Lucene search
+L

224 matches found

The Hacker News
The Hacker News
added 2023/04/27 11:45 a.m.38 views

LimeRAT Malware Analysis: Extracting the Config

Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/04/21 1:5 a.m.33 views

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/04/03 12:0 a.m.12 views

Attacker can steal the locked NFT in protocol because of lacking check in function borrowToBuy()

Lines of code Vulnerability details Impact In function borrowToBuy, the borrower takes a loan offer and uses the funds to purchase NFT. / Take the loan offer. / takeLoanOfferoffer, signature, lienId, loanAmount, collateralTokenId; / Lock token. / offer.collection.transferFrommsg.sender,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/03 12:0 a.m.12 views

Attacker can take a loan offer without providing the NFT from requested collection by using function borrowerRefinance()

Lines of code Vulnerability details Impact Function borrowerRefinance allows the borrower to repay the previous loan and take a different loan offer. In the codebase, there is no check to ensure that collateral collection of previous loan and new loan offer are the same. It can be abused by an...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/13 10:0 a.m.2 views

Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!

As the new year begins, it's more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets. But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to. Kickstart the...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/12/12 5:0 a.m.18 views

The weirdest security stories of 2022

Theres been a lot of weird and frankly bizarre attacks over the course of 2022, nestled in amongst the usual ransomware outbreaks and data breaches. Whether were talking social media, email, or even malware, theres been a mind bending tale of tall behaviour in almost every corner. Its time to...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/26 4:2 p.m.44 views

This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level

If you regularly read The Hacker News, there's a fair chance that you know something about cybersecurity. It's possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses, The...

Exploits0
The Hacker News
The Hacker News
added 2022/07/11 6:43 a.m.62 views

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/08 4:7 p.m.17 views

Fake job offer leads to $600 million theft

Back in March, popular NFT battler Axie Infinity lay at the heart of a huge cryptocurrency theft inflicted on the Ronin network. From the Ronin newsletter: There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2022/07/04 12:0 a.m.12 views

Counter offer is not implemented correctly

Lines of code Vulnerability details Impact acceptCounterOffer is not verifying if the original order has already been filled. In case maker makes a counter offer and by the time counter offer is called, some user has already filled the original order then both original and counter offer will be...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.9 views

Caller always pays for ETH even for ETH offer items

Lines of code Vulnerability details Impact It's possible to create ItemType.NATIVE offer items that the offerer should pay for but this is not possible as only the caller fulfiller can send native tokens ETH when fulfilling an order. Therefore, this item type does not make sense in an offer. The...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/31 12:0 a.m.8 views

Offer and consideration should be sorted when calculating orderHash

Lines of code Vulnerability details Impact When calculating the orderHash, the orderHash will be different due to the order of the elements in the offer and consideration, and the user is likely to get the wrong orderHash due to the wrong order. This will greatly increase the chances of the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/28 12:0 a.m.7 views

Wrong formula to calculate new t_pay_amt in _matcho function (RubiconMarket.sol)

Lines of code Vulnerability details Impact functionmatcho won't work as expected tpayamount updated incorrectly can lead to reverted transaction because not enough fund to transfer Proof of Concept In matcho function, after matching with offer, tbuyamt and tpayamt will updated as follow: tbuyamto...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/04 12:37 p.m.38 views

Fake Cyberpunk Ape Executives target artists with malware-laden job offer

The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures. The Ape Executives have a job offer you can, and must, refuse Lots of people with art profiles ...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/29 10:18 a.m.42 views

Warning! Instagram Stories hides a scam in plain sight

When someone finds their social media account compromised, they first think about letting their followers know. And they do. They warn others from reading any strange posts, usually containing a rogue link, before they sort out the matter behind the scenes. Some curious followers who missed these...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.12 views

buyFromPrivateSaleFor() Will Fail if The Buyer Has Insufficient Balance Due to an Open Offer on The Same NFT

Lines of code Vulnerability details Impact The buyFromPrivateSaleFor function allows sellers to make private sales to users. If insufficient ETH is provided to the function call, the protocol will attempt to withdraw the amount difference from the user's unlocked balance. However, if the same use...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

Escrowed NFT can be stolen by anyone if no active buyPrice or auction exists for it

Lines of code Vulnerability details Impact If a NFT happens to be in escrow with neither buyPrice, nor auction being initialised for it, there is a way to obtain it for free by any actor via makeOffer, acceptOffer combination. I.e. a malicious user can track the FNDNFTMarket contract and obtain a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/28 12:0 a.m.11 views

NFT tranfered to market directly can be took by anyone

Lines of code Vulnerability details Proof of Concept 1. Offer can be made on any NFT if: 1. Not in active auction 2. No existing offer 3. The new offer amount is greater than existing offer 1. No access control on acceptOffer , anyone can send tx and reach this line which lead to transfer from...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/28 12:0 a.m.13 views

_autoAcceptOffer doesn't check if caller of setBuyPrice owns the NFT

Lines of code Vulnerability details Impact An attacker can create an offer then auto accept that offer for an NFT they don't own. This can happen for any NFT that the contract is approved for, or any NFT left in escrow with no active limitations Proof of concept Alice has an NFT that they either...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.32 views

Siemens Nucleus RTOS-based APOGEE and TALON Products Out-of-Bounds Read (CVE-2021-31881)

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

7.5CVSS7.8AI score0.01477EPSS
Exploits0References6
Rows per page
Query Builder