746 matches found
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
Design/Logic Flaw
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
CVE-2020-14199
The CVE-2020-14199 issue is a BIP-143 signing mishandling in the Bitcoin protocol that can mislead users into producing two signatures during Segwit transactions. Affected products are Trezor One firmware before 1.9.1 and Trezor Model T firmware before 2.3.1; these devices have firmware updates t...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
PT-2020-13926
Name of the Vulnerable Software and Affected Versions: Trezor One versions prior to 1.9.1 Trezor Model T versions prior to 2.3.1 Description: The issue in the Bitcoin protocol specification, specifically BIP-143, mishandles the signing of a Segwit transaction. This allows attackers to trick a use...
Cryptocurrency Hardware Wallets Can Get Hacked Too
New research shows vulnerabilities in popular cold-storage options that would have revealed their PINs...
InfinityBlack Dismantled After Selling Millions of Credentials
The InfinityBlack hacking group, which is responsible for selling millions of stolen credentials, has been dismantled. Polish and Swiss law-enforcement authorities, supported by Europol, arrested five individuals in Poland believed to be members of InfinityBlack, on April 29. According to Europol...
New Android Malware Steals Banking Passwords, Private Data and Keystrokes
A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is...
49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified fi...
49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified fi...
Monero: Hardware Wallets Do Not Check Unlock TIme
Summary: The hardware wallet implementations using the monero wallet do not check the unlock time when signing. This allows malware on the user's computer which the hardware wallet should protect from to permanently lock-up all the user's funds if the user signs a transaction on the device with a...
CVE-2019-19771
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets...
Design/Logic Flaw
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets...
CVE-2019-19771
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets...
CVE-2019-19771
CVE-2019-19771 concerns the lodahs package (Node.js) version 0.0.1, a malware trojan masquerading as lodash that installs via mistyped npm package names and exfiltrates cryptocurrency wallets. Multiple sources (Red Hat, NVD, GHSA, OSV, CNVD, CVE lists) describe it as malware affecting Node.js env...
Malicious Package
signqle is a malicious package that finds and exfiltrates cryptocurrency wallets...
Malicious Package
scryptys is a malicious package that finds and exfiltrates cryptocurrency wallets...
Malicious Package
ripedm160 is a malicious package that finds and exfiltrates cryptocurrency wallets...
Malicious Package
riped160 is a malicious package that finds and exfiltrates cryptocurrency wallets...