531 matches found
Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users
By Deeba Ahmed A Chinese-speaking, technically skilled threat actor distributes backdoored applications to extract cash from victims in a newly discovered… This is a post from HackRead.com Read the original post: Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users...
Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, t...
Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users
Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. "As cryptocurrency and non-fungible tokens NFTs become more mainstream, and captu...
Malicious code in web3-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf78823fc9ddf62eca0f10cc1821da790ae75e4f0cf267dfc45b5a6b5e21c7b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7085 Malicious code in web3-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf78823fc9ddf62eca0f10cc1821da790ae75e4f0cf267dfc45b5a6b5e21c7b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in web3-util-update (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a079ce568f965c6fa2d0c2fa555d7c1956d79fa87d4e252ca54afaa5e677d3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7086 Malicious code in web3-util-update (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a079ce568f965c6fa2d0c2fa555d7c1956d79fa87d4e252ca54afaa5e677d3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Airdrop phishing: what is it, and how is my cryptocurrency at risk?
Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. You may well have heard the term in passing, and wondered what an Airdrop is. Is your iPhone about to be Airdrop...
Rarible NFT Marketplace Flaw Could've Let Attackers Hijack Crypto Wallets
Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token NFT marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. "By luring victims to click on a malicious NFT, an attacker can take full...
lahno-web3.de Improper Access Control vulnerability OBB-2394480
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress EthPress – Web3 Login plugin <= 1.5.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress EthPress – Web3 Login plugin versions = 1.5.0. Solution Update the WordPress EthPress – Web3 Login plugin to the latest available version at least 1.5.1...
WordPress EthPress – Web3 Login plugin <= 1.5.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress EthPress – Web3 Login plugin versions = 1.5.0. Solution Update the WordPress EthPress – Web3 Login plugin to the latest available version at least 1.5.1...
Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks
Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defende...
Building the Future — Akamai’s Outlook on the Linode Acquisition
Akamai announced our intent to acquire Linode. The acquisition is intended to create the world’s most distributed compute platform. This new cloud to edge platform will make it easier for developers and businesses to build, run, and secure applications, especially given the complexities of Web3...
‘Ice phishing’ on the blockchain
The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and abusers. Social engineering represents a class of threats that has extended to virtually every technology that enables huma...
‘Ice phishing’ on the blockchain
The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and abusers. Social engineering represents a class of threats that has extended to virtually every technology that enables huma...
Can not update target price
Handle jonah1005 Vulnerability details Impact The sanity checks in rampTargetPrice are broken SwapUtils.solL1571-L1581 if futureTargetPricePrecise = initialTargetPricePrecise, "futureTargetPrice is too small" ; else require futureTargetPricePrecise =...
Freeze The Bridge Via Large ERC20 Names/Symbols/Denoms
Handle nascent Vulnerability details Ethereum Oracles watch for events on the Gravity.sol contract on the Ethereum blockchain. This is performed in the checkforevents function, ran in the ethoraclemainloop. In this function, there is the following code snippet: let erc20deployed = web3...
All Vulnerabilities for web3.sydneygirl-h.schools.nsw.edu.au Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| web3.sydneygirl-h.schools.nsw.edu.au...
Data Corruption
vyper causes data corruption. Incorrect data handling allows an attacker to cause a data corruption via certain Web3 libraries with Vyper-deploy forwarder proxy contracts using Vyper's built-in createforwarderto function...