Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
Cloud Penetration Testing
Secure your cloud with Hacken's expert penetration testing. Our certified team delivers tailored security solutions for AWS, Azure, Kubernetes, and more, ensuring your data's safety.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

Weekly Digest #17

Weekly Digest #17

3 minutes

Critical zero-day RCE in Microsoft Office 365

A remote code execution (RCE) vulnerability in Microsoft Exchange Online remains unresolved after security researchers bypassed two patches for successive exploits.

The zero-day flaw impacts multiple Software as a Service (SaaS) providers and on-premise installations of Exchange Server.

Microsoft assigned the initial flaw (CVE-2020-16875) as a high-risk classification (CVSS 8.4), though marked it as having a low attack complexity.

The vulnerability was found within the New-DlpPolicy cmdlet and arose from improper “validation of user-supplied template data when creating a dlp policy”.

Microsoft rewarded researcher for his findings under their Online Services Bounty Program, which pays up to $20,000 for critical RCE flaws.

Hackers have leaked the COVID-19 vaccine data they stole in a cyberattack

This week Hackers have leaked the information they stole about the COVID-19 vaccines as part of a cyberattack targeting the European Union’s medical agency.

The agency continues to support the criminal investigation into the data breach fully. To notify any additional entities and individuals whose documents and personal data may have been subject to unauthorised access.

This group of hackers gained access to the information by breaching one undisclosed IT application – and that the attackers were explicitly targeting data related to COVID-19 medicines and vaccines.

Billions were stolen in blockchain hacks last year

For most people in the World 2020 was a challenging year, but it was such a productive year for hackers. They steal $3.8 billion in cryptocurrency in 2020 from 122 good planned attacks. They are running Bitcoin-related hacks and potentially netting “nearly $3.78 billion” in 2020.

Wallets were the most lucrative target, with $3 billion in losses in current values and an average of $112 million per wallet hacking event compared to about $10 million per attack on Ethereum apps or exchanges.

FBI Warns of Egregor Attacks on Businesses Worldwide

FBI said the malware has already compromised more than 150 organisations and provided insight into its ransomware-as-a-service behaviour.

The agency has alerted companies in the private sector to a spate of attacks using the Egregor ransomware. The malware currently is raging a warpath across businesses worldwide and has already compromised more than 150 organisations.

Egregor — the name of which refers to an occult term meant to signify the collective energy or force of a group of individuals–is indeed the work of a “large number of actors” and operates as a ransomware-as-a-service model, according to the FBI.

Telegram Bots at Heart of Classiscam Scam-as-a-Service

The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram. A new automated scam-as-a-service has been unearthed, which leverages Telegram bots to steal money and payment data from European victims.

The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals and has been used by at least 40 separate cybergangs – which altogether made at least $6.5 million using the service in 2020.