Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
Cloud Penetration Testing
Secure your cloud with Hacken's expert penetration testing. Our certified team delivers tailored security solutions for AWS, Azure, Kubernetes, and more, ensuring your data's safety.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

Weekly News Digest #8

Weekly News Digest #8

2 minutes

800,000 SonicWall VPNs vulnerable to new remote code execution bug

Over 800,000 internet-accessible SonicWall VPN appliances are vulnerable to CVE-2020-5135, a critical bug with a rating of 9.4 out of 10. It is assumed to happen under active exploitation once proof-of-concept code is made publicly available.

Link here

Barnes & Noble Hack: A Reading List for Phishers and Crooks

Barnes & Noble is advising that it has been hacked, possibly exposing personal data for customers. The company did offer condolences in what’s become a response to data breaches. They also announced that the company possibly was hacked over not updated Pulse Secure VPN service.

Link here

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google project zero research center notice of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. An attacker can send a malicious Bluetooth packet which gains access to the device to the victim.

Link here

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

On October 2020 Patch Tuesday, Microsoft published the patches for 87 newly discovered security vulnerabilities, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and Office Services, and Web Apps, Visual Studio, Azure Functions, .NET Framework, Microsoft Dynamics, Open Source Software, Exchange Server, and the Windows Codecs Library.

Link here

FIN11 hackers jump into the ransomware money-making scheme

One of the most popular financially motivated cybercrime groups FIN11 jumps into the ransomware money-making scheme. A group of researchers published an overview of the FIN11 activity and its transition to the ransomware scene. The researchers treat the group as a separate threat actor, noting its significant overlap in tactics, techniques. Based on their investigation, the researchers have moderate confidence that FIN11 works from the Commonwealth of Independent States (CIS – former Soviet Union countries).

Link here