Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #59

Weekly News Digest #59

Share via:

FBI warning: Ransomware groups are tying their attacks to major events in the financial world

Significant financial events are used by ransomware groups as leverage during their malicious activities. Such events as mergers and acquisitions are an ideal time for ransomware groups to commit attacks aimed at making victims pay the ransom. Before committing these attacks, malicious actors look for publicly available information about their targets as well as nonpublic data. In case victims refuse to pay a ransom, malicious actors threaten them to disclose the found information to give a negative signal to investors.

During significant financial events, companies are extremely vulnerable to any damage to their reputation. Thus, the possibility that they will agree to pay a ransom to ransomware groups to avoid reputational losses is very high. Ransomware attacks are often performed in two stages. During the first stage, attackers commit the initial intrusion by spreading trojan malware. They collect information that may be later used to make victims pay a ransom.

Google is tripling bounty for Linux kernel bugs

Google has launched a three-month bug bounty targeting flaws in the Linux kernel offering researchers 3x awards. By exploiting privilege escalation in Google’s lab environment with a patched vulnerability researchers can get a reward of up to $31,337. At the same time, by identifying zero-day flaws, previously undisclosed vulnerabilities, or new exploit techniques researchers can get up to $50,337.

Google is constantly investing in the security of the Linux Kernel. Most of the top websites and internet infrastructure such as Facebook, Google, AWS, Microsoft Azure, and Wikipedia are powered by Linux Kernel. Google hopes that the increased rewards will act as additional motivation for researchers to actively look for new Kernel exploitation techniques.

Call center attacks: the growing threat to consumers

Attackers are actively using email and call center customer service agents to scam victims out of thousands of dollars. There are two forms of telephone-oriented attack delivery including the use of free legitimate remote assistance software to steal money and the use of malware such as BazaLoder. These attacks begin with an email sent to victims. These malicious emails contain the phone number of a malicious contact center attendant. When a victim calls this call center, a malicious actor starts guiding him through various types of user interaction. A victim downloads files containing malware or installs malicious applications allowing attackers to get remote access to the targeted devices.

The list of recent lures includes computer security services, Justin Biber ticket sellers, Covid-19 relief funds, software updates, etc. These attacks may be “life-altering” for victims. Most of these attacks are coming from India. The malicious call centers seem to be legitimate businesses. Malicious actors likely procure the list of victims from telemarketer resources.

Members of the Labour Party affected by a cyber incident

A significant amount of data about the Labour Party members has become inaccessible due to the incident related to a third-party firm responsible for handling membership data. The National Cybersecurity Center and Information Commissioner’s Office have started investigating the incident. The Labour Party is working closely with law enforcement bodies and the third-party firm to fully estimate the scope of the incident.

According to the statement made by the Labour Party, its own data systems have remained unaffected. Apart from the party members, the affected data may include information received from the registered and affiliated supporters of the party as well as other individuals. Although there is no detailed information about the incident, it’s likely that the party has experienced a ransomware attack.

DDoS attacks have been added to extortion tactics by HelloKitty ransomware

The FBI has issued a special warning to private industry partners that DDoS attacks have been added to the arsenal of extortion tactics of the HelloKitty ransomware gang also known as FiveHands. Unless victims comply with the ransom demands, the ransomware gang threatens to bring their websites down. The HelloKitty ransomware group is known for stealing and encrypting victims’ sensitive information.

The ransomware group demands ransom payments be made in crypto. These malicious actors thoroughly assess the victim’s ability to pay before committing ransomware attacks. Malicious actors use various methods to compromise the targeted networks including compromised credentials and recently patched security flaws.