Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #38

Weekly News Digest #38

Share via:

Critical Android RCE Bug patched by Google

Google addresses more than 90 bugs in its June Security Bulletin including the critical remote code execution bug that could enable malicious actors to commandeer the targeted mobile device with vulnerabilities. The bug tracked CVE-2021-0507 is related to the Android OS system component and by exploiting this bug hackers could execute arbitrary code under a privileged process. Google also informed users about the second bug related to the OS system component tracked CVE-2021-0516 but has not provided any further details.

Several high severity EoP issues were also addressed by the technological giant. The Android runtime bug tracked CVE-2021-0511 could enable the execution of arbitrary code by a local attacker so that he could access additional permissions by bypassing the user interaction requirements. Google has also addressed several information-disclosure issues for Android with a high severity level.

Nefilim, a ransomware group targeting $1bn+ revenue companies. Case Study

The ransomware group is actively using the “double-extortion” tactics to make victim organizations pay the ransom. Ransomware is a form of malware that provides for encrypting the stolen files. Machines become infected with malware through phishing messages, stolen access credentials, system vulnerabilities, or other means. A decryption key is required to open the encrypted files. Hackers required the victim to pay ransom in exchange for decryption keys. Ransom demands may reach even a few millions USD when speaking about corporations that have fallen victim to ransomware attacks. However, hackers give no guarantees that the sent key will be technically suitable to open the encrypted files.

The research examining Nefilim was published by Trend Micro whose researchers believe that the Nefilm group is associated with Nemty, a ransomware-as-a-service outfit. According to Trend Micro, Nefilim first appeared in March 2020. Nefilim and Sentinel Labs provided subscription services with a 70/30 split, however, when high-profile victims were snagged by affiliates, the proportion was changing to 90/10. Nefilim often focuses on public proof-of-concept exploit code for vulnerabilities and exposed Remote Desktop Services. The ransomware operators may also use the stolen credentials to access corporate networks.

$265 billion – the predicted cost of ransomware attacks worldwide in the next decade

By 2031, the global cost of ransomware attacks may dramatically increase and reach $265 billion. Malicious operators may not only steal information to require ransom but also threaten victims to publish the compromised files unless they pay the provided amount. As a result, the level of pressure on victims to pay up is doubling. The most popular ransomware groups as of today are Maze, Nefilim, DarkSide, and Clop. DarkSide left the scene upon extorting Colonial Pipeline. Ransomware attacks take place worldwide with a frequency of 1 attack per few seconds.

According to the estimates made by Cybersecurity Ventures, currently, the cost of ransomware attacks equals $20 billion, which constitutes a 50X increase compared to 2015. These estimates are based on the prediction that a 30% growth in incidents will be traced every year. The estimates made by the company include such components as payouts, insurance premiums, costs associated with system repair, expenditures associated with hiring cyberforensics firms, data loss, payments made to malicious actors, and other elements. It is important to note that these estimates also include reputational damage experienced by victims.

AU$26.5m in cryptocurrency spent by Australians as payments to scammers in 2020

The ACCC’s Scamwatch received 216,087 scams in the 2020 calendar year and AU$156 million were lost. Totally, Australians reported losing AU$851 million to scams. The business email compromise accounted for AU$128 million, remote access scams accounted for AU$8.4 million and identity theft accounted for AU$3.1 million. At the top of the list, there were investment scams making people lose AU$328 million. However, when excluding from the total figure the information from the top financial institutions of Australia, this figure is reduced to AU$156 million.

The most common payment methods used in scams was bank transfer accounting for AU$97 mln. At the same time, cryptocurrencies like bitcoin were the second-highest payment method. The highest losses were experienced by people aged over 65.

CMS Joomla dual vulnerability combo could lead to full system compromise

Joomla is a popular content management system. Researchers have revealed 2 vulnerabilities the exploitation of which by hackers could lead to the full system compromise. The revealed vulnerabilities included a stored cross-site scripting flaw and the password reset issue. The security vulnerabilities have been revealed by Fortbridge security specialists and they informed the company Joomla on these issues at the beginning of this year.

Upon being notified of the existence of security vulnerabilities Joomla has patched the cross-site scripting flaw, however, the other issue has remained unpatched. The severity level of the 2 detected vulnerabilities is high. Hackers can successfully execute commands on the server by getting full control of Joomla’s website through the exploitation of these vulnerabilities.