By Deeba Ahmed
Interestingly, Telegram is also part of this ban, although it is owned by Russian millionaire Pavel Durov.
This is a post from HackRead.com Read the original post: Russia Bans WhatsApp, Discord, Telegram, and Others

The Russian government has added a wide range of Western messaging apps to its Register of Prohibited Sites, including Snapchat, WhatsApp, Discord, Skype for Business, Microsoft Teams, and Telegram.

In addition, European encrypted messaging apps Viber and Threema, as well as the Chinese communication app WeChat, have also been banned.

According to a memo posted by a famous online library of hacked materials, such as source codes and malware, the Russian Federation has banned all Western social media and online messaging applications.

The complete list of banned apps includes the following:

1.  Viber
2.  Discord
3.  WeChat
4.  Snapchat
5.  Telegram
6.  Threema
7.  WhatsApp
8.  Microsoft Teams
9.  Skype for Business

The government has devised a new law on Information, Information Technologies, and Information Protection to ban these applications, which was formally implemented yesterday. The law is part of the Federal Service for Supervision of Communications, Information Technology, and Mass Media, aka **Roskomnadzor** (RKN).

Article 8-10 of **the new law** applies to government agencies and organizations and establishes a ban for several Russian organizations on using Western foreign messaging apps.

In a **statement**, Roskomnadzor said, “The law establishes a ban for a number of Russian organizations on the use of foreign messengers (information systems and computer programs owned by foreign persons that are designed and (or) used for exchanging messages exclusively between their users, in which the sender determines the recipients of messages and does not provide for placement by internet users publicly available information on the internet).”

It is worth noting that Zoom and Signal have not been added to the list, but they may be added to the Russian government’s infamous register sometime later. These restrictions are placed on government officials to minimize the possibility of sensitive data landing in the wrong hands, particularly to Ukraine’s allies. Or this could be part of a wider crackdown against foreign tech services in Russia.

Interestingly, Telegram is also part of this block list, even though it is owned by Russian millionaire Pavel Durov. This app is popular in Ukraine and in the western regions, which could be a reason for its blacklisting. App and site owners can file an appeal within a month before they are placed on the Register of Prohibited Sites; however, the appeal may be denied.

In 2018, the Russian administration formally **banned Telegram, 50+ VPNs and anonymizers** in the country and has already blocked hundreds of Western social networking platforms, such as Instagram and Facebook, as well as news platforms. There has also been a crackdown against the use of the Tor browser and VPNs.

*   **Germany bans kids’ smartwatches**
*   **US Military bans TikTok over privacy concerns**
*   **GoDaddy bans neo-nazi DailyStormer website**
*   **Why are Google and Facebook banned in China?**
*   **U.S bans Kaspersky software for links to Russia**

Russia Bans WhatsApp, Discord, Telegram, and Others

By Deeba Ahmed
OpenAI has announced the launch of developer APIs for the ChatGPT chatbot. This means that developers will be…
This is a post from HackRead.com Read the original post: OpenAI Releases Developer APIs for ChatGPT and Whisper Models

OpenAI has announced the launch of developer APIs for the ChatGPT chatbot. This means that developers will be able to use these APIs to integrate ChatGPT into their own apps or software, allowing users to interact with the chatbot within those apps.

The creator of **ChatGPT** and DALL-E 2, OpenAI, has announced the launching of developer APIs for the Whisper speech-transcription model and its ground-breaking chatbot, ChatGPT. The company also revised its terms of service to allow developers to add a 30-day data retention policy and opt out of their data usage at any time.

**How The ChatGPT API will Work?**

ChatGPT is a free text-generating AI boasting over 100 million monthly users. The chatbot has wreaked havoc in the cybersecurity community and has been used for writing hundreds of Amazon Kindle e-books and co-authoring one scientific paper.

This new API will use a similar AI model as ChatGPT does, which is gpt-3.5-turbo. This will let developers add unchanged or flavoured versions of the chatbot to their applications. For instance, MY AI by Snap or the new virtual tutor featuring Quizlet online education tool and Ask Instacart tool.

It is worth noting that the API isn’t limited to brand-specific bots that mimic ChatGPT but can also power non-chat software.

**Changes in Whisper API**

According to the company’s **blog post**, OpenAI is offering a hosted version of the Whisper API, which is an open-source Whisper speech-to-text model. It was launched in September as a model but the San Francisco-based startup, OpenAI believes it wasn’t capable of allowing an entire developer ecosystem to be built around it.

Hence, Greg Brockman, OpenAI’s co-founder and president, decided to optimize the large model to the extreme.

> “It’s much, much faster and extremely convenient”
> 
> Greg Brockman

**Pricing Details**

ChatGPT costs $0.002 per 1,000 tokens or 750 words along with a dedicated capacity feature for deep-pocketed developers who want to use more tokens than allowed in standard API. Conversely, the transcription API will cost $0.006 per minute and will allow robust transcription in different languages as well as English translation.

1.  **Google Introduces Bard: New ChatGPT Rival**
2.  **Bard AI Causes Google Losses of $100 Billion**
3.  **ChatGPT Clone Apps Collecting Personal Data**
4.  **ARMO integrates ChatGPT to secure Kubernetes**
5.  **OpenAI’s ChatGPT Can Create Polymorphic Malware**

OpenAI Releases Developer APIs for ChatGPT and Whisper Models

By Deeba Ahmed
The new MQTTang backdoor is capable of evading detection, making it an even bigger threat to victims.
This is a post from HackRead.com Read the original post: Chinese Hackers Unleashes MQsTTang Backdoor Against Govt Entities

The hacker group behind this campaign is the notorious Chinese APT group called Mustang Panda, while the prime targets of the attack are government and political organizations across Asia and Europe.

**Mustang Panda**, a notorious Chinese APT group, has reportedly deployed a new, custom backdoor dubbed MQsTTang. Slovak cybersecurity firm ESET has analyzed this campaign that started in early 2021.

According to ESET researcher Alexandre C.T. Cyr MQsTTang, a previously unseen custom backdoor was used in a social engineering campaign that started in January 2023.

This backdoor isn’t based on any existing family of malware or publicly available projects. ESET stated that attackers have used decoy filenames that align with their previous campaigns targeting European political organizations.

**Who are the Targets?**

ESET assessed that attackers are targeting unknown identities in Australia and Bulgaria. They have also focused on entities in Asia and Europe; a **government institution in Taiwan** is among the targets. According to the researchers, this campaign is still ongoing.

**About Mustang Panda**

This cyber-espionage group is also known as “Bronze President” and “TA416.” They usually rely on customized Korplug variants or **PlugX** and intricate loading chains. In this case, however, the group has used an unusual tactic by creating malware with just one stage and no obfuscation techniques.

Mustang Panda has targeted organizations across the globe and stolen data using their custom RAT, PlugX. However, this time, Mustang Panda developed the MQsTTang backdoor malware to make detection more difficult and attribution harder. In addition, the group has started using other custom tools, such as PUBLOAD, TONESHELL, and TONEINS.

**How Does the Attack Work?**

The malware has been characterized as a bare-bones backdoor, which allows the attacker to execute remote commands on the compromised device. MQTTang is distributed via spear-phishing emails, and payloads are downloaded **through GitHub repositories** created by a user associated with previously-discovered campaigns of this APT group.

The MQsTTang executable is compressed in RAR archives and named after a diplomatic theme, such as passport scans of the embassy and diplomatic mission personnel. When launched, the malware creates a copy of itself with a command-line argument to perform tasks such as enabling C2 communications or ensuring persistence.

An unusual thing about MQsTTang is that it uses the MQTT protocol for C2 communications to maintain resilience to C2 takedowns, hide infrastructure the hackers used through involving a broker for passing communications, and check for debuggers/monitoring tools to evade detection, etc.

“This new MQsTTang backdoor provides a kind of remote shell without any of the bells and whistles associated with the group’s other malware families,” ESET’s **report** read.

1.  **Chinese Hackers Exploiting Log4j Vulnerability**
2.  **Windows, Linux and macOS Targeted by Chinese**
3.  **Chinese Hackers Hit Group-IB Cybersecurity Firm**
4.  **Chinese Hackers Hiding Malware in Windows Logo**
5.  **Chinese Hackers Distributing Nim language Malware**

Chinese Hackers Unleashes MQsTTang Backdoor Against Govt Entities

By Waqas
Under the new National cybersecurity strategy, critical infrastructure firms and software companies will face federal accountability for security…
This is a post from HackRead.com Read the original post: White House National Cybersecurity Strategy:  Software Firms Liable for Breaches

Under the new National cybersecurity strategy, critical infrastructure firms and software companies will face federal accountability for security breaches.

The White House has unveiled a new national cybersecurity strategy that calls for increased federal regulation of **critical infrastructure** firms and for software companies to be held accountable for security breaches.

The policy, which reflects growing concern over cybercriminals and foreign states targeting US public services, seeks to leverage the government’s purchasing and regulatory powers to boost the security of the nation’s critical economic and security infrastructure.

The White House is looking to develop legislation with Congress to hold software makers liable when their products and services do not provide adequate protection from sabotage.

The **new policy** will not have the force of law, but it will shape corporate behaviour and influence billions of dollars in federal contracts requiring **cybersecurity defences**.

It is worth noting that the new policy came just days after the Crowd Strike cybersecurity firm released its **2023 Global Threat Report**, revealing an increase in cyberattacks from China, Russia, and Iran.

The company singled out Chinese-nexus adversaries as the most active targeted intrusion groups, with targeted cyberespionage attacks in 39 industries across over 20 geographic regions around the globe. The primary target of Chinese-affiliated adversaries was North America.

Screenshot from CrowdStrike’s report (Click or open in a new tab for better resolution)

In a comment to Hackread.com, Fortress Information Security’s CEO and co-founder Alex Santos applaud The White House’s National Cybersecurity Strategy and its focus on critical infrastructure and national defence cybersecurity.

“Our national defence is at risk without a sound and comprehensive cybersecurity strategy supported by a pragmatic operational plan that brings together the public and private sectors,” said Alex.

Alex added that, although the new strategy is a good initiative to track challenges, time is of the essence. The co-founder also referred to the CHIPS and Science Act of 2022 to secure supply chains for the semiconductor industry.

“We’d like to see more. more funding in the National Defense Authorization Act, more strict adherence to deadlines, more incentive for industries to band together to share critical risk and vulnerability information, and more support for existing cybersecurity initiatives like Critical Infrastructure Protection standards and the North America Energy Software Assurance Database,” Alex added.

1.  **Why IoT is a cybersecurity threat**
2.  **Why take cybersecurity seriously**
3.  **Best Cyber Security Certifications**
4.  **Solving the Cyber Security Problem**
5.  **Google buys cybersecurity firm Mandiant**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

White House National Cybersecurity Strategy:  Software Firms Liable for Breaches

By Deeba Ahmed
The hackers managed to access the retailer's current and former employees' information, including names, dates of birth, addresses, and national insurance numbers.
This is a post from HackRead.com Read the original post: Retail Giant WH Smith Cyberattack – Employee Data Stolen

W.H. Smith is the latest UK-based business to suffer a cyber attack, following the Royal Mail ransomware attack and data breach at JD Sports.

UK-based high street chain WH Smith has confirmed that it was targeted in a cyberattack resulting in the theft of employee data. Following the detection of the attack, WH Smith initiated an investigation in partnership with cybersecurity experts and implemented incident response strategies, including notifying relevant authorities.

**What Data Was Stolen in WH Smith Hack**

The hackers managed to access the retailer’s current and former employees’ information, including names, dates of birth, addresses, and national insurance numbers.

The stationary and book giant stated that currently there is no evidence that banking details were accessed during the attack. WH Smith also revealed that the hacking didn’t affect its trading activities, and its website, customer databases, and customer accounts were also unaffected because they were on separate systems.

However, Risk Crew’s CEO, Richard Hollis, says that even though financial data wasn’t compromised in the attack, it doesn’t make the incident any less concerning because of the involvement of the personal information of its employees.

In a comment to Hackread.com, Jasson Casey, CTO at Beyond Identity said, “This attack on WHSmith serves as yet another reminder that adversaries continue to ramp up their attacks.”

“Studies like the Verizon Data Breach Investigation Report confirm that threat actors are often taking advantage of outdated security measures that make it cheap and easy to pull off a successful attack,” Jasson added.

The CTO warned that “the unfortunate attack on WHSmith won’t be the last and should be the wake-up call that organisations need to fix outdated controls”

**WH Smith’s Statement**

In a media statement, WH Smith emphasized that it takes cybersecurity seriously and is currently notifying all affected employees and providing support to them.

> WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them.
> 
> WH Smith

Meanwhile, experts are recommending that businesses in the retail sector implement data-centred protective measures to secure sensitive data like financial, transactional, and PII data.

The cyberattack on WH Smith is one of several recent attacks on UK-based businesses, with Royal Mail’s international postal services being offline for an extended period after a ransomware attack on the company.

1.  PayPal Notifies 35,000 Users of Data Breach
2.  Malware found in UK Govt-funded laptops for kids
3.  Reddit Hacked as Employee Bites on Phishing Scam
4.  Hackers disrupt UK’s Bristol Airport flight info screens
5.  Coinbase Employees Targeted by SMS Phishing Attack

Retail Giant WH Smith Cyberattack – Employee Data Stolen

By Waqas
ProtonVPN is currently available in three packages, including one free and two paid.
This is a post from HackRead.com Read the original post: ProtonVPN launches extensions for Chrome and Firefox browsers

You can now connect to ProtonVPN with just one tap of a button.

**Proton VPN** has launched its new browser extension for Chrome and Firefox, fulfilling one of the most sought-after features requested by its user community. This new extension provides users with a more flexible way to protect their online privacy and **bypass censorship**.

The Proton VPN browser extension is a standalone platform that encrypts internet traffic and browsers without needing to install Windows or Mac applications. This distribution method allows users in countries with blocked app stores to access Proton VPN.

With this new extension, users can easily protect their browser traffic without affecting the speeds or IP addresses of other applications on their devices. The extension can be used across multiple browsers, and each browser can be connected to a different server, allowing for up to ten simultaneous VPN connections.

In a **statement**, Proton VPN explained that they understand the importance of online privacy and freedom of access, and this new extension is designed to provide more options for users to protect their online activity. They also emphasized that they take user feedback seriously and strive to implement new features that cater to their needs.

> The Proton VPN browser extension is available for Chromium-based browsers (such as Google Chrome, Brave, Microsoft Edge, Chromium, Opera, and Vivaldi) and Firefox-based browsers (including Firefox itself, LibreWolf, and Waterfox).
> 
> ProtonVPN

Proton VPN is a well-known and reputable **VPN provider** based in Switzerland that has been praised for its strong security measures and privacy protections. The company’s commitment to expanding its offerings and providing users with more control over their online privacy is a significant step forward in the fight for digital rights.

1.  **Best legal & free online streaming sites**
2.  **ExpressVPN Removes VPN Servers in India**
3.  **What is an OSINT tool – Best OSINT tools 2023**
4.  **8 best dark web search engines for Tor browser**
5.  **Mozilla VPN – Firefox private network VPN is here**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

ProtonVPN launches extensions for Chrome and Firefox browsers

By Waqas
As analyzed by Hackread.com, the leaked details contain over 500,000 email addresses along with credit card numbers and CVV codes in plain text.
This is a post from HackRead.com Read the original post: BidenCash Market Leaks 2M Credit Cards in Birthday Blitz

BidenCash is a carding marketplace that functions on both the dark web and the clear web, offering stolen credit card details to the public.

BidenCash, a notorious dark web carding marketplace, has leaked over two million valid credit cards as part of its birthday anniversary promotion. The one-year-old leaked dataset contains card information from all over the world, with a significant number of them issued in the United States, China, Mexico, India, Canada, and the UK.

The leaked information includes cardholders’ full names, card numbers, bank details, expiration dates, card verification value (CVV) numbers, home addresses, and more than 500,000 email addresses.

The screenshot shows the type of data leaked by the BidenCash marketplace and their post on a Russian hacker forum (Credit: Hackread.com)

Usually, cybercriminals tend to use the dark web to sell such information; in the BidenCash case, the administrator of the carding site has decided to give a treasure trove of information to the public. It is worth noting that the 260 MB of data, as shown in the screenshot above, is also leaked on a popular Russian language hacker forum.

Although, the exact modus operandi of BidenCash is unclear; carding sites mostly obtain credit card data through various methods, including using information-stealing malware, phishing attacks, skimming, and exploiting vulnerabilities in point-of-sale (PoS) systems.

They also purchase or trade data in underground forums or from other cybercriminal groups. Once the data is obtained, the carding site operators can sell the information to other cybercriminals or use it for fraudulent activities such as making unauthorized purchases or money laundering.

While this is not the first instance of BidenCash leaking credit card data, the timing of their “birthday anniversary promotion” seems questionable. A user on a Russian forum even pointed out that the claim of their anniversary celebration in March is contradictory to their launch date in June last year, stating, “Weren’t you launched in June last year and not in March?”

The authorities are investigating the incident, and affected cardholders are advised to monitor their accounts and report any suspicious activities to their banks. Meanwhile, cybersecurity experts are calling for more robust measures to curb the proliferation of carding marketplaces and the use of stolen credit card information.

1.  600k card info from Swarmshop crime forum leaked
2.  Stolen credit card trading scam on dark web busted
3.  Payment firm leaked 9m credit card transaction data
4.  Card data of millions of Wawa users sold on dark web
5.  Largest dark web market for stolen cards UniCC quits

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

BidenCash Market Leaks 2M Credit Cards in Birthday Blitz

By Waqas
Bitcoin has both security and liquidity, and now, with the addition of smart contract capabilities, it has all the ingredients required for DeFi to take off.
This is a post from HackRead.com Read the original post: Could Bitcoin Be The Future Of DeFi?

DeFi investors lost almost $3.8 billion in 2022 following a series of highly publicized hacks that mostly involved smart contract exploits and vulnerabilities. But this year, one could be forgiven for thinking the DeFi hacking scene has suddenly become much safer, with a distinct lack of multi-million dollar crypto thefts hitting the headlines. 

However, just because the news has gone quiet, that doesn’t mean DeFi hasn’t experienced any drama. The amounts stolen are noticeably lower, and the hackers seem to be getting sloppier, but the attacks are prevalent all the same. 

In mid-February, a messy hack attempt saw someone get away with $8.5 million from Platypus Finance, or at least initially. It seems that the attacker must have been an amateur though, as he or she consequently lost a portion of the funds within their own smart contract, which was quickly frozen by Tether. The attacker also appears to have sent some of his illicit gains to the lending protocol Aave, which froze the amount and is discussing its return to Platypus. 

In addition, the hacker’s wallet address was soon linked to a number of social media accounts by the crypto scam buster ZachBTX. And soon after that, BlockSec was able to carry out a “reverse-hack” to recover another $2.4 million of the stolen funds. 

Elsewhere, more than $4 million worth of crypto was stolen from dForce Network and Midas Capital in two attacks that took place in January and February of this year. In both cases, the hacker exploited the same smart contract vulnerability. Luckily for dForce, it offered the hacker a bug bounty and was able to recover all of the funds. 

Hope Finance has had less success in recovering the $1.8 million it lost following a Feb. 21 update to its protocol that was meant to divert assets to an external wallet. The project’s team quickly accused a colleague of rug-pulling the project, but it seems unlikely that the culprit will be held accountable. Efforts to identify the individual have been hindered because the modification was signed by all three accounts that control Hope Finance’s multisig wallet. 

**Ethereum’s Vulnerabilities Remain**

The above incidents serve as a reminder that the world of DeFi is one that’s fraught with risks and dangers for investors. Worse still, the vast majority of successful hacks are not through any fault of the end users. Rather, most hackers exploit the smart contracts that govern and control the DeFi protocols they invest in, meaning that it’s really the developers who’re at fault. 

There’s a reason for this. DeFi is far more dominant on the Ethereum blockchain than any other. Ethereum was the world’s first smart contract blockchain, and its dominance stems from its first-mover advantage, where it has supported decentralized applications since 2015. 

The problem with Ethereum is that its smart contracts are “Turing complete”. What this means is that Ethereum’s smart contracts have the ability to run any algorithm or solve any computational problem, provided they are given the appropriate instructions, time, and resources to do so.

Turing-complete smart contracts allow for extremely complex structures with a multitude of computable functions and are often made up of thousands of lines of code. The more code there is, the more room there is for vulnerabilities to creep in. Worse still, developers build DeFi protocols using dozens of smart contracts, creating an enormous attack surface. 

Bitcoin was originally designed as a peer-to-peer payments network only, and it doesn’t support smart contracts, meaning it cannot support DeFi in its original form. However, recent updates to the network have made it possible for developers to create DeFi applications that are native to Bitcoin.

It’s an exciting possibility because Bitcoin DeFi is likely to be safer than its Ethereum-based counterpart. That’s because Bitcoin is by far and away the most decentralized, and therefore the most secure blockchain of all. 

Bitcoin DeFi was made possible by the Taproot upgrade that was implemented in November 2021, which introduced greater functionality around complex scripts. It essentially made it possible for developers to build dApps on Bitcoin via so-called “layer-2” networks or “sidechains”. 

Prior to Taproot, the only way to use BTC in DeFi was to convert it to “wrapped” tokens on other networks. The most popular of these is Wrapped BTC, or wBTC, on Ethereum. Using wBTC made it possible to use Bitcoin with Ethereum-based DeFi protocols.

However, this meant that users face the same risks, as they still have to interact with Ethereum’s smart contracts. With native DeFi now possible on Bitcoin, it’s no longer necessary to convert BTC to an Ethereum asset, and its smart contracts can be avoided. 

Until recently, the only real uses of Bitcoin were for storing value and payments. Now that it can accommodate DeFi, its utility has increased enormously, making it more attractive to a much wider audience. DeFi itself can benefit from the security and assurance that Bitcoin enjoys as the world’s most secure blockchain. It’ll bring more trust to the DeFi space overall. 

**Bitcoin DeFi Solutions**

One of the best platforms for Bitcoin DeFi looks to be Mintlayer, a Layer-2 network that aims to make Bitcoin more scalable while supporting smart contracts. It enables Bitcoin DeFi, Bitcoin NFTs and more besides. In many ways it’s like a rival blockchain to Ethereum, only it benefits from Bitcoin’s increased decentralization and security. 

Mintlayer was conceptualized in 2019 and aims to support DeFi development on both Bitcoin and the Lightning Network, which is a Layer-2 payment protocol that supports lightning-fast BTC micropayments at scale. 

Mintlayer’s big advantage lies in its smart contracts. Whereas Ethereum’s smart contracts are Turing complete, Mintlayer’s are “non-Turing complete”. What this means is that they’re more specialized and have a simpler codebase. They lack support for concepts such as recursions, loops and other processes that don’t normally terminate on their own. The lack of complexity in Mintlayer’s smart contracts has a number of advantages. 

Non-Turing complete smart contracts only support basic scripting functionality, meaning that there is less chance for developers to make errors when writing the code. The lack of support for complex loops and recursions also makes them easier to audit. Finally, the simplicity of non-Turing complete smart contracts ensures they can be executed using fewer resources, easing the network congestion that’s often found on the Ethereum network. 

Mintlayer is not the only Bitcoin DeFi game in town. Its closest competitor looks to be Rootstock (RSK), which is an independent sidechain as opposed to a Layer-2 network. RSK dates back to 2017 and was designed to bolster Bitcoin’s capabilities through the introduction of dApps. 

RSK relies on the same proof-of-work consensus mechanism as Bitcoin, using an algorithm that allows community members to participate in merge mining. With this, a single computer can validate transactions in two blockchains at once. RSK, therefore, shares the same hash rate as Bitcoin, and so theoretically it is just as secure. 

Another rival is Stacks, which is an independent smart contract-capable blockchain that is linked to Bitcoin via its novel “proof-of-transfer” consensus algorithm. PoT makes it possible for Stacks to settle transactions on the main Bitcoin blockchain, thereby benefiting from the same level of security it offers. 

Like Mintlayer and RSK, Stacks can support Bitcoin DeFi and NFTs, along with micropayments via the Lightning Network. It also features its own native token, STX, which can be staked to earn a passive income. In other words, it has its very own DeFi functionality that’s secured by the Bitcoin blockchain. 

However, it should be noted that neither RSK nor Stacks support non-Turing complete smart contracts. In their case, they support regular Turing complete smart contracts, similar to Ethereum. 

**Does Bitcoin DeFi Have A Future? **

Almost certainly the answer is yes. Given that the value of BTC has already grown significantly, it seems unlikely that it will see the same kind of explosive gains it made in the previous decade when the first generation of Bitcoin millionaires were created. So people are looking for alternative investments to grow their BTC holdings. 

Bitcoin already has both the security and the liquidity, and now, with the addition of smart contract capabilities from projects like Mintlayer, RSK and Stacks, it has all the ingredients required for DeFi to take off. 

1.  The Lessons to Learn from Nomad Crypto Hack
2.  Meet Blokhaus’s New Open-Source NFT Tool Minterpress
3.  DeFi Startup’s Trustless ID Verification Service For Dapps
4.  US seizes $1.4B in Bitcoin from Silk Road Market Scammer
5.  Why general population has to be educated on cryptocurrency

Could Bitcoin Be The Future Of DeFi?

By Owais Sultan
Video editing SDKs are great tools for creating and launching your products much more quickly. However, picking the…
This is a post from HackRead.com Read the original post: 5 Best Video Editing SDKs for iOS

Video editing SDKs are great tools for creating and launching your products much more quickly. However, picking the one that is perfect for you can be a burdensome mission.

To find your ideal video editor SDK for iOS, you should take numerous parameters into account, such as the video editing features you want to integrate, camera characteristics, the variety of effects and filters, and of course, technical aspects.

Surely, much research is necessary to find the optimal solution. The best way out may be to integrate an SDK into a sample app to fully evaluate its performance and compatibility with other components.

In this article, let’s explore the top 5 video editing SDKs for iOS that will definitely level up your development process and make it as easy as taking candy from a baby.

**1 Banuba Video Editing SDK**

This SDK will let you transform your app into an indispensable video editing tool that your users will adore. Its collection of visual effects and filters is impressively rich, while its integration takes up to one week only.

It offers a plethora of recording and editing features, the possibility of creating slideshows from photos, changing backgrounds, beautification, immersive face AR masks, and so on. By rotating videos, changing their speed, and adding the most trendy tracks, your users will get fully absorbed into the professional video editing world.

Additionally, applying voice effects is possible. With this tool, your users can create high-quality videos directly on their devices and export them in HD, Full HD, or QHD. By the way, it is compatible not only with iOS but also with Android. Plus, the SDK includes periodic updates and new features, making it one of the most powerful SDKs in the niche.

**2 Pixel SDK**

Pixel SDK is written in Swift, a powerful and intuitive multi-paradigm programming language developed by Apple. Logically, the SDK is a perfect choice for iOS developers. It aims at facilitating developers’ lives, including over 40 ready-made real-time filters and giving them a chance to create their own filters too. 

With Pixel SDK, they will not have to worry about creating and maintaining video editing software, as everything is done for them: cropping, rotation, trimming, perspective correction, dark mode support, scaling, etc.

It even allows you to import video content from DSLR cameras. Pixel SDK will let you fully focus on your business instead of constantly thinking about all the hardware problems and software updates.     

**3 IMG.LY**

With IMG.LY Video Editor SDK, you have the flexibility to customize every aspect of your app’s capabilities. It has an intuitive UI, a great filter collection, and captivating effects for your users to create professional-grade videos easily. Due to its variety of frames, stickers, and visual effects, turning your video into a top-notch social media post will not be a problem at all. 

Plus, your users will be able to undo and redo editing operations, fill their content with more depth and focus, and create video collages. All this provides them with greater control and flexibility during the editing process.

**4 Very SDK**

Smart shooting, audio and video editing featured templates and video export… The Very SDK offers all this and even more. And its beautifying and real-time filters will make your users look flawless on their device screens. It is even possible to create multi-frame videos to share as much content as you can at once. 

Sound effects and voice changes are also a reality with the Very SDK. It comprises 16 voice effects like the voices of monsters, kids, echo, and much more. Plus, adding subtitles or split-screen effects to your videos is not a problem either.  Finally, this SDK offers tet-a-tet online support 24/7 and regular updates.

**5 Movieous Short Video SDK**

This Chinese video editing SDK is packed with a vast array of features to take your video editing game to the next level. With this very SDK, you’ll gain access to advanced capabilities, such as video recording and editing, segment recording, and the ability to delete video clips with ease.

This SDK even provides options for both auto and manual focus, as well as the ability to mute your microphone during recording. Additionally, Movieous Short Video SDK also allows you to operate your flash with ease, switch dynamically between cameras, and even add a watermark to your videos for that professional touch.

Finally, you’ll also be able to stitch together your videos with seamless transitions for a polished and seamless final product. With all these features and more, this SDK is the ultimate tool for your creative endeavours.

**✋ Wrapping Up**

In short, choosing the right video editing SDK for your iOS app development can be a challenging task, but with the top 5 video editing SDKs we’ve explored, you’re one step closer to finding the perfect solution.

Each of these SDKs offers unique features that will enhance your app’s functionality and help you stand out from the competition. From the impressive visual effects and filters of Banuba Video Editing SDK to the easy-to-use and intuitive UI of IMG.LY, each SDK has something to offer. By integrating these SDKs into your app, you’ll empower your users to create engaging and professional-looking videos in no time. 

1.  Tools for Testing Your Proxy Servers
2.  What is an OSINT Tool – Best OSINT Tools 2023
3.  Top 7 PDF Tools to Edit, Merge/Split and Protect PDF
4.  AI-Powered tools spark creativity and help create designs
5.  Brief guide to building audio, video live streaming platform

5 Best Video Editing SDKs for iOS

By Waqas
At the time of publishing this article, the database has continued to grow with new data.
This is a post from HackRead.com Read the original post: Video Marketing Software Animker Leaking Trove of User Data

A misconfiguration of a database has caused a San Francisco, California, United States-based video marketing software provider to leak the personal details of its users on Shodan.

A misconfigured database has exposed test and personal data belonging to over 700,000 users of the websites getshow.io (an all-in-one video marketing platform) and animaker.com (a DIY video animation software).

It is worth noting that Getshow.io is owned by Animker.com. The server in question is registered under the domain name getshow.io, which animaker.com manages.

The database, which currently contains 5.3 GB of data, continues to grow with new data being added each day. The data exposed by the misconfiguration includes the personal data of unsuspected customers. This consists of the following information:

1.  Full names
2.  Device Type
3.  Postal Codes
4.  IP Addresses
5.  Mobile Numbers
6.  Email Addresses
7.  Animaker profile details
8.  Country/City/State/Location

However, no passwords were found in the data leak, as exclusively revealed to Hackread.com by cybersecurity researcher **Anurag Sen** from **Clouddefense.ai**. Sen said that he identified the server on Shodan while searching for misconfigured cloud databases.

The screenshot from the **misconfigured server** shows the type of information that is being exposed to the public without a password. This means anyone can access the server and would not need to bypass security authentication to access and download the data.

For your information, **Shodan is an OSINT tool** and a specialized search engine used by cybersecurity researchers to locate vulnerable Internet of Things (IoT) devices, including servers and misconfigured databases on the internet.

Moreover, a misconfigured database occurs when access controls and security settings are improperly configured or left at default settings. Nevertheless, Animker has been informed about the incident, but there has been no response so far. The company’s CEO, RS Raghavan, has been informed on Twitter.

Image provided to Hackread.com by Anurag Sen

**Potential Dangers**

As misconfigured database exposes sensitive data, this can result in significant financial losses, legal liabilities, and reputational damage for affected individuals and organizations.

When a misconfigured database is exposed to the public, it can be discovered and exploited by cybercriminals who use automated tools to scan the internet for open databases. Once they find a vulnerable database, they can use it to steal data, install malware, hijack it for ransom, or launch other types of cyber attacks.

The consequences of a misconfigured database can be severe, as evidenced by recent data breaches at **RailYatri** and **U.S. No Fly List**. In these cases, millions of users had their personal information stolen, resulting in significant financial and reputational damage to the companies and authorities involved.

To prevent a misconfigured database from being exposed to the public, experts recommend implementing proper access controls and security settings, including strong passwords, encryption, and regular vulnerability assessments.

Organizations should also limit the amount of sensitive data stored in their databases and ensure that it is only accessible to authorized users.

1.  **American online Ed site leaks 22TB of data**
2.  **Uganda Security Exchange leaks 32GB of data**
3.  **QR code generator My QR Code leaks user data**
4.  **India’s truck brokerage firm leaks 140GB of data**
5.  **Chinese Adult Site Leaking 14 Million User Details**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism