TheDinarian
News • Business • Investing & Finance
⚠️Inside a cyberattack method that targets your cellphone⚠️
Is it really Okta? Or is it actually 0ktapus?
September 30, 2022
post photo preview

A recent spree of “smishing” attacks points to what some experts anticipate will be a wider threat in the future.

The technique, which claims victims at Twilio and targeted others at Cloudflare, combines text messages intent on luring victims into clicking on a link, leans on the ubiquity of smartphones, seeks to manipulate human nature, and works around an increasingly common defensive measure.

A campaign that relied on the technique gathered steam this summer and targeted more than 130 companies,according to a report from cyberfirm Group-IB last month. The attackers compromised nearly 10,000 user credentials.

The technique works like this:

  • Hackers send phony text messages to prospective victims, luring them to click on a link by pretending to be, say, a member of their employers’ IT teamtelling them that their password had expired or their schedule had changed. Typically known as “phishing” when the lures arrive via email, this is known as “smishing” because it’s a portmanteau of “phishing” and “SMS,” commonly known as texting.
  • The link leads to a fake Okta site or another tool that verifies a sign-in, known as multifactor authentication or MFA. (Group-IB named the campaign in its report 0ktapus because of the Okta angle.)
  • Once the hackers get the code that their victim unwittingly gives them, they’re able to roam around in the victims’ networks.

The Group-IB figures are dramatic, saidRyan Olson, vice president of threat intelligence at Palo Alto Networks’ Unit 42.

“That means they had success on like 70 individuals per company on average, and I don’t know what all the companies are or how big they are, but that was extremely successful for a phishing attack,” Olson told me. “If you were to send a phishing attack over email, you’re lucky if one in a 1,000 people even sees the email and makes it through the filters, let alone click on it, let alone type in their multifactor authentication code as well. That’s a huge amount of success.”

Olson said his company has already seen copycats of the original campaign and expects it to expand, a view others in the cyber field share.

“It’s going to grow,” predictedAngelos Stavrou, founder and chief science officer at Quokka, a mobile privacy company known until recently as Kryptowire.

Why it works

In most cases, people don’t have as many defenses on their personal phones to block malicious messages as a large organization has on their work emails, Olson said. (Separately, theIRS warned about smishing attacks Wednesday.)

Smishing is a lesser known threat, and people are more accustomed to clicking on text messages, some of which their employer might send,Olson said. And attackers have learned that they can spam requests for MFA log-in codes and some people will eventually give in, which isapparently what happenedinthis month’s Uber breach.

MFA is a well-regarded defensive technique touted by federal officials and major tech companies alike, but as it has grown more common, “MFA fatigue” has taken hold. Often, users just want to make the messages stop and clicking on them is the quickest way.But Olson said you don’t need to be a dummy to fall for the trick.

Often users don’t trigger an MFA request until they sign into a system they use at work. But Olson himself recently got an MFA message because he had timed out of a system that was idle on his computer. Some office workers, in other words, get routine prompts to reauthorize.

For Stavrou, the reason it works is the steady escalation of defense and offense, and how everyday users respond.

“As we become more advanced, the adversary has become more advanced,” he told me. “The information that the user is presented with is increasing faster than they can handle.”

While 0ktapus focused on Okta, Palo Alto Networks has seen campaigns centered on other authentication tools as well, like Duo or Microsoft 365.

The risks and the fixes

There are some limits to the attack method. It requires hackers to use a login code within a certain amount of time, but Olson said that process is likely automated. The overall technique, according to Group-IB and others, doesn’t require major skills.

What can the hackers do to victims if successful? “Recent disclosures reveal that the initial compromises were just part of the attack,” Group-IB noted, pointing to the potential to steal cryptocurrency or use stolen information to launch attacks on other victims.

Some keys tofending off the attacksinclude physical devices like the Yubikey, which make it harder for hackers to intercept identity verification; reliance on apps like Google Authenticator rather than text messages for authentication codes; or employee awareness programs.

Until then, “anytime a technique shows this much success, other threat actors will copy it,” Olson said.

Link

community logo
Join the TheDinarian Community
To read more articles like this, sign up and join my community today
0
What else you may like…
Videos
Podcasts
Posts
Articles
👀 Something Historic Just Happened In Colombia

Something historic just happened in Colombia.
An object was recovered, a metallic sphere that defies explanation.

Now it’s the center of an international investigation involving U.S. congressmen, physicists, and Dr. Steven Greer.

The object, called the Buga Sphere, was discovered by a local metal detectorist, Don José.

👉 At first, it weighed 2kg, then 6kg and then 10kg.

The same object, no external changes and weight fluctuations recorded live.

What kind of material behaves like this?

The sphere doesn’t emit radiation, but it does mess with electronics.

People near it reported metallic taste, nausea, and phones going haywire. David Vélez wore an anti-static suit just to touch it.

Not exactly your average scrap metal.

A second sphere showed up in Jumbo, caught on camera by a separate witness.

Same shape, movement, and equatorial line.
Italy’s top UAP analysts reviewed the footage.
The metadata was untouched, it wasn't CGI, it’s real.

Inside the Buga Sphere scientists discovered:

🔹Fused polymers
🔹Optical ...

00:03:33
"The World Order That We Are Coming Into"

If XRP is the neutral bridge for all sovereign currencies, stablecoins, and tokenized assets, then it’s not just facilitating payments, it’s capturing all that value at every level. From smart contracts to tokenized treasuries and digitized assets, XRP forms the foundation and backbone for everything in between.

With cross-border payments representing a multi-trillion-dollar corridor, that’s where the largest capital will flow and the greatest returns will come from.

At this point, you’re the gatekeeper to the digital economy. Everything else follows or fades away once regulations take effect.

You either see it or you won’t until it’s too late.

~The Black Swan Capitalist

00:01:50
Denelle Dixon (Stellar CEO) On Bloomburg 🚀

'Everyone, including Mastercard and Visa, is looking at how this technology can make finance easier for their consumers and their business. I don't think there is going to be a loser, but I do think there will be shake-ups. And ultimately, the consumer is going to win.' - SDF CEO @DenelleDixon on @BloombergTV

00:05:29
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading
Bloomberg Analysts Increase XRP ETF Approval Odds to 95%

Key Takeaways:

🔹️Spot XRP ETF approval odds increased by Bloomberg analysts.

🔹️The SEC's positive engagement boosts confidence.

🔹️Ripple market could see significant liquidity influx.

https://aicryptocore.com/bloomberg-xrp-etf-approval-95-percent-odds/

🤔 What Happened To Jed McCaleb, The Co-founder and Chief Architect of the Stellar Development Foundation?

Jed McCaleb, the co-founder and Chief Architect of the Stellar Development Foundation (SDF), remains actively involved with Stellar as of 2025. He continues to serve on the SDF’s board and is recognized as the Chief Architect, helping to guide the technical vision and development of the Stellar network. The SDF, under his and other leaders' guidance, is focused on expanding real-world asset tokenization and aims to power $3 billion in real-world asset value on-chain by the end of 2025.

Beyond Stellar, McCaleb is also known for founding the aerospace company Vast, which is developing artificial gravity space stations; he currently serves as Vast’s chairman and sole funder. According to Forbes, McCaleb’s net worth is estimated at $2.9 billion as of April 2025.

In summary, Jed McCaleb is still deeply engaged with Stellar’s ongoing mission of financial inclusion and blockchain innovation, while also pursuing ambitious projects in the space industry.

https://www.vastspace.com/
...

What Is Stronghold? 🤔

👀 Current Price: $0.01183 👀
👉All Time High: $0.05931

Website: https://stronghold.co/
Whitepaper: https://docsend.com/view/dftxunt
Coin: SHX
Coinmarketcap: https://coinmarketcap.com/currencies/stronghold-token/
Max Supply: 100B SHX
Circulating Supply: 5.79B SHX
Stellar Contract Address: GDSTRSHXHGJ7ZIVRBXEYE5Q74XUVCUSEKEBR7UCHEUUEK72N7I7KJ6JH

👇 How to buy: Swap XLM --> SHX via the StellarX Dex 👇
https://www.stellarx.com/swap/native/SHX:GDSTRSHXHGJ7ZIVRBXEYE5Q74XUVCUSEKEBR7UCHEUUEK72N7I7KJ6JH

post photo preview
Musk Turns On Starlink to Save Iranians from Regime’s Internet Crackdown

Elon Musk, the world’s richest man and a visionary behind SpaceX, has flipped the switch on Starlink, delivering internet to Iranians amid a brutal regime crackdown.

This move comes on the heels of Israeli strikes targeting Iran’s nuclear facilities, as the Islamic Republic cuts off online access.

The former Department of Government Efficiency chief activated Starlink satellite internet service for Iranians on Saturday following the Islamic Republic's decision to impose nationwide internet restrictions.

As the Jerusalem Post reports, that the Islamic Republic’s Communications Ministry announced the move, stating, "In view of the special conditions of the country, temporary restrictions have been imposed on the country’s internet."

This action followed a series of Israeli attacks on Iranian targets.

Starlink, a SpaceX-developed satellite constellation, provides high-speed internet to regions with limited connectivity, such as remote areas or conflict zones.

Elizabeth MacDonald, a Fox News contributor, highlighted its impact, noting, "Elon Musk turning on Starlink for Iran in 2022 was a game changer. Starlink connects directly to SpaceX satellites, bypassing Iran’s ground infrastructure. That means even during government-imposed shutdowns or censorship, users can still get online, and reportedly more than 100,000 inside Iran are doing that."

During the 2022 "Woman, Life, Freedom" protests, Starlink enabled Iranians to communicate and share footage globally despite network blackouts," she added.

MacDonald also mentioned ongoing tests of "direct-to-cell" capabilities, which could allow smartphone connections without a dish, potentially expanding access and supporting free expression and protest coordination.

Musk confirmed the activation, noting on Saturday, "The beams are on."

This follows the regime’s internet shutdowns, which were triggered by Israeli military actions.

Adding to the tension, Israeli Prime Minister Benjamin Netanyahu addressed the Iranian people on Friday, urging resistance against the regime.

"Israel's fight is not against the Iranian people. Our fight is against the murderous Islamic regime that oppresses and impoverishes you,” he said.

Meanwhile, Reza Pahlavi, the exiled son of Iran’s last monarch, called on military and security forces to abandon the regime, accusing Supreme Leader Ayatollah Ali Khamenei in a Persian-language social media post of forcing Iranians into an unwanted war.

Starlink has been a beacon in other crises. Beyond Iran, Musk has leveraged Starlink to assist people during natural disasters and conflicts.

In the wake of hurricanes and earthquakes, Starlink has provided critical internet access to affected communities, enabling emergency communications and coordination.

Similarly, during the Ukraine-Russia conflict, Musk activated Starlink to support Ukrainian forces and civilians, ensuring they could maintain contact and access vital information under dire circumstances.

The genius entrepreneur, is throwing a lifeline to the oppressed in Iran, and the libs can’t stand it.

Conservative talk show host Mark Levin praised Musk’s action, reposting a message stating that Starlink would "reconnect the Iranian people with the internet and put the final nail in the coffin of the Iranian regime."

"God bless you, Elon. The Starlink beams are on in Iran!" Levin wrote.

Musk, who recently stepped down from leading the DOGE in the Trump administration, has apologized to President Trump for past criticisms, including his stance on the One Big Beautiful Bill.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
GENIUS Act lets State banks conduct some business nationwide. Regulators object

The Senate passed the GENIUS Act for stablecoins last week, but significant work remains before it becomes law. The House has a different bill, the STABLE Act, with notable differences that must be reconciled. State banking regulators have raised strong objections to a provision in the GENIUS Act that would allow state banks to operate nationwide without authorization from host states or a federal regulator.

The controversial clause permits a state bank with a regulated stablecoin subsidiary to provide money transmitter and custodial services in any other state. While host states can impose consumer protection laws, they cannot require the usual authorization and oversight typically needed for out-of-state banking operations.

The Conference of State Bank Supervisors welcomed some changes in the GENIUS Act but remains adamantly opposed to this particular provision. In a statement, CSBS said:

“Critical changes must be made during House consideration of the legislation to prevent unintended consequences and further mitigate financial stability risks. CSBS remains concerned with the dramatic and unsupported expansion of the authority of uninsured banks to conduct money transmission or custody activities nationwide without the approval or oversight of host state supervisors (Sec. 16(d)).”

The National Conference of State Legislatures expressed similar concerns in early June, stating:

“We urge you to oppose Section 16(d) and support state authority to regulate financial services in a manner that reflects local conditions, priorities and risk tolerances. Preserving the dual banking system and respecting state autonomy is essential to the safety, soundness and diversity of our nation’s financial sector.”

Evolution of nationwide authorization

Section 16 addresses several issues beyond stablecoins, including preventing a recurrence of the SEC’s SAB 121, which forced crypto assets held in custody onto balance sheets. However, the nationwide authorization subsection was added after the legislation cleared the Senate Banking Committee, with two significant modifications since then.

Originally, the provision applied only to special bank charters like Wyoming’s Special Purpose Depository Institutions or Connecticut’s Innovation Banks. Examples include crypto-focused Custodia Bank and crypto exchange Kraken in Wyoming, plus traditional finance player Fnality US in Connecticut. Recently the scope was expanded to cover most state chartered banks with stablecoin subsidiaries, possibly due to concerns about competitive advantages.

Simultaneously, the clause was substantially tightened. The initial version allowed state chartered banks to provide money transmission and custody services nationwide for any type of asset, which would include cryptocurrencies. Now these activities can only be conducted by the stablecoin subsidiary, and while Section 16(d) doesn’t explicitly limit services to stablecoins, the GENIUS Act currently restricts issuers to stablecoin related activities.

However, the House STABLE Act takes a more permissive approach, allowing regulators to decide which non-stablecoin activities are permitted. If the House version prevails in reconciliation, it could result in a significant expansion of allowed nationwide banking activities beyond stablecoins.

Is it that bad?

As originally drafted, the clause seemed overly permissive.

The amended clause makes sense for stablecoin issuers. They want to have a single regulator and be able to provide the stablecoin services throughout the United States. But it also leans into the perception outside of crypto that this is just another form of regulatory arbitrage.

The controversy over Section 16(d) reflects concerns about creating a regulatory gap that allows banks to operate interstate without the oversight typically required from either federal or state authorities. As the two Congressional chambers work toward reconciliation, lawmakers must decide whether stablecoin legislation should include provisions that effectively reduce traditional banking oversight requirements.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
Dubai regulator VARA classifies RWA issuance as licensed activity
Virtual Asset Regulatory Authority (VARA) leads global regulatory framework - makes RWA issuance licensed activity in Dubai.

Real-world assets (RWAs) issuance is now licensed activity in Dubai.

~ Actual law.
~ Not a legal gray zone.
~ Not a whitepaper fantasy.

RWA issuance and listing on secondary markets is defined under binding crypto regulation.

It’s execution by Dubai.

Irina Heaver explained:

“RWA issuance is no longer theoretical. It’s now a regulatory reality.”

VARA defined:

- RWAs are classified as Asset-Referenced Virtual Assets (ARVAs)

- Secondary market trading is permitted under VARA license

- Issuers need capital, audits, and legal disclosures

- Regulated broker-dealers and exchanges can now onboard and trade them

This closes the gap that killed STOs in 2018.

No more tokenization without venues.
No more assets without liquidity.

UAE is doing what Switzerland, Singapore, and Europe still haven’t:

Creating enforceable frameworks for RWA tokenization that actually work.

Matthew White, CEO of VARA, said it perfectly:

“Tokenization will redefine global finance in 2025.”

He’s not exaggerating.

$500B+ market predicted next year.

And the UAE just gave it legal rails.

~Real estate.
~Private credit.
~Shariah-compliant products.

Everything is in play.

This is how you turn hype into infrastructure.

What Dubai is doing now is 3 years ahead of everyone else.

Founders, investors, ecosystem builders:

You want to build real-world assets onchain.

Don’t waste another year waiting for clarity.

Come to Dubai.

It’s already here.

 

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

 

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals