Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
Cloud Penetration Testing
Secure your cloud with Hacken's expert penetration testing. Our certified team delivers tailored security solutions for AWS, Azure, Kubernetes, and more, ensuring your data's safety.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

Weekly Digest #18

Weekly Digest #18

3 minutes

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

This week researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System (DNS) responses for home and commercial routers and servers.

The set of seven flaws consist of buffer overflow issues and weaknesses, allowing for DNS cache-poisoning attacks (also known as DNS spoofing). If exploited, these flaws could be chained together to allow remote code execution, denial of service and other attacks.

Dnsmasq is installed on many homes and commercial routers and servers in many organisations.

Read more

Google Searches Expose Stolen Corporate Credentials

Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found.

The campaign, which began in August 2020, used e-mails that spoof notifications from Xerox scan to lure victims into clicking on malicious HTML attachments.

While this is and of itself is not atypical of phishing campaigns, attackers made a “simple mistake in their attack chain” that left the credentials they’d stolen exposed to the “public Internet, across dozens of drop-zone servers used by the attackers,” researchers said.

Read more

Windows RDP servers are being abused to amplify DDoS attacks

According to Shodan, there are five millions of RDP servers all over the world available for hackers to use exploit.

Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.

Hackers are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks. Not every RDP server can be abused, only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.

Read more

Ransomware is now the biggest cybersecurity concern for CISOs

Ransomware is the most significant cybersecurity concern facing businesses, according to those responsible for keeping organisations protected from cyberattacks and hacking.

A survey of chief information security officers (CISOs) and chief security officers (CSOs) by cybersecurity company discovered that ransomware is now viewed as the primary cybersecurity threat to their organisation over the next year.

46% – of CSOs and CISOs surveyed said that ransomware or other forms of extortion by outsiders represents the biggest cybersecurity threat.

Read more

Malwarebytes said it was hacked by the same group who breached SolarWinds

We continue the heading of the hack chain of companies that are engaged in cybersecurity. This week Malwarebytes becomes the fourth major security firm targeted by criminals after FireEye, Microsoft, CrowdStrike.

Malwarebytes was hacked by the same group which breached IT software company SolarWinds last year.

Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since it doesn’t use any of SolarWinds software in its internal network.

The security firm said the hackers breached its internal systems by exploiting a dormant email protection product within its Office 365 tenant.

Read more