🚀 Ethereum Developers Consider Splitting Pectra Upgrade Into Two Forks
#Ethereum #PectraUpgrade #Forks #EIPs #EVM #PeerDAS #Blockchain #DevOps #ETH
According to Odaily, EF DevOps engineer Parithosh Jayanthi has announced that discussions are underway to split the Pectra upgrade into two forks. This decision aims to reduce the risk of errors and expedite the delivery of both forks. The final decision will be made during the upcoming Ethereum core developers' consensus meeting on Thursday. If the developers agree to the split, the first software package could be released as early as February 2025.
The first part of the Pectra upgrade will include several Ethereum Improvement Proposals (EIPs), notably EIP-7702, which is designed to enhance wallet functionality. The second part will focus on upgrading the Ethereum Virtual Machine (EVM) through an EIP known as EOF. EF researcher Ansgar Dietrichs mentioned that there is little opposition among Ethereum developers regarding the potential split. However, one downside is that EIP-7594, also known as PeerDAS, will be pushed to the second package. PeerDAS aims to improve data availability on Ethereum, and its delayed implementation may temporarily result in slightly higher fees for layer-2 blockchains.#Ethereum #PectraUpgrade #Forks #EIPs #EVM #PeerDAS #Blockchain #DevOps #ETH
🚀 Hackers Exploit DevOps Tool Vulnerabilities for Cryptocurrency Mining
#Hackers #DevOps #Cybersecurity #Cryptocurrency #Mining #Vulnerabilities #CloudSecurity #ConfigurationManagement #XMRig #SecurityUpdate #API #HashiCorp #Docker #Gitea
According to PANews, security firm Wiz has identified a hacker group, codenamed JINX-0132, that is exploiting configuration vulnerabilities in DevOps tools for large-scale cryptocurrency mining attacks. The tools targeted include HashiCorp Nomad/Consul, Docker API, and Gitea, with approximately 25% of cloud environments at risk.
The attack methods involve deploying XMRig mining software using Nomad's default configuration, executing malicious scripts through unauthorized Consul API access, and controlling exposed Docker APIs to create mining containers. Wiz's data indicates that 5% of DevOps tools are directly exposed to the public internet, with 30% having configuration flaws.
Security teams recommend users promptly update software, disable unnecessary features, and restrict API access permissions to mitigate risks. This attack highlights the importance of cloud environment configuration management. Despite warnings from HashiCorp's official documentation about related risks, many users have not enabled basic security features. Experts emphasize that simple configuration adjustments can prevent most automated attacks.#Hackers #DevOps #Cybersecurity #Cryptocurrency #Mining #Vulnerabilities #CloudSecurity #ConfigurationManagement #XMRig #SecurityUpdate #API #HashiCorp #Docker #Gitea