Binance, one of the most recognizable and biggest cryptocurrency exchanges in the world, has experienced a serious cryptocurrency theft. Hackers have stolen crypto assets valued at $40 million as well as API tokens and two-factor authentication codes of a number of users and the company considers this issue as a “large-scale security breach”.
Binance has investigated the incident and provided all details in a blog post of its CEO Zhao Changpeng. According to the exchange, “Hackers applied such techniques as fishing, injection of viruses, and other types of cyberattacks. They used different independent accounts to orchestrate the attack at the time and a manner that the company’s security checks were not able to prevent the issue.”
The biggest damage has been made to the holders of hot wallets whose account have been compromised. Unlike cold wallets, hot wallets are connected to the Internet and the funds stored in these wallets may be filched in a single transaction. The scope of the breach has not been determined yet.
If you are an investor whose crypto assets have been in hot wallets, then there is a risk that they may now belong to hackers. However, the attack resulted in the loss of only 2 per cent of the company’s bitcoin holdings and the company will fully cover the damage experienced by investors through the mechanism of the Secure Asset Fund.
Hackers have compromised data of 580,000 frequent flyer members of one of the most reputable airlines in the world Singapore Airlines. The core focus of the attack has been made on SITA, IT and telecommunication services provider for the air transport industry. It is a second incident experienced by the airline within the last week and the reason for the first data breach has also been related to a cybercrime against SITA.
According to the information provided in the statement made by the airline on Thursday, “Although Singapore Airlines is not a customer of SITA, the company is a member of the Star Alliance Group. Thus, we have to share “restricted” data to facilitate the membership tier status verification process for providing benefits to the passengers of other airlines that are the members of the Star Alliance Group. The collected information resides on the member airlines’ passenger service systems”.
However, Singapore Airlines has not specified the date when SITA informed the airline about the data breach that has affected SITA’s passenger service system servers. Although only 1 member airline of the Star Alliance Group is a direct customer of SITA, all other members including the leading global airlines such as Lufthansa, Air Canada, LOT, SAS, and other carriers may be affected by this cyberattack.
Special Emergency Directive 21-02 was issued by the US Cybersecurity and Infrastructure Security Agency (CISA) on 3 March 2021 after the release by Microsoft of the updates fixing the 4 identified zero-day vulnerabilities in Microsoft Exchange that could potentially compromise agencies’ information security.
This week, Microsoft has issued warnings regarding the identified zero-day vulnerabilities in 3 versions of its Exchange Server (2013, 2016, and 2019 respectively). The company suspects Hafnium, the state-sponsored APT group that has deep links with China, in the exploitation of these vulnerabilities for accessing on-premises Exchange servers to steal confidential information such as emails and install special backdoors for having constant to access to victims’ environment. Federal agencies have been ordered to immediately install the new security patches in case there are no indicators of data compromise. However, in case they have detected the indicators of compromise CISA obliged them to disconnect from MS Exchange servers.
Laxman Muthiyah, an Indian security researcher, in his post published on Tuesday stated that the security flaw related to Microsoft online services allowed anyone without any consent or permission to take over Microsoft accounts.
Muthiyah is known in the cybersecurity community for helping Facebook to address account takeover issues in Instagram by identifying similar vulnerabilities. Like Microsoft, Facebook rewarded the researcher for his work.
The nature of the identified vulnerability related to Microsoft online services lies in password reset algorithm for Microsoft accounts. A user who has forgotten a password to his account may reset it by providing a phone number or email address on the “Forgotten Password” page. Then Microsoft sends a special security code that contains 7 digits that is later provided by a user for verification to have an opportunity to create a new password.
Hackers may exploit brute-force attacks to obtain this security code and access users’ accounts without any permission. To prevent hackers’ access to users’ accounts companies impose encryption, rate limits, and special security checks. Microsoft has immediately acknowledged the issues identified by Muthiyah.
Google has provided information about the exploitation of zero-day vulnerabilities in the Chrome browser related to the audio component of the browser. The vulnerability in question is tracked as CVE-2021-21166 and is labeled by Google as a “high” severity security flaw. In its later release of the browser, Google has addressed the mentioned issue.
Apart from the above mentioned issue, Alison Huffman representing the Microsoft Browser Vulnerability Research team reported other bugs such as audio component object lifecycle issue tracked as CVE-2021-21165 and Reader Mode insufficient data validation issue tracked as CVE-2021-21163. However, the company has not provided more details about the scope of exploitation of these vulnerabilities and the parties involved in such activities.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.