12 matches found
Malicious initial reserve ratio can be used to rug lenders collateral
Lines of code Vulnerability details Impact Wildcat protocol provides borrowers the ability to adjust annual interest BIPs after market deployment. In order to protect lenders the protocol increases the reserve ratio of ratio of the market to 90% for two weeks. The increased reserve ratio allows...
Lack of access control on overrideSanction(), any user can override sanctioned address
Lines of code Vulnerability details Impact Without proper access control, any address can call the overrideSanction function and override the sanction status of an account. This can potentially be exploited by malicious actors to bypass sanctions and carry out unauthorized actions, putting the...
Sanction Bypass Through Depositing to Authorized Borrower's Market
Lines of code Vulnerability details Impact Wildcat protocol provides lending with lender backed collateral considered as reserves and the ratio must be upheld by the borrower. The protocol team has taken certain steps to prevent interaction with sanctioned users. However, sanction status is only...
TrickBot gang members sanctioned after pandemic ransomware attacks
In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot alias "TrickLoader", a mainstream banking Trojan turned malware-as-a-service MaaS platform for other criminal...
Microsoft: Iranian Nation-State Group Sanctioned by U.S. Behind Charlie Hebdo Hack
An Iranian nation-state group sanctioned by the U.S. government has been attributed to the hack of the French satirical magazine Charlie Hebdo in early January 2023. Microsoft, which disclosed details of the incident, is tracking the activity cluster under its chemical element-themed moniker...
Reuse of signature to get KYCd after it has been removed
Lines of code Vulnerability details Impact There is no time limit on the validity off KYC digests and users with a removed KYC are not saved. If a issuer of such a digest is either compromised or if they by mistake issue a digest with a deadline far into the future a user could reuse the same...
Add to Blacklist function
Lines of code Vulnerability details L-2. Add to Blacklist function Description: Cryptocurrency mixing service, Tornado Cash, has been blacklisted in the OFAC. A lot of blockchain companies, token projects, NFT Projects have blacklisted all Ethereum addresses owned by Tornado Cash listed in the US...
Evil Corp Pivots LockBit to Dodge U.S. Sanctions
Evil Corp has shifted tactics once again, this time pivoting to LockBit ransomware after U.S. sanctions have made it difficult for the cybercriminal group to reap financial gain from its activity, researchers have found. Researchers from Mandiant Intelligence have been tracking a “financially...
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
Exploit Title: School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Trump's New Executive Order Slaps a Bandaid on Election Interference Problems
Trump’s order creates a framework to sanction foreign meddling in elections, but experts say it’s not enough...
Hacking Team Says It Always Sold 'Strictly Within the Law'
Hacking Team officials are disputing reports that the company sold its surveillance and intrusion software to oppressive regimes in countries that were under sanction. The company said it sold its products “strictly within the law and regulation as it applied at the time any sale was made.” The n...
Amid Protests, Egypt Severs Ties to Internet
Amidst growing popular protests, Egypt has been severed from the Internet, according to reports from Intenet monitors and reporters within the country. The Associated Press and Reuters both confirmed reports of widespread outtages within Egypt affecting customers of all of the country’s main ISPs...