Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #44

Weekly News Digest #44

Share via:

Amazon S3 buckets misconfiguration left 1,000 GB of local government data exposed

The team of cybersecurity researchers from security company Wizcase identified that 1,000 GB of data and over 1.6 million files belonging to dozens of US municipalities were left exposed. All of the cities and towns that became the victims of this incident were using the same product owned by Massachusetts company PeopleGIS – mapsonline.net. The local governments across Massachusetts, New Hampshire, and Connecticut use the information management software provided by this company.

Ata Hakçıl together with his team of researchers detected more than 80 misconfigured Amazon S3 buckets. These buckets were holding data ranging from residential records to job applications for government positions and business licenses. Taking into account the sensitive nature of information, many of the exposed forms contained such data as individuals’ email addresses, phone numbers, real estate tax information, etc. The number of individuals whose data were exposed was not disclosed.

Pegasus software might be used by the Modi government to spy on critics and opponents

Narendra Modi’s nationalist government has been heavily criticized for its failure to address the COVID apocalypse in India but now it seems to have faced what some are calling India’s Watergate. The very powerful surveillance tool called Pegasus made by the Israeli firm NSO and licensed only to government entities, for the last 6 years, has been likely used in India to snoop on mobile phones belonging to more than 1,000 individuals. These figures have been provided in the global collaborative investigation carried out by the Pegasus Project consortium.

The list of targets of this surveillance included political opponents, journalists, and active critics of Modi’s policies. The surveillance tool also targeted labour and social justice activists who used to protect against regressive and anti-democratic laws adopted by the Modi’s government. The government of India strongly rejected any involvement in this malicious practice.

Law firm serving Fortune 500 companies targeted by ransomware

The US law firm called Campbell Conroy & O’Neil, P.C. providing services to a dazzling number of famous companies reported its clientele on the potential data breach. The company is now suffering from data breach fallout while the ransomware attack took place in February 2021. The list of companies served by the law firm includes such famous brands as Honda, Ford, Jaguar, Apple, Boing, British Airways, US Airways, and others. However, the law firm did not provide any information regarding the ransomware group behind the attack.

Many ransomware groups are targeting big companies. The mechanism used by malicious actors is clear. They firstly lock the targeted system and then threaten to leak the compromised data unless a victim pays a ransom. Data breaches resulting from ransomware attacks are at their peak today. There is a risk that the intruders responsible for committing the ransomware attack against the law firm might have accessed sensitive personally identifiable information (PII).

$117,000 in crypto saved by a white hat hacker

On July 12, a distraught crypto holder reported on a phishing attack as the result of which a scammer could gain access to his MetaMask wallet where $240,000 in crypto were stored. The post was made on Reddit. The user received justified criticism for storing so huge sums of money in the browser wallet. However, there were also users offering advice to the victim of the phishing attack.

The freelance blockchain developer Alex Manuskin answered the request. Upon verifying that the wallet in question truly belonged to the victim and only then he asked for the private keys. Alex made sure that the malicious actor could not send any assets out of the wallet. The user of the MetaMask wallet needs to have some ETH to carry out Ethereum transactions. Alex made sure that all ETH coming to the wallet were automatically sent out of this wallet. To save the remaining funds Alex used Flashbots.

Data leak confirmed by Saudi Aramco after reporting cyber ransom

Saudi Aramco has confirmed the leakage of some of its files after hackers demanded a $50 million ransom. However, the company reported that the release of data was not the result of the breach of its systems and did not affect its operations. According to the information previously provided by The Associated Press, the extortionist held 1 terabyte of information belonging to Saudi Aramco and demanded a $50 million ransom in crypto. The attack against Saudi Aramco is the continuation of a series of cyberattacks against energy companies taking place worldwide.

In 2012, the oil giant experienced a massive spear-phishing assault that destroyed more than 30,000 computers within just a few hours. The companies operating in the Middle East region have been an attractive target for cybercriminals for the last few years. Energy companies and pipeline operators need to take adequate security measures to mitigate the scope of potential threats.