Lucene search
K

230 matches found

The Hacker News
The Hacker News
added 2023/09/26 11:49 a.m.49 views

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android ap...

6.6AI score
Exploits0
NVD
NVD
added 2023/08/09 10:15 p.m.24 views

CVE-2023-33242

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...

9.6CVSS9.3AI score0.01091EPSS
Exploits2References4
NVD
NVD
added 2023/08/09 10:15 p.m.22 views

CVE-2023-33241

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...

9.6CVSS9.3AI score0.01017EPSS
Exploits1References5
CVE
CVE
added 2023/08/09 9:1 p.m.59 views

CVE-2023-33242

CVE-2023-33242 affects crypto wallets implementing Lindell17 TSS. The vulnerability arises from mishandling aborts after a failed signature, allowing an attacker to exfiltrate the full ECDSA private key by extracting one bit per signature attempt (256 total). Connected materials include a PoC/exp...

9.6CVSS8.3AI score0.01091EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2023/08/09 9:1 p.m.21 views

CVE-2023-33242 Lindell17 TSS Abort Mishandling

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...

9.6CVSS9.5AI score0.01091EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/08/09 9:0 p.m.41 views

CVE-2023-33241 GG18 / GG20 TSS Beta Parameter Vulnerability

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...

9.6CVSS9.4AI score0.01017EPSS
Exploits1References5
CVE
CVE
added 2023/08/09 9:0 p.m.60 views

CVE-2023-33241

CVE-2023-33241 affects wallets using GG18/GG20 TSS (MPC) protocols. A malicious pallier key injected during the protocol and cheating in the range proof may allow an attacker to exfiltrate a full ECDSA private key (or other parties’ key shares), with the required effort potentially depending on B...

9.6CVSS9.2AI score0.01017EPSS
Exploits1References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/08/09 9:0 p.m.18 views

CVE-2023-33241 GG18 / GG20 TSS Beta Parameter Vulnerability

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...

9.6CVSS6.9AI score0.01017EPSS
Exploits1References5
hivepro
hivepro
added 2023/07/21 2:44 p.m.26 views

Kanti Ransomware Strikes Cryptocurrency Users

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kanti is a novel strain of ransomware that has been specifically designed to target cryptocurrency users. This sophisticated ransomware is cunningly crafted to infiltrate systems and encrypt files,...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/03 9:38 a.m.4 views

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/03 9:38 a.m.43 views

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

9.8CVSS8.9AI score0.85689EPSS
Exploits10
The Hacker News
The Hacker News
added 2023/04/28 11:59 a.m.39 views

New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer or AMOS on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim's machine, including...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/28 11:30 a.m.3 views

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented by Fortinet in 2020, with cybersecurity company Avast...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/03 9:20 a.m.2 views

Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service

A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/03/27 7:12 a.m.12 views

New Variant of BlackGuard Stealer Malware Steals Sensitive Information and Crypto Wallets

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the BlackGuard stealer malware that propagates through removable media and hijacks crypto wallets. It can steal sensitive information from various applications and supports stealing...

6.4AI score
Exploits0
HackRead
HackRead
added 2023/02/15 9:13 p.m.17 views

New MortalKombat Ransomware Attack Aiming for Crypto Wallets

By Habiba Rashid Hackers are deploying the MortalKombat ransomware and Laplas Clipper malware in a financially motivated campaign against victims worldwide. This is a post from HackRead.com Read the original post: New MortalKombat Ransomware Attack Aiming for Crypto Wallets...

4AI score
Exploits0
HackRead
HackRead
added 2023/02/13 7:20 p.m.20 views

Hackers Aim at Crypto Wallets with Hacked Namecheap Phishing Emails

By Deeba Ahmed Namecheap users should remain cautious, as hackers are using its inbox to scam users through phishing emails designed… This is a post from HackRead.com Read the original post: Hackers Aim at Crypto Wallets with Hacked Namecheap Phishing Emails...

2AI score
Exploits0
OSV
OSV
added 2023/02/11 7:30 p.m.8 views

MAL-2023-2333 Malicious code in tkccalendar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 254bade3f624909b0affad604dd128b2212d3e5debf35db4303405002ec22a5b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/02/11 7:27 p.m.13 views

MAL-2023-2316 Malicious code in tkcaelndar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8c49be3ad2a45b16c6ad5922865a55eb1b6086e4af4f531855090f53be356741 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 12:45 p.m.7 views

Malicious code in beautifulsuop (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx df1ed5abeb9bc99da5bd07d1c2408f50915eb7cf6e632c80f3fa50bf8e4561c1 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
Rows per page
Query Builder