Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #27

Weekly News Digest #27

Share via:

Critical Facebook for WordPress Plugin vulnerabilities patched

At the end of 2020, the Wordfence Threat Intelligence team disclosed the vulnerability related to the Facebook for WordPress plugin, formerly known as the Official Facebook Pixel.

The plugin is applied to monitor site traffic and record the actions of users when they visit a particular page and perform activities. Facebook for WordPress plugin installed on 500,000+ websites enabled unauthenticated attackers who had access to sites’ secret salts and keys to carry out remote code execution.

The Wordfence Threat Intelligence team disclosed the vulnerability that was given the CVSS score of 9 (critical) to the vendor. The identified vulnerability’s description was PHP Object Injection with POP Chain and its core lied in the run_action() function.

An attacker could exploit the vulnerability by generating a valid nonce through a custom script. The exploitation of this vulnerability could lead to the upload of arbitrary files and remote code execution by attackers that would result in serious damage to a targeted site.

Shell informs about data breach caused by Accellion FTA vulnerability

The oil and gas giant Shell disclosed information about a data breach carried out by unknown actors. The attackers accessed the files containing personal data and information related to the company’s stakeholders.

Shell has not revealed the number of affected parties. However, according to the statement made by the company, all impacted parties have been notified about the incident. Shell provided materials about the security breach to respective regulators and law enforcement agencies.

The data security incident has been caused by the compromise of Accellion File Transfer Appliance (FTA) used by Shell to securely transfer large files. The company does not have any evidence that the incident may have affected its core IT systems since the file transfer software is isolated from the main digital infrastructure of the company.

Since then, the company has experienced a series of similar data security incidents that, according to FireEye security experts, may be linked to the criminal group FIN11.

China: government security investigation of Tesla cars

The government of China has prohibited military staff and public officials to use Tesla cars in military and state-owned company settings due to security considerations. The Chinese government suggests that Tesla cars in China may be used by the USA for espionage purposes, namely, data collection.

China has launched a special government security review to identify whether Tesla cars’ smart features such as cameras and connectivity apps may gather the information sensitive for the state’s security. This event is just an element of a series of security clashes between the USA and China.

IoT Giant Sierra Wireless Facing the Ransomware Attack

The leading internet-of-things (IoT) manufacturer Siera Wireless has been forced to halt and froze its production activities due to a ransomware attack. The company manufactures communications equipment including cellular modems to modules, gateways to routers, smart connectivity solutions for IoT devices, and other items.

The attack took place on March 20 and pushed the IT systems of Siera Wireless offline affecting the company’s manufacturing sites and disrupting its website. The company does not provide any information on whether customers data have been compromised. Currently, the company is trying to restore the functioning of its IT systems while investigating the reasons for the incident.

Priority Networks Exposed to Location Tracking and Other Attacks due to 5G Flaw

Security flaw related to 5G architecture virtualized network functions and network slicing could be exploited by malicious actors for accessing data and committing denial of service (DoS) attacks between different network slices on the 5G network of a mobile operator.

On February 4, the global leader in cyber-telecoms security AdaptiveMobile shared its findings with the GSM Association (GSMA). The weaknesses were designated as CVD-2021-0047.

5G is developed on service-based architecture (SBA) and constitutes the evolution of broadband cellular network technology of the current 4G. The modular framework provided by SBA is used to deploy a set of interconnected network functions. These functions allow users to discover and authorize their access to a great variety of services. The functions in question are also utilized for managing sessions, registering subscribers, managing their profiles, and storing their data, as well as connecting the users to the Internet through a base station (gNB). The 5G SBA network is a completely new concept in the market that not only brings new security features but also may lead to new security challenges.