微信打赏（Wechat Reward) Security Vulnerabilities

Creating rewardTokens without streaming depositTokens

Handle bitbopper Vulnerability details Impact stake and withdraws can generate rewardTokens without streaming depositTokens. It does not matter whether the stream is a sale or not. The following lines can increase the reward balance on a withdraw some time after stake:...

Any arbitraryCall gathered airdrop can be stolen with recoverTokens

Handle hyh Vulnerability details Impact Any airdrop gathered with arbitraryCall will be immediately lost as an attacker can track arbitraryCall transactions and back run them with calls to recoverTokens, which doesn't track any tokens besides reward, deposit and incentive tokens, and will give the....

Storage variable unstreamed can be artificially inflated

Handle harleythedog Vulnerability details Impact The storage variable unstreamed keeps track of the global amount of deposit token in the contract that have not been streamed yet. This variable is a public variable, and users that read this variable likely want to use its value to determine...

Malvertising attack distributes malicious Chrome extensions, backdoors

By Waqas Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield,.....

New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and.....

Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

Not every secure messaging app is as safe as it would like us to think. And some are safer than others. A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about...

UniswapHandler.maltMarketPrice returns wrong decimals

Handle cmichel Vulnerability details The UniswapHandler.maltMarketPrice function returns a tuple of the price and the decimals of the price. However, the returned decimals do not match the computed price for the else if (rewardDecimals < maltDecimals) branch: else if (rewardDecimals <...

RewardReinvestor.provideReinvest and splitReinvest are vulnerable to sandwich attacks as market price isn't checked

Handle hyh Vulnerability details Impact Liquidity provision can happen at a manipulated price which leads to immediate loss for liquidity provider (i.e. IL happens right after liquidity provision in this case). This yields direct loss for an LP account owner, for example (schematically): 0....

AbstractRewardMine.sol#setRewardToken is dangerous

Handle 0x0x0x Vulnerability details Impact In case the reward token is changed, totalDeclaredReward will be changed and likely equal to 0. Since _userStakePadding and _globalStakePadding are accumulated, changing the reward token will not reset those values. Thus, it will create problems....

MiningService _withdrawMultiple will fail most of the times

Handle hyh Vulnerability details Impact Impact depends on subtraction overflow handling and this way on the compiler version used for production deployment. If compiler version above 0.8: The compiler will check subtraction and fail, so: a user will have all withdrawals failed most of the times,...

onUnbond calculations incorrect leading to lost funds

Handle harleythedog Vulnerability details Impact Consider the stake padding example given in the contest description here: https://code4rena.com/contests/2021-11-malt-finance-contest. At the end of the example, User A has 100 bonded LP and has 100 stake padding. User B has 100 bonded LP and 200...

New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists

North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the....

ZStack Remote Code Execution Vulnerability

ZStack is a product of Shanghai Cloud Axis Information Technology Co. The ZStack remote code execution vulnerability can be exploited by attackers to execute arbitrary code to gain control of the...

CVE-2021-40833

A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus...

CVE-2021-40833

A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus...

Denial of service

A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus...

CVE-2021-40833 Denial-of-Service (DoS) Vulnerability

A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus...

“Free Steam games” videos promise much, deliver malware

Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO (fear of missing out) is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after.....

Windows Installer vulnerability becomes actively exploited zero-day

Sometimes the ways in which malicious code gets in the hands of cybercriminals is frustrating for those in the industry, and incomprehensible to those on the outside. A quick summary of the events in the history of this exploit: A researcher found a flaw in Windows Installer that would allow an...

Iranians Charged in Cyberattacks Against U.S. 2020 Election

The U.S. Department of Justice has unsealed charges against two Iranian nationals for cyberattacks against the U.S. 2020 presidential campaign, and there’s a $10 million reward offered for information on their activities. The two men, Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian,...

Malwarebytes CrackMe – contest summary

On October 29 we published our third CrackMe Challenge and announced two parallel tracks for the contest: "The fastest solve" , and "The best write-up". In the first category ("The fastest solve" ), we got three winners already the first weekend following publication. Big congratulations to: **...

U.S. Charged 2 Iranian Hackers for Threatening Voters During 2020 Presidential Election

The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one...

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement multi-factor authentication. • Use strong, unique...

Transmuter yield can be gamed by only staking when yield is distributed

Handle cmichel Vulnerability details The Transmuter.distribute function distributes the yield to the buffer which is then distributed to all stakers over a TRANSMUTATION_PERIOD, see runPhasedDistribution and updateAccount. If the elapsed time from the last phase distribution is greater than the...

Exploit for Improper Authentication in Apache Shenyu

Apache ShenYu Admin爆出身份验证绕过漏洞，攻击者可通过该漏洞绕过JSON Web Token...

Path Traversal in welliamcao/opsmanage

漏洞 README.md文件中的nginx配置存在安全漏洞，导致恶意攻击者可以任意读取项目中的文件。 # POC 对于github上的demo地址，一种可行的攻击方式为： http://42.194.214.22:8000/static../ 可以看到读取到整个项目的文件。如果用户对该项目进行过二开，并在init.sql，conf/中写入了一些敏感信息，可能造成较大危害 影响...

Streaming wars continue — what about cyberthreats?

Last year became a banner year for the online entertainment industry. Driven by the pandemic lockdown restrictions and imposed work-from-home policies, people got to spend more time at home looking for replacements for familiar sources of entertainment. While theatres and sports stadiums suffered.....

U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang

The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down....

REvil Ransom Arrest, $6M Seizure, and $10M Reward

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1...

SAP Business Technology Platform信息泄露漏洞

SAP Business Technology Platform is a business technology platform from SAP Germany that integrates intelligent enterprise applications with database and data management, analytics, integration and extension capabilities into a single platform for cloud and hybrid environments, including hundreds.....

Google Assistant Authentication Bypass

...

Kunyu - More Efficient Corporate Asset Collection

Kunyu, More Efficient Corporate Asset Collection 0x00 Introduce Tool introduction Kunyu (kunyu), whose name is taken from , is actually a professional subject related to geographic information, which counts the geographic information of the sea, land, and sky. The same applies to cyberspace....

Wanted! US offers $10m bounty for ransomware kingpins

The US State Department is offering a massive $10 million reward if you can help bring DarkSide to justice. The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership...

Feds Offer $10 Million Bounty for DarkSide Info

The federal government has upped the ante in its fight against ransomware by offering a $10 million reward for information leading to the identification or location of leaders of the DarkSide ransomware group. The U.S. Department of State unveiled the reward on Thursday, adding a $5 million reward....

U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group

The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up...

Exploit for Improper Privilege Management in Microsoft

CVE+2021 42286...

Logging audit system of Deep Impact Technology Co. is vulnerable to a logic flaw

Ltd. is a provider of products and services focused on enterprise-class security, cloud computing, IT infrastructure and Internet of Things. A logic flaw vulnerability exists in the log auditing system of Deep Impact Technology Co., Ltd. which can be exploited by attackers to arbitrarily reset...

US offers $10m reward for decisive info on DarkSide ransomware gang

By Waqas The US is offering $10 million to anyone who can provide information to law enforcement authorities on the infamous DarkSide ransomware gang that may help in locating and arresting its operators. This is a post from HackRead.com Read the original post: US offers $10m reward for decisive...

Liaoning Vtime Technology 188Jianzhan SQL Injection Vulnerability

Liaoning Vtime Technology 188Jianzhan is an open source website builder from Liaoning Vtime Technology. 188Jianzhan v2.1.0 is vulnerable to SQL injection. The vulnerability is caused by a lack of valid restrictions and escaping of the username parameter in login.php. An attacker could use this...

Spam and phishing in Q3 2021

Quarterly highlights Scamming championship: sports-related fraud This summer and early fall saw some major international sporting events. The delayed Euro 2020 soccer tournament was held in June and July, followed by the equally delayed Tokyo Olympics in August. Q3 2021 also featured several F1...

Fortinet FortiManager VM和FortiAnalyzer Vm信息泄露漏洞

Fortinet FortiManager VM is a centralized network security management platform for virtual machines. FortiAnalyzer Vm is a virtual machine that provides the ability to group devices into different management domains (ADOMs) for security deployment and management. FortiAnalyzer Vm is a virtual...

Grief Ransomware Targets NRA

A ransomware group tied to Russia claims to have stolen data from the National Rifle Association (NRA) in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation. The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its....

ReferralFeePoolV0.sol#claimRewardAsMochi() Array out of bound exception

Handle WatchPug Vulnerability details function claimRewardAsMochi() external { IUSDM usdm = engine.usdm(); address[] memory path = new address ; path[0] = address(usdm); path[1] = uniswapRouter.WETH(); path[2] = address(engine.mochi()); ...

Missing slippage checks

Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets.....

Exploit for Use After Free in Google Chrome

CVE-2021-30573-PoC-Google-Chrome Google Chrome Use After...

Ongoing Cyber Threats to U.S. Water and Wastewater Systems

Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. _• If you use RDP, secure and monitor it. • _Use strong passwords. • Use multi-factor authentication. Note: This advisory uses the MITRE Adversarial...

Referrer can drain ReferralFeePoolV0

Handle gzeon Vulnerability details Impact function claimRewardAsMochi in ReferralFeePoolV0.sol did not reduce user reward balance, allowing referrer to claim the same reward repeatedly and thus draining the fee pool. Proof of Concept L28-47 did not reduce user reward balance Tools Used None...

WordPress Wechat Reward plugin cross-site request forgery vulnerability

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress Wechat Reward plugin in versions 1.7 and.....

Oracle PeopleSoft Enterprise信息泄露漏洞

Oracle PeopleSoft Products is an enterprise human capital management solution from Oracle Corporation. An information disclosure vulnerability exists in the Supplier Portal component of Oracle PeopleSoft Enterprise SCM version 9.2. An attacker could compromise Oracle PeopleSoft Enterprise SCM by...

takeOutRewardTokens(): epochs calculation should be rounded up

Handle hickuphh3 Vulnerability details Impact If the owner would like to remove rewards, the number of epochs affected could potentially be 1 less because solidity division rounds down, resulting in more rewards taken out than allowed. Proof of Concept Assume currentEpoch is 1000 end epoch is...