Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #35

Weekly News Digest #35

Share via:

Android apps’ cloud authentication failures have led to the large data exposure

The analysis of Android apps has revealed critical cloud misconfigurations that could cause the exposure of data belonging to more than 100 million users. Check Point Research (CPR) cybersecurity firm has identified that over 23 popular mobile apps may contain third party cloud services misconfigurations.

The popularity of cloud services has dramatically increased since the outbreak of the coronavirus pandemic and companies’ shift to remote work. According to CPR, the Android apps including screen recorder, astrology software, taxi app, logo maker, and others leaked such data as location information, chat messages, email records, user IDs, images, and passwords. The researchers have found that sensitive data is publicly available in unsecured cloud setups in 13 cases.

The CPR researchers suggest that security issues are the result of app developers’ failure to follow best practices at the stage of configuration and integration of third-party cloud services into their apps.

Colonial Pipeline CEO confirmed the payment of ransom to DarkSide

Colonial Pipeline has paid a $4.4 million ransom to cybercriminals and suggests that it was the right option. According to the company, it provides almost half of the East Coast’s fuel including diesel, gasoline, and military supplies. That is why the payment of ransom was the ‘right thing to do for the country’ since due to the attack the company was forced to close down its IT systems and pipeline operations.

The company decided to pay the ransom since it was not fully aware of the scope of the attack as well as was afraid of the risk of future attacks. Due to the stakes involved, the company’s CEO made this difficult decision. According to the statement made by the FBI, a DarkSide operator was responsible for the attack. These malicious actors have already earned $90 mln in cryptocurrencies in the form of ransom payments from at least 47 victims.

Google warns that 4 Android flaws are under attack

Google has released its May 2021 Android patch and has already provided information on some of the vulnerabilities under attack. According to the information provided by the company, CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, and CVE-2021-28664 vulnerabilities are likely to be under limited exploitation although they have been recently patched. These vulnerabilities were previously unknown to the company’s security experts and, thus, are treated as zero-day vulnerabilities.

The flaws affect Qualcomm’s GPU and the Arm Mali GPU. The Google security team is working hard to provide information on security matters demanded by users but not always the company can provide enough details.

Windows proof-of-concept exploit for CVE-2021-31166 released by researcher

The CVE-2021-31166 bug has a CVSS score of 9.8 making it the worst of the bad in Microsoft’s Patch Tuesday release. The exploitation of the severe vulnerability in the HTTP protocol stack could result in wormable remote code execution. The flaw was internally discovered by Microsoft by @_mxms and @fzzyhd1.

Microsoft has emphasized the importance of patching the affected servers. McAfee’s specialist Steve Povolny said that the simple exploitation of the vulnerability could lead to remote and unauthenticated denial-of-service for the products affected. The vulnerability is attributable to the latest versions of Windows 10 and Windows server.

AXA hit by a massive ransomware attack

Just a few days after Axa officially announced that it would no longer cover damage from ransomware attacks in France, the company has been hit by this type of cybercrime. The attack hit the insurance giant’s IT operations in Malaysia, Thailand, the Philippines, and Hong Kong. The attack is likely to be carried out by Avaddon ransomware group. Cybercriminals claim that they have stolen 3 terabytes of data such as medical records and personal data.

Under Avaddon’s affiliate model, anyone can utilize the group’s tools in exchange for paying the percentage of the profits received through the conduct of a cyberattack.

According to Axa, the company will take all necessary steps to notify its corporate clients in case the IPA’s investigation confirms that sensitive information of any individual has been affected. The insurance giant has not disclosed any information on the amount of ransom demanded by cybercriminals. France is one of the most heavily affected countries by ransomware attacks. The decision to stop paying any ransoms was made to prevent further popularization of ransomware attacks among cybercriminals.