Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #26

Weekly News Digest #26

Share via:

Face verification at ATMs in Singapore

The customers of OCBC Bank can authenticate their identity at ATMs without using an ATM card. Face verification is now available at selected ATMs across Singapore. Currently, this technology allows customers only to check the balance, however, other operations will soon become available.

Currently, there are 8 such ATMs in Singapore located in the bank’s main branches, at a convenience store, and in CBD. The officials of the Bank are going to expand the functionality of new technology by allowing customers to withdraw cash without their ATM card, however, the exact timeline is not specified. Such operations as cashcard top-ups, funds transfer to other banks, credit card bill payments, and cash deposits will become available to customers starting from 2022.

According to the statement made by OCBC, cash withdrawals and balance queries are the two most frequently used services at the Bank’s ATMs since they account for 80 per cent of transactions performed at these machines in the country.

US and UK schools are targeted by PYSA ransomware operators

According to the information provided by the FBI, schools in the USA and UK are frequently falling victim to the attacks committed by ransomware operators. The primary objective of these criminals is to steal data for requesting payment (ransom).

The FBI has investigated that attackers leveraged PYSA ransomware that is also known as Mespinoza that was firstly detected in October 2020 when criminals applied it to attack large corporate networks.

The criminal groups used PYSA to exfiltrate data from K-12 schools, seminaries, and higher education and then encrypted victims’ systems so that to increase the possibility of getting the requested ransom payments. The cyber actors in question have not been identified yet.

PYSA ransomware uses such extensions as .locked and .pysa to encrypt the compromised systems. Among the tactics applied by cyber actors to enter into a target system, it is important to outline social engineering, phishing emails, and the compromise of Remote Desktop Protocol (RDP) performed through brute-force or theft.

Telecom companies’ 5G secrets at risk

Telecom companies worldwide are facing a series of attacks related to cyber-espionage campaigns aimed at stealing sensitive information such as data on 5G technology from the victims.

The McAfee cybersecurity researchers state that this campaign is focused on telecommunications providers representing Europe, North America, and Southeast Asia. The series of attacks has been named Operation Diànxùn and, according to the researchers, it has been performed by a hacking group operating on the territory of China.

The hacking group in question is also known in the world as Mustang Panda and Red Delta. This group committed a number of hacks and espionage campaigns against companies worldwide before switching its attention to compromising the companies from the field of telecommunications.

The release of Spectre PoC Exploit For Chrome by Google

The proof-of-concept (PoC) exploit code has been released by Google. The code is used to conduct a Spectre attack against the Chrome browser to extract data from device memory.

The Spectre attack was firstly discovered in 2018. Now, a group of researchers has released a special demonstration website that is written in JavaScript to leverage the attack. The main objective of the researchers is to demonstrate to web application developers the importance of taking active steps aimed at protecting their sites.

In early 2018, the silicon industry was rocked by the detection of the Spectre (CVE-2017-5753 and CVE-2017-5715) alongside the Meltdown (CVE-2017-5754) flaws. The presence of the Spectre vulnerability enables malicious applications to access data under processing on the device. The vulnerability in question can expose documents, emails, passwords, etc. The exploited vulnerabilities affect other well-known browsers as well. Through a side-channel analysis, a hacker who has local user access can disclose information without any authorization.

Users of Mac and Windows are warned about Zero-day Flaw

Google Browser has experienced a third zero-day flaw this year. The company is actively trying to issue a fix for the vulnerability in question. By exploiting the flow hackers can perform denial-of-service attacks on the affected systems as well as remote code execution.

The vulnerability has been detected in the Chrome browser engine Blink that was developed as a part of the Chromium project. The role of browser engines is related to converting web page resources such as HTML documents into visual representations that may be viewed by end users.

Google has updated the stable channel to 89.0.4389.90 for Mac, Windows, and Linux and the company will roll out them soon.

According to CVSS vulnerability-rating scale, the (CVE-2021-21193) flaw ranks 8.8 out of 10 and, thus, may be considered as a high-severity flaw. The vulnerability is related to dynamic memory improper use during the phase of program operation. Subject to the description of the vulnerability, in case the pointer to the memory is not cleared by the program after a memory location freeing, a cybercriminal can exploit the error for hacking the program.