Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
Cloud Penetration Testing
Secure your cloud with Hacken's expert penetration testing. Our certified team delivers tailored security solutions for AWS, Azure, Kubernetes, and more, ensuring your data's safety.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

Weekly News Digest #9

Weekly News Digest #9

2 minutes

New Chrome 0-day Under Active Attacks – Update Your Browser Now

The new Chrome Zero-day vulnerability is actively exploited by the intruders. So Google is urgently notifying all users to update their browsers. Tracked as CVE-2020-15999, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open-source software development library for rendering fonts that comes packaged with Chrome.

Link here

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

On Monday, the US government published a list of Russian government hackers. They are people who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU). They have been accused of perpetrating the “most disruptive and destructive series of computer attacks ever attributed to a single group.” Five years ago, Russian hackers belonged to Sandworm (aka APT28, Telebots, Voodoo Bear, or Iron Viking) group. This group attacked Ukraine’s power grid, Ministry of Finance, and State Treasury Service using malware such as BlackEnergy, Industroyer, and KillDisk. Before embarking on a spree of destructive cyberattacks — including unleashing NotPetya in 2017.

Link here

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

A group of companies (Microsoft, MITRE, IBM, NVIDIA, and Bosch) has released a new open framework for cybersecurity called the Adversarial ML Threat Matrix. That aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.

Companies hope to address threats against the weaponization of data with a curated set of vulnerabilities and adversary behaviors that Microsoft and MITRE vetted to be effective against ML systems.

Link here

Researcher: I Hacked Trump’s Twitter by Guessing Password

An ethical hacker Victor Gevers claims it only took five attempts to suggest the password to President Donald Trump’s Twitter account — “maga2020!”. Donald Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, says the researcher.

Link here

Oracle Kills 402 Bugs in Massive October Patch Update

Oracle attracts customers to update their systems in the October release of its quarterly Critical Patch Update, which fixes 402 vulnerabilities across various product families. The bulk of the vulnerabilities are in Oracle Financial Services Applications, Oracle MySQL, Oracle Communications, Oracle Fusion Middleware, Oracle Retail Applications, and Oracle E-Business Suite. More than 20 Oracle product families are affected by the flaws. Users can find a patch availability document for each product on the official website.

Link here