WordPress Bitcoin Payments – Blockonomics Security Vulnerabilities

Ryuk ransomware laundering leads to guilty plea

Ryuk, a mainstay of the ransomware scene for some years until it transformed into Conti (and then split off into other groups after that), is back in the news again... though not in the way you might have imagined. It's not a compromise, or a surprise comeback. What we have is a guilty plea, as a.....

Ransomware review: February 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked....

Darkdump2 - Search The Deep Web Straight From Your Terminal

About Darkdump (Recent Notice - 12/27/22) Darkdump is a simple script written in Python3.11 in which it allows users to enter a search term (query) in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump2.0 is here, enjoy! Installation git clone...

Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware

A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. Denis Mihaqlovic Dubnikov, 30, was arrested in Amsterdam in November 2021 before he was extradited...

Actors, Threats and Vulnerabilities 30 January to 5 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, Sandworm Team, is a well-known Russian threat actor known for Sabotage and destruction. The...

CVE-2021-37492

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll()...

CVE-2021-37492

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll()...

CVE-2021-37492

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll()...

Design/Logic Flaw

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll()...

CVE-2021-37491

An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction()...

CVE-2021-37491

An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction()...

CVE-2021-37491

An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction()...

Design/Logic Flaw

An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction()...

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are...

CVE-2021-37491

An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction()...

CVE-2021-37492

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll()...

CVE-2023-0096

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Mercado Pago payments for WooCommerce < 6.4.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

Exploit for Out-of-bounds Write in Vmware Cloud Foundation

Feb2023-CVE-2021-21974-OSINT Analysis of the ransom demands...

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate......

Threat Round up for January 27 to February 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 27 and Feb. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,.....

Business Email Compromise attack imitates vendors, targets supply chains

Today we have a fascinating tale of a business email compromise (BEC) group steering clear of targeting executives, in favour of fouling up supply chains instead. The attack, which may sound overly complicated, is a fairly streamlined attack with the intention of making a lot of money. BEC: What...

Cyberthreats facing UK finance sector "a national security threat"

As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year. Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million (roughly $750 million) through...

VectorStealer Malware steals Sensitive Information via RDP Hijacking and Phishing Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary VectorStealer is a malware that steals .rdp files through phishing emails, can be generated for USD 63 in Bitcoin, exfiltrates stolen information through SMTP, Discord, or Telegram, and uses the KGB...

Up to 10 million people potentially impacted by JD Sports breach

We're at the start of February, and news of breaches keeps on coming. In this case, though, while the news that 10 million JD Sports customers may have been impacted by a cyber attack has only just arrived, the data potentially accessed in that attack is already several years old. The danger zone.....

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4j...

Ransomware Payments Are Down

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are...

Prilex modification now targeting contactless credit card transactions

Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks. Prilex goes beyond these, and it...

Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen

By Habiba Rashid Ronald Craig Ilg, 56 of Spokane, Washington wanted dark web hitmen to assault his wife and a former colleague. This is a post from HackRead.com Read the original post: Doctor Paid $60k in Bitcoin to Hire Dark Web...

Hive! Hive! Hive! Ransomware site submerged by FBI

On January 26, 2023, the United States Department of Justice (DoJ) released details about a disruption campaign against the Hive ransomware group. The disruption campaign has reportedly had access to Hive's infrastructure since July of 2022. Its access became public on Thursday when Hive's dark...

Threat Round up for January 20 to January 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 20 and Jan. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,....

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort

In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of....

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the...

PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money

On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email claimed that the site had been hacked due to a...

Ransomware revenue significantly down over 2022

According to blockchain data platform Chainalysis, ransomware revenue "plummeted" from $765.6 in 2021 to at least $456.8 in 2022. The data is based on an analysis of the cryptocurrency addresses known to be controlled by ransomware attackers. Precision While the real numbers are likely much...

[updated]Ransomware money laundering operation disrupted, founder arrested

The US Department of Justice (DOJ) has released information about the arrest of Anatoly Legkodymov, the founder and majority owner of a cryptocurrency exchange called Bitzlato, on money laundering charges. Legkodymov, a Russian national who lives in China, is accused of processing over $700...

CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

CVE-2022-47196

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

CVE-2022-47195

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

CVE-2022-47194

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

LastPass users should move their crypto funds, experts warn

Several experts have warned LastPass users who store cryptocurrency-related login information in their vaults to change that login information as soon as they can. Apparently, cybercriminals who have access to the stolen information are making it a priority to decrypt the data in an attempt to...

Overflow/Underflow in interest calculation caused by lack of timestamp validation in _getInterest() & _getRemainingInterest() function

Lines of code https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L775-L782 Vulnerability details Impact An attacker could manipulate the last timestamp of a lien in the stack struct to cause an underflow or overflow in the interest...

Wrong implementations in ERC4626RouterBase contract

Lines of code Vulnerability details The ERC4626RouterBase contract contains a set of functions that act as wrappers for a ERC4626 contract, providing a base periphery functionality around a ERC4626 vault. There are a number of different flaws in the wrapped implementations of mint, deposit,...

Attacker can fake an ERC20 token as the paymentToken and call ClearingHouse.safeTransferFrom() to prematurely settle the auction, preventing the actual auction from completing

Lines of code Vulnerability details Impact ClearingHouses are deployed for each new loan and settle payments between Seaport auctions and Astaria Vaults if a liquidation occurs. However, due to the lack of proper data validation in the current implementation, anyone can fake a token and transfer...

LienToken: Lender and liquidator can collude to block auction and seize collateral

Lines of code https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L642-L643 Vulnerability details If a lender offers a loan denominated in an ERC20 token that blocks transfers to certain addresses (for example, the USDT and USDC blocklist),....

Purchaser of a lien token may not receive payments

Lines of code https://github.com/code-423n4/2023-01-astaria/blob/main/src/LienToken.sol#L900-L909 https://github.com/code-423n4/2023-01-astaria/blob/main/src/LienToken.sol#L911-L919 Vulnerability details Impact A purchaser who buys out an existing lien via buyoutLien() will not receive future...

The FBI Identified a Tor User

No details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts "unofficial propaganda and photographs related to ISIS" multiple times on May 14, 2019. In virtue of being a dark web site--­that is, one hosted on the Tor anonymity network--­it...

Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC [wp_paypal_payment_box_for_any_amount...