets via a cross-chain bridge is a powerful avenue for increasing composability and liquidity across blockchain networks, and we welcome the BSC community to Mirror’s community-governed protocol as the next major step in Mirror’s mission to bring synthetic asset exposure to the world.”

Terra’s custom cross-chain bridge was originally built between Terra and Ethereum, enabling Terra assets, such as whitelisted mAssets on Mirror, to be sent from the Terra blockchain to Ethereum. Terra’s BSC integration will now enable users to access mAssets directly from applications running on BSC.

The initial liquidity of mAssets on BSC will be supplemented by the inclusion of mAssets and UST into two of BSC’s leading DeFi protocols — PancakeSwap, an automated market maker (AMM) DEX, and StableXSwap, a stablecoin DEX similar to Curve on Ethereum.

The first mAssets to list on PancakeSwap will be the major tech stocks Tesla, Amazon, Netflix, and Google via their mirrored mAsset versions. On StableXSwap, UST will be listed against BUSD using the platform’s low-slippage bonding curve pool. Rewards for providing liquidity will be issued in Terra’s native token, LUNA, in the coming weeks.

The mAssets can be deployed for a variety of purposes, including use as collateral in lending protocols, used by LPs in yield farming programs, leveraged trading of synthetics, synthetic stable pools (e.g., mBTC/LinearBTC/BTCB), and more.

About Binance Smart Chain

Binance Smart Chain is a sovereign smart contract blockchain delivering Ethereum Virtual Machine (EVM) compatible programmability. Designed to run in parallel with Binance Chain, Binance Smart Chain retains the former’s fast execution times and low transaction fees while adding Smart Contracts functionality to support compatible dApps.

For more information on Binance Smart Chain, visit https://www.binance.org/#smartChain.

Discord: https://discord.com/channels/789402563035660308/789427734711107595

About Mirror

Mirror is a DeFi protocol powered by smart contracts on the Terra network that enables the creation of synthetic assets called Mirrored Assets (mAssets). mAssets mimic the price behavior of real-world assets and give traders anywhere in the world open access to price exposure without the burdens of owning or transacting real assets. Mirror is a community-governed project that seeks to unlock the wealth creation of major asset classes to users around the world via a permissionless access model.

Share article on social media or email:

Source: https://www.prweb.com/releases/mirror_completes_bridge_to_binance_smart_chain_to_bring_synthetic_stocks_to_binance_community/prweb17677187.htm

AI

SolarWinds Hackers Targeted Cloud Services as a Key Objective 

Avatar

Published

on

The SolarWinds attackers appear to have as a primary objective the compromise the authentication method for cloud services, with far-reaching implications. (Credit: Getty Images).   

By John P. Desmond, AI Trends Editor 

The SolarWinds hackers appeared to have targeted cloud services as a key objective, potentially giving them access to many, if not all, of an organization’s cloud-based services.  

Christopher Budd, independent security expert

This is from an account in GeekWire written by Christopher Budd, an independent security consultant who worked previously in Microsoft’s Security Response Center for 10 years.  

“If we decode the various reports and connect the dots we can see that the SolarWinds attackers have targeted authentication systems on the compromised networks, so they can log in to cloud-based services like Microsoft Office 365 without raising alarms,” wrote Budd. “Worse, the way they’re carrying this out can potentially be used to gain access to many, if not all, of an organization’s cloud-based services.”  

The implication is that those assessing the impact of the attacks need to look not just at their own systems and networks, but also at their cloud-based services for evidence of compromise. And it means that defending against attacks means increasing the security and monitoring of cloud services authentication systems, “from now on.”  

Budd cited these key takeaways: 

  • After establishing a foothold in a network, the SolarWinds attackers target the systems that issue proof of identity used by cloud-based services; and they steal the means used to issue IDs; 
  • Once they have this ability, they are able to create fake IDs that allow them to impersonate legitimate users, or create malicious accounts that seem legitimate, including accounts with administrative access;  
  • Because the IDs are used to provide access to data and service by cloud-based accounts, the attackers are able to access data and email as if they were legitimate users.

SAML Authentication Method for Cloud Services Seen Targeted 

Cloud-based services use an authentication method called Security Assertion Markup Language (SAML), which issues a token that is “proof” of the identity of a legitimate user to the services. Budd ascertained, based on a series of posts on the Microsoft blog, that the SAML service was targeted. While this type of attack was first seen in 2017, “This is the first major attack with this kind of broad visibility that targets cloud-based authentication mechanisms,” Budd stated. 

In response to a question Budd asked Microsoft, on whether the company learned of any vulnerabilities that led to this attack, he got this response: “We have not identified any Microsoft product or cloud service vulnerabilities in these investigations. Once in a network, the intruder then uses the foothold to gain privilege and use that privilege to gain access.” 

A response from the National Security Administration was similar, saying the attackers, by “abusing the federated authentication,” were not exploiting any vulnerability in the Microsoft authentication system, “but rather abusing the trust established across the integrated components.” 

Also, although the SolarWinds attack came through a Microsoft cloud-based service, it involved the SAML open standard that is widely used by vendors of cloud-based services, not just Microsoft. “The SolarWinds attacks and these kinds of SAML-based attacks against cloud services in the future can involve non-Microsoft SAML-providers and cloud service providers,” Budd stated. 

American Intelligence Sees Attack Originating with Russia’s Cozy Bear 

American intelligence officials believe the attack originated from Russia. Specifically, according to a report from The Economist, the group of attackers known as Cozy Bear, thought to be part of Russia’s intelligence service, were responsible. “It appears to be one of the largest-ever acts of digital espionage against America,” the account stated.  

The attack demonstrated “top-tier operational tradecraft,” according to FireEye, a cyber-security firm that also was itself a victim.  

America has tended to categorize and respond to cyber-attacks happening over the last decade according to the aims of the attackers. It has regarded intrusions intended to steal secretsold-fashioned espionageas fair game that the US National Security Agency is also engaged in. But attacks intended to cause harm, such as the North Korea assault on Sony Pictures in 2014, or China’s theft of industrial secrets, are viewed as crossing a line, the account suggested. Thus, sanctions have been imposed on many Russian, Chinese, North Korean and Iranian hackers.   

The Solar Winds attack seems to have created its own category. “This effort to stamp norms onto a covert and chaotic arena of competition has been unsuccessful,” the Economist account stated. “The line between espionage and subversion is blurred.”  

One observer sees that America has grown less tolerant of “what’s allowed in cyberspace” since the hack of the Officer of Personnel Management (OPM) in 2015. That hack breached OPM networks and exposed the records of 22.1 million related to government employees, others who had undergone background checks, and friends and family. State-sponsored hackers working on behalf of the Chinese government were believed responsible.   

“Such large-scale espionage “would be now at the top of the list of operations that they would deem as unacceptable,” stated Max Smeets of the Centre of Security Studies in Zurich. 

“On-Prem” Software Seen as More Risky 

The SolarWinds Orion product is installed “on-prem,” meaning it is installed and run on computers on the premises of the organization using the software. Such products carry security risks that IT leadership needs to carefully evaluate, suggested a recent account in eWeek 

William White, security and IT director, BigPanda

The SolarWinds attackers apparently used a compromised software patch to gain entry, suggested William White, security and IT director of BigPanda, which offers AI software to detect and analyze problems in IT systems. “With on-prem software, you often have to grant elevated permissions or highly privileged accounts for the software to run, which creates risk,” he stated.    

Because the SolarWinds attack was apparently executed through a software patch, “Ironically, the most exposed SolarWinds customers were the ones that were actually diligent about installing Orion patches,” stated White.  

Read the source articles in GeekWirefrom The Economist and in eWeek.

Source: https://www.aitrends.com/security/solarwinds-hackers-targeted-cloud-services-as-a-key-objective/

Continue Reading

Cyber Security

Tax Season Ushers in Quickbooks Data-Theft Spike

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/tax-quickbooks-data-theft/164253/

Continue Reading

Cyber Security

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/mozilla-firefox-bugs-cookie-tracking/164246/

Continue Reading

Cyber Security

VMWare Patches Critical RCE Flaw in vCenter Server

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/vmware-patches-critical-rce-flaw-in-vcenter-server/164240/

Continue Reading
NEWATLAS2 hours ago

NIH study confirms SARS-CoV-2 reinfections are relatively rare

NEWATLAS3 hours ago

Land Rover drops a V8 into fastest, most powerful Defender ever

AI3 hours ago

Using container images to run TensorFlow models in AWS Lambda

AI3 hours ago

IBM Reportedly Retreating from Healthcare with Watson 

AI3 hours ago

SolarWinds Hackers Targeted Cloud Services as a Key Objective 

AI3 hours ago

RAND Corp. Finds DoD “Significantly Challenged” in AI Posture 

AI4 hours ago

Tesla Working on Full Self-Driving Mode, Extending AI Lead 

Bioengineer4 hours ago

UM scientists achieve breakthrough in culturing corals and sea anemones cells

Bioengineer4 hours ago

CAR T-cell therapy generates lasting remissions in patients with multiple myeloma

AI4 hours ago

Asimov’s Three Laws Of Robotics And AI Autonomous Cars 

Bioengineer4 hours ago

Bearded seals are loud — but not loud enough

Bioengineer4 hours ago

Study finds human-caused North Atlantic right whale deaths are being undercounted

Nano Technology4 hours ago

A speed limit also applies in the quantum world: Study by the University of Bonn determines minimum time for complex quantum operations

180-degree-capital-corp-reports-6-7-growth-in-q4-2020-9-28-net-asset-value-per-share-as-of-december-31-2020-and-developments-from-q1-2021-including-expected-investment-in-a-planned-spac-sponsor.gif
Nano Technology4 hours ago

180 Degree Capital Corp. Reports +6.7% Growth in Q4 2020, $9.28 Net Asset Value per Share as of December 31, 2020, and Developments from Q1 2021 Including Expected Investment in a Planned SPAC Sponsor

cea-leti-dolphin-design-report-fd-soi-breakthrough-that-boosts-operating-frequency-by-450-and-reduces-power-consumption-by-30-joint-paper-presented-at-isscc-2021-shows-how-new-adaptive-back-biasing.jpg
Nano Technology4 hours ago

CEA-Leti & Dolphin Design Report FD-SOI Breakthrough that Boosts Operating Frequency by 450% and Reduces Power Consumption by 30%: Joint Paper Presented at ISSCC 2021 Shows How New Adaptive Back-Biasing Technique Overcomes Integration Limits in Chip Design Flows

Amb Crypto4 hours ago

Global crypto population surpasses 100 million; Boomers and Gen X now ‘keen on Bitcoin’

Bioengineer4 hours ago

New shape-changing 4D materials hold promise for morphodynamic tissue engineering

Bioengineer5 hours ago

Parker Solar Probe offers stunning view of Venus

NEWATLAS5 hours ago

Barley growing conditions found to affect whisky characteristics

Energy5 hours ago

Energy Transition Jobs: PG&E, Nexus Power Group, Breakthrough Energy Ventures, and more

Cyber Security5 hours ago

Tax Season Ushers in Quickbooks Data-Theft Spike

Bioengineer6 hours ago

Embracing our excremental selves

Bioengineer6 hours ago

Over 80% of Atlantic Rainforest remnants have been impacted by human activity

Bioengineer6 hours ago

‘Miracle poison’ for novel therapeutics

Cyber Security6 hours ago

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking

Bioengineer6 hours ago

Rediscovered journal brings unique perspective on Atlantic slave trade

SPACS6 hours ago

Video: The Case for Why Clover Health Stock is Headed to Zero

Amb Crypto6 hours ago

Why Cardano’s price recovery is more organic than reflexive

Bioengineer7 hours ago

Strengthened by chaos, new super-hard materials will stir steel together

Automotive7 hours ago

SpaceX rapidly builds, tests Starship Moon elevator for NASA

Trending