MarginAccount.sol - Asset transfer to insuranceFund is lost.

Lines of code Vulnerability details Impact MarginAccount.sol - Line 377, token asset is transferred into insuranceFund but not found any function to transfer asset out of insuranceFund. Proof of Concept Add any ERC20 token to Collateral list Call settleBadDebt Recommended Mitigation Steps Add...

The Big Target on Cyber Insurers' Backs

Here at IntSights, a Rapid7 company, our goal is to equip organizations around the world with an understanding of the threats facing them in today's cyber threat landscape. Most recently, we took a focused look at the insurance industry — a highly targeted vertical due to the amount of personally...

A week in security (January 24 – 30)

Last week on Malwarebytes Labs: QNAP update stops Deadbolt ransomware, annoys some users, starts debate Big Mother is watching: What parents REALLY think about tracking their kids Update now! Apple patches another actively used zero-day Let’s Encrypt to revoke “mis-issued” certificates North...

Cyberinsurance companies don’t want to pay out for “acts of war”

Due to the evolving and growing impact of cybersecurity incidents there are some questions starting to arise about the way that insurance companies deal with the costs that are the results of such incidents. Cyber insurance is a form of cover designed to protect your business from threats in the...

Merck Wins Insurance Lawsuit re NotPetya Attack

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment attached in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck...

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck’s cyber-insurance company, International Indemnity, was claiming the losses fell...

Expired insurance status set incorrectly after unlock of funds

Handle ye0lde Vulnerability details Impact Expired insurance status set incorrectly after unlock of funds The insurance status is not set to false and the unlock function can be called over and over driving the lockedAmount to 0. The distorted lockedAmount will then cause liquidity and utilizatio...

System Debt Is Not Handled When Insurance Pools Become Insolvent

Handle leastwood Vulnerability details Impact If an incident has occurred where an insurance policy is to be redeemed. The market is put into the MarketStatus.Payingout mode where the insurance.insured account is allowed to redeem their cover and receive a payout amount. Upon paying out the...

applyCover() Does Not Enforce Index Market Lock

Handle leastwood Vulnerability details Impact The applyCover function is called by the insurance pool owner and intends to store data related to an insurance incident. Upon function execution, applyCover iterates over all available index markets and calls lock, denying all deposits and withdrawal...

unlock function is callable by anyone

Handle Fitraldys Vulnerability details Impact In the the unlock function is callable by anyone, and there is no check if the caller is the correct insured address or not, this can be dangerous because it relies on parameters.getGracemsg.sender, which if the msg.sender didnt have any grace, it wil...

Owner can call applyCover multiple times in PoolTemplate.sol

Handle camden Vulnerability details Impact The owner could potentially extend the insurance period indefinitely in the applyCover function without ever allowing the market to resume. This is because there is no check in applyCover to ensure that the market is in a Trading state. This can also all...

FIN7 Mails Malicious USB Sticks to Drop Ransomware

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services HHS and/or Amazon to target the transportation, insurance and defense industries for ransomware infection, the FBI warned on Friday. In a security alert sent to organizations, the FBI sai...

Insurance funds are never unlocked

Handle p4st13r4 Vulnerability details Impact There is a typo in the unlock function, when setting the status of an insurance to false. function unlockuint256 id public require insurancesid.status == true && marketStatus == MarketStatus.Trading && insurancesid.endTime + parameters.getGracemsg.send...

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

Security Bulletin: IBM Insurance Information Warehouse is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Insurance Information Warehouse. This affects the Industry Models - Glossary Tools optional component. The fix includes Apache Log4j v2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j...

FBI traces and grabs back $150 million theft that was turned into bitcoins

On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17 billion yen through an illegal money transfer from an overseas unit. On the same day 3,879 bitcoins, worth about $150 million, were seized by law enforcement, and on the...

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd’s of London. The insurance juggernaut’s underwriting director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining...

Lessons from a real-life ransomware attack

Ransomware attacks, despite dramatically increasing in frequency this summer, remain opaque for many potential victims. It isn’t anyone’s fault, necessarily, since news articles about ransomware attacks often focus on the attack, the suspected threat actors, the ransomware type, and, well, not mu...

secure.pedalpowerinsurance.ca Cross Site Scripting vulnerability OBB-2200140

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

A recent report found that two-thirds, or 67 percent, of surveyed organizations have suffered a ransomware attack, about half have been hit multiple times, and 16 percent have been hit three or more times. According to Fortinet’s Global State of Ransomware Report 2021 PDF, released last week, mos...