According to recent security research conducted by Outpost24, 80% of the top EU pharmaceutical companies may be referred to as “critically exposed” to possible cyberattacks. Pharmaceutical giants run many web applications and close to 3.3% of them are suspicious such as open test environments. Also, 18% of analyzed pharmaceutical giants use unpatched and not up-to-date web components containing known vulnerabilities.
The crypto company bZx admitted that a hacker succeeded in stealing millions of dollars in different cryptocurrencies after one of its developers fell victim to a phishing attack. According to the estimations provided by the security company SlowMist, the total amount of losses experienced by the project has equalled more than $55 mln. 25% of total losses are personal losses resulting from the compromise of the team wallet. bZx is the crypto company operating in the DeFi segment. According to the statement made by bZx, the hack affected lenders, borrowers, and farmers whose funds were on two networks, namely, Polygon and Binance Smart Chain.
The funds were stolen from the wallets, the owners of which had approved unlimited spend. The attack began with a phishing email containing a malicious macro in a Word document sent to one of bZx developers. The Word document resembled a legitimate email attachment. As a result, hackers succeeded in compromising the mnemonic phrase to the developer’s personal wallet.
The details of a new Russian-speaking cyber-mercenary group responsible for a number cyberattacks as a result of which more than 3,500 individuals have fallen victims over the last 6 years have been revealed by researchers from Trend Micro. The group is dubbed “Void Balaur” and it participates in different underground Russian language forums under the name “Rockethack”. The hacker group focuses on compromising the email and social media accounts and selling sensitive information.
The list of companies that have experienced cyberattacks initiated by this hacker group includes financial services firms, ATM vendors, medical insurers, and IVF clinics. However, this malicious group is also actively targeting human rights activists, journalists, scientists, politicians, and cryptocurrency users. The main instruments used by this malicious group to compromise victims are phishing and info-stealing malware.
The fatal flaw has been discovered in the codebase of one of the biggest NFT marketplaces by trade volume. The exploitation of this bug by malicious actors could have resulted in the creation of fake blue-chip NFTs. The researcher who has revealed a flaw is a developer of smart contracts for NFT and Web 3.0 as part of RUG.TECH. The bug enabled minting NFTs appearing to be created by any ETH wallet without any approval from the side of the wallet owner.
The developer slammed Opensea suggesting that the marketplace is not paying enough attention to security. At the time when blockchain projects are ready to pay huge money to ethical researchers for revealing bugs in their infrastructure, Opensea pays close to nothing. Opensea had been initially going to pay the researcher 3 ETH but then rescinded the offer.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.