This posting is here to collect cyber security news in August 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
309 Comments
Tomi Engdahl says:
Voltage Glitching Attack on AMD Chips Poses Risk to Cloud Environments
https://www.securityweek.com/voltage-glitching-attack-amd-chips-poses-risk-cloud-environments
Researchers have described a voltage glitching attack that shows AMD’s Secure Encrypted Virtualization (SEV) technology may not provide proper protection for confidential data in cloud environments.
The research was conducted by a team from the Technical University of Berlin (TU Berlin) and it was detailed in a paper published this week.
AMD CPUs vulnerable to voltage glitching attackAMD’s SEV technology — present in the company’s EPYC processors — is designed to protect virtual machines (VMs) and the data they store against insider threats with elevated privileges, such as a malicious administrator. SEV is often used in cloud environments.
Tomi Engdahl says:
https://www.mnemonic.no/blog/introducing-snicat/
mnemonic’s Morten Marstrander and Alvaro Gutierrez successfully tested SNIcat on Cisco WSA. Cisco has released an advisory, stating that multiple products are vulnerable to SNIcat, including WSA, FTD, ISAs and some versions of Snort. Official Cisco advisory in comments
Tomi Engdahl says:
Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN
Tomi Engdahl says:
Terabytes of Deleted Case Data Forces Dallas PD to Revise Policy
https://www.govtech.com/public-safety/terabytes-of-deleted-case-data-forces-dallas-pd-to-revise-policy#:~:text=A%20Dallas%20Police%20employee%20accidentally,to%20migrate%20data%20between%20servers.&text=According%20to%20an%20Aug.%2011,occurred%20before%20July%2028%2C%202020
A Dallas Police employee accidentally deleted 22 TBs of case files when trying to migrate data between servers. Officials say they’re now working to recover what they can and prevent future issues.
Tomi Engdahl says:
Health authorities in 40 countries targeted by COVID19 vaccine scammers https://www.welivesecurity.com/2021/08/18/health-authorities-40-countries-targeted-covid19-vaccine-scammers/
INTERPOL has issued a global warning about organized crime groups targeting governments with bogus offers peddling COVID-19 vaccines.
The warning was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries.
Tomi Engdahl says:
Trend-spotting email techniques: How modern phishing emails hide in plain sight https://www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/
This blog shines a light on techniques that are prominently used in many recent email-based attacks. We’ve chosen to highlight these techniques based on their observed impact to organizations, their relevance to active email campaigns, and because they are intentionally designed to be difficult to detect.
Tomi Engdahl says:
Dogged Persistence – The Name of the Game for One DDoS Attacker https://blogs.akamai.com/2021/08/dogged-persistence-the-name-of-the-game-for-one-ddos-attacker.html
DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out.
Every now and then, however, we do see extreme examples of DDoS attacker persistence. This was the case starting late last month (July 2021). What made this particular series of DDoS events notable is not only the determination, but also the attack vector sizes targeting multiple IPs across several of the customer’s subnets.
Tomi Engdahl says:
Wanted: Disgruntled Employees to Deploy Ransomware https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.
Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action https://www.zdnet.com/article/ransomware-this-amateur-attack-shows-how-clueless-criminals-are-trying-to-get-in-on-the-action/
Researchers dissect an email from an attacker asking people to help install ransomware on their company’s network for a cut of the profit.
But while this campaign isn’t very successful, it shows how appealing ransomware has become.
Tomi Engdahl says:
US Census Bureau hacked in January 2020 using Citrix exploit https://www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/
US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. “The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks, ”
the OIG said.
Tomi Engdahl says:
Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. “The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process.” The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates. Additionally, Cisco says that its Product Security Incident Response Team (PSIRT) is not aware of any public proof-of-concept exploits for this zero-day or any threat actors exploiting the bug in the wild.
Tomi Engdahl says:
New Google Chrome Security Warning: 7 Serious Flaws Confirmed https://www.forbes.com/sites/daveywinder/2021/08/19/new-google-chrome-security-warning-7-serious-flaws-confirmed/
Google has confirmed a whole new bunch of alarmingly serious security vulnerabilities in Chrome 92, just two weeks after the last batch of flaws was fixed. To the best of my knowledge, and having asked around the cybersecurity community, there is no evidence of in-the-wild exploitation of any of these vulnerabilities.
Tomi Engdahl says:
AT&T denies data breach after hacker auctions 70 million user database
https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/amp/
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.
In the past, ShinyHunters has breached numerous companies, including Wattpad, Tokopedia, Microsoft’s GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many more.
BleepingComputer reached out to AT&T to see if the data belonged to them.
In multiple emails, AT&T has told BleepingComputer that the data is not from their systems and has not recently been breached.
“Given this information did not come from us, we can’t speculate on where it came from or whether it is valid,” AT&T told us in a follow-up email.
Tomi Engdahl says:
https://thehackernews.com/2021/08/cloudflare-mitigated-one-of-largest.html?m=1
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date.
The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. “Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests,” the company noted, at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks.
Tomi Engdahl says:
https://blog.cloudflare.com/cloudflare-thwarts-17-2m-rps-ddos-attack-the-largest-ever-reported/
Tomi Engdahl says:
https://www.hackread.com/att-breach-shinyhunters-database-selling-70-million-ssn/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-just-got-worse-now-at-54-million-customers/
Tomi Engdahl says:
Friendly hackers save Ford from potential leak of employee, customer data
https://www.freep.com/story/money/cars/ford/2021/08/17/ford-data-breach-hackers/8146237002/
Tomi Engdahl says:
Remote code execution flaws lurk in countless routers, IoT gear, cameras using Realtek Wi-Fi module SDKs
Devices from 60+ manufacturers affected, says infosec outfit
https://www.theregister.com/2021/08/16/realtek_wifi_sdk_vulnerabilities/
Tomi Engdahl says:
Chinese espionage tool exploits vulnerabilities in 58 widely used websites
https://therecord.media/chinese-espionage-tool-exploits-vulnerabilities-is-58-widely-used-websites/
Tomi Engdahl says:
Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
Tomi Engdahl says:
T-Mobile customers file class action lawsuits as investigation finds 53 million affected by data breach
https://news.yahoo.com/t-mobile-customers-file-class-191223097.html
T-Mobile confirms 5.3 million more customers had their information stolen in a data breach.
Over 53 million T-Mobile customers have been affected by the cyber security attack.
Two class action lawsuits were filed against the wireless carrier as customers seek compensation.
Tomi Engdahl says:
How Hackers Use Power LEDs To Spy On Conversations 100 Feet Away
https://www.forbes.com/sites/daveywinder/2021/08/15/hackers-use-flickering-power-leds-to-spy-on-conversations-100-feet-away/
If you thought hackers being able to make use of any ordinary light bulb to spy on your conversations from 80 feet away was ingenious, wait until you see what they have come up with now.
Hackers exploit new passive attack method to eavesdrop from a distance
Security researchers from the cyber unit at the Ben-Gurion University of the Negev in Israel have a good track record of leftfield thinking regarding eavesdropping on your conversations. Forget breaching your privacy by compromising passwords to access your networks, or the use of vulnerabilities in your software or operating system. And if you thought that physical access to your smart speakers, or most any speaker, was required to listen in to the audio being transmitted, you’d be wrong there as well.
Tomi Engdahl says:
New “Glowworm attack” recovers audio from devices’ power LEDs
A new class of passive TEMPEST attack converts LED output into intelligible audio.
https://arstechnica.com/gadgets/2021/08/new-glowworm-attack-recovers-audio-from-devices-power-leds/
Tomi Engdahl says:
Miljoonista reitittimistä löytyi tietoturva-aukko – hyökkäys Kiinasta käynnistyi pian
Kiinan Wuhanista alettiin levittää reitittimiin haittaohjelmaa vain pari päivää tietoturva-aukon julkistamisen jälkeen, kertoo tietoturvayhtiö Juniper.
https://www.is.fi/digitoday/tietoturva/art-2000008180506.html
Tomi Engdahl says:
Norton and Avast are merging into an $8 billion antivirus empire
The deal comes just as ransomware is becoming a big issue
https://www.theverge.com/2021/8/11/22619667/nortonlifelock-avast-merger-deal-anti-virus-cyber-security-software
Tomi Engdahl says:
An Open Letter Against Apple’s Privacy-Invasive Content Scanning Technology
Security & Privacy Experts, Cryptographers, Researchers, Professors, Legal Experts and Apple Consumers Decry Apple’s Planned Move to Undermine User Privacy and End-to-End Encryption
https://appleprivacyletter.com/
Tomi Engdahl says:
https://www.hackerfactor.com/blog/index.php?%2Farchives%2F929-One-Bad-Apple.html
Tomi Engdahl says:
https://therecord.media/security-tools-showcased-at-black-hat-usa-2021/
Tomi Engdahl says:
Are files in the corporate cloud harmless by default?
Having a shared storage and data exchange environment can pose additional risks to corporate security
https://www.kaspersky.com/blog/owncloud-scanengine-integration/41040/
Tomi Engdahl says:
https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
Tomi Engdahl says:
https://threatpost.com/auth-bypass-bug-routers-exploited/168491/
Tomi Engdahl says:
Hackers stole at least $600M in Poly exploit across three chains
Chinese cybersecurity firm SlowMist called it “a long-planned, organized and prepared attack.”
https://cointelegraph.com/news/hackers-stole-at-least-600m-in-poly-exploit-across-three-chains
Tomi Engdahl says:
Behind the scenes: A day in the life of a cybersecurity “threat hunter”
https://www.techrepublic.com/article/behind-the-scenes-a-day-in-the-life-of-a-cybersecurity-threat-hunter/
Tomi Engdahl says:
Interview: Apple’s head of Privacy details child abuse detection and Messages safety features
Apple Privacy head Erik Neuenschwander addresses concerns about its new systems to detect CSAM
https://techcrunch.com/2021/08/10/interview-apples-head-of-privacy-details-child-abuse-detection-and-messages-safety-features/
Tomi Engdahl says:
ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups https://thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. The American cybersecurity firm SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in Chinese espionage.”
Cybercrime Group Asking Insiders for Help in Planting Ransomware https://thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies’ networks as part of an insider threat scheme. The sender tells the employee that if they’re able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom.
Tomi Engdahl says:
You can post LinkedIn jobs as almost ANY employer so can attackers https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-almost-any-employer-so-can-attackers/
Anyone can post a job under a company’s LinkedIn account and it appears exactly the same as a job advertised by a company. For example, if Google’s LinkedIn company page is vulnerable, we will be able to post a job on their behalf and add some parameters to redirect applicants to a new website where we can harvest [personal information and credentials] and what not usual tricks of social engineering. In tests by BleepingComputer, I used an unaffiliated LinkedIn account and was able to successfully publish a new job posting on behalf of BleepingComputer, almost anonymously. The job listing would appear authentic as if coming straight from BleepingComputer. It also did not show the user account that created the postingâ”an option set by the user who posts the job, rather than the employer.
Tomi Engdahl says:
Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack https://therecord.media/cloudflare-says-it-mitigated-a-record-breaking-17-2m-rps-ddos-attack/
Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service (DDoS) attack that was recorded to date. The attack, which took place last month, targeted one of Cloudflare’s customers in the financial industry. Cloudflare said that a threat actor used a botnet of more than 20, 000 infected devices to flung HTTP requests at the customer’s network in order to consume and crash server resources. Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previous volumetric DDoS attack that was ever reported in the public domain.
Tomi Engdahl says:
Cisco Small Business routers vulnerable to remote attacks, won’t get a patch https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/cisco-small-business-routers-vulnerable-to-remote-attacks-wont-get-a-patch/
In a security advisory, Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The affected routers have entered the end-of-life process and so Cisco has not released software updates to fix the problem. According to the security advisory, it seems they have no plans to do so either.
Tomi Engdahl says:
Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/08/21/urgent-protect-against-active-exploitation-proxyshell
Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021which remediates all three ProxyShell vulnerabilitiesto protect against these attacks.
Almost 2, 000 Exchange servers hacked using ProxyShell exploit https://therecord.media/almost-2000-exchange-servers-hacked-using-proxyshell-exploit/
Almost 2, 000 Microsoft Exchange email servers have been hacked over the past two days and infected with backdoors after owners did not install patches for a collection of vulnerabilities known as ProxyShell. The attacks, detected by security firm Huntress Labs, come after proof-of-concept exploit code was published online earlier this month, and scans for vulnerable systems began last week.
Tomi Engdahl says:
LockFile ransomware uses PetitPotam attack to hijack Windows domains https://www.bleepingcomputer.com/news/security/lockfile-ransomware-uses-petitpotam-attack-to-hijack-windows-domains/
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in the business. Security researchers at Symantec, a division of Broadcom, said that the actor’s initial access on the network is through Microsoft Exchange servers but the exact method remains unknown at the moment. Next, the attacker takes over the organization’s domain controller by leveraging the new PetitPotam method, which forces authentication to a remote NTLM relay under LockFile’s control. LockFile threat actor seems to rely on publicly available code to exploit the original PetitPotam (tracked as
CVE-2021-36942) variant.
Tomi Engdahl says:
Hackers swipe almost $100 million from major cryptocurrency exchange https://www.welivesecurity.com/2021/08/20/hackers-swipe-100million-cryptocurrency-exchange/
Japanese cryptocurrency exchange platform Liquid has fallen victim to enterprising hackers who compromised its warm wallets and made off with more than US$97 million in various cryptocurrency assets. “At roughly 7:50 AM SGT on August 19th, Liquid’s Operations and Technology teams detected unauthorized access of some of the crypto wallets managed at Liquid, ” reads the company’s incident report. The culprit or culprits behind the attack haven’t been identified yet; however, according to Liquid’s blog (in Japanese), the attack vector could be traced back to a compromised wallet used by its Singaporean subsidiary QUOINE.
Tomi Engdahl says:
Applen tietoja vuotanut työntekijä tuli katumapäälle Paljasti yhteisönsä jäseniä, jäi ilman minkäänlaista korvausta
https://www.kauppalehti.fi/uutiset/applen-tietoja-vuotanut-tyontekija-tuli-katumapaalle-paljasti-yhteisonsa-jasenia-jai-ilman-minkaanlaista-korvausta/8cea66c6-e206-47b6-acb3-879f856c7445
Tiedot uusista, vielä julkaisemattomista Apple-tuotteista ovat kuumaa kamaa internetissä, koska laitteet ovat niin suosittuja ympäri maailman. Siksi niistä myös maksetaan, ja moni pyrkii saamaan haltuunsa salaisia tietoja. Tietovuotajien toiminta kiinnostaa luonnollisesti myös Applea. Motherboard on julkaissut artikkelin Apple-vuotajana pitkään toimineesta Andrej umejkosta, joka päätyi toimimaan vuoden ajan Applen kaksoisagenttina vuotajayhteisössä. Mies oli ehtinyt saavuttaa jo vakiintuneen aseman vuotajayhteisössä julkaisemalla salaisia tietoja Applen laitteista ja ohjelmistoista.
Hän tuli kuitenkin katumapäälle ja alkoi jakaa yhteisön kautta saamiaan tietoja Applelle, jotta yhtiö voisi suitsia sen toimintaa vahingoittavia tietovuotajia. Vuoden kestäneen aktiivisen yhteydenpidon aikana umejko paljasti Applelle kolmen epäillysti varastettuja prototyyppilaitteita Kiinassa kaupitelleiden henkilöiden yhteystiedot ja someprofiilit. Hän myös paljasti yhtiölle Yhdysvalloissa asuvan prototyyppilaitteiden keräilijän, joka oli aktiivisesti mukana iOS 14:n hakkeroinnissa. Lisäksi hän jakoi kontakteja, jotka hän sai hakkeriyhteisössä toimivalta entiseltä Applen työharjoittelijalta. Apple ei kuitenkaan missään vaiheessa maksanut umejkolle korvausta, ja siksi mies on päättänyt puhua asiasta julkisesti. umejko oli toistuvasti pyytänyt rahallista korvausta työstään, mutta Apple ei luvannut mitään. Toisaalta hänen yhteyshenkilönsä Applella rohkaisi umejkoa jatkamaan tietojen jakamista.
Tomi Engdahl says:
Razer bug lets you become a Windows 10 admin by plugging in a mouse https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/
A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. When plugging in a Razer device into Windows
10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons. Security researcher jonhat [Joni Hatanpää] discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly. SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware.
Tomi Engdahl says:
Jopa sadoille Veikkauksen pelitileille tunkeuduttu – ”Arvioikaa salasananne” https://www.is.fi/digitoday/tietoturva/art-2000008210905.html
Tomi Engdahl says:
https://www.paloaltonetworks.com/blog/2021/08/ransomware-crisis/
Tomi Engdahl says:
https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_24/2021
Tomi Engdahl says:
GitHub Encourages Users to Adopt Two-Factor Authentication
https://www.securityweek.com/github-encourages-users-adopt-two-factor-authentication
Software repository platform GitHub is once again encouraging users to enable two-factor authentication (2FA) to better secure their accounts.
The Microsoft-owned hosting service has had support for 2FA for eight years, and is now pushing for a wider use of the feature after it stopped accepting account passwords for authenticating Git operations.
Initially announced in July 2020 and in effect starting August 13, 2021, the change requires the use of token-based authentication (personal access token, SSH keys, or an OAuth or GitHub App installation token) for all Git operations.
Following this switch, GitHub is now encouraging all of its users to enable 2FA to better protect their accounts, once again reminding them of the benefits of this feature, such as better protection against phishing and other types of attacks.
Tomi Engdahl says:
Cyberattack Forces Memorial Health System to Cancel Surgeries, Divert Patients
https://www.securityweek.com/cyberattack-forces-memorial-health-system-cancel-surgeries-divert-patients
Tomi Engdahl says:
Over 600 ICS Vulnerabilities Disclosed in First Half of 2021: Report
https://www.securityweek.com/over-600-ics-vulnerabilities-disclosed-first-half-2021-report
More than 600 vulnerabilities affecting industrial control system (ICS) products were disclosed in the first half of 2021, according to industrial cybersecurity firm Claroty.
The existence of 637 ICS flaws affecting the products of 76 vendors was brought to light in the first six months of 2021, and more than 70% of them have been assigned critical or high severity ratings. In comparison, only 449 vulnerabilities were disclosed in the second half of 2020.
An analysis conducted by Claroty showed that a vast majority of the security holes disclosed in H1 2021 do not require special conditions for exploitation, three-quarters do not require any privileges, and two-thirds can be exploited without user interaction.
Tomi Engdahl says:
Hackers Steal $97 Million from Japanese Crypto-Exchange Liquid
https://www.securityweek.com/hackers-steal-97-million-japanese-crypto-exchange-liquid
Japanese cryptocurrency exchange Liquid on Thursday announced it fell victim to an attack that resulted in large amounts of crypto-currency assets being stolen.
Liquid announced that hackers were able to compromise its warm wallets, stealing various amounts of Ethereum, Bitcoin, Stablecoins, Ripple, and other tokens.
“We are sorry to announce that #LiquidGlobal warm wallets were compromised, we are moving assets into the cold wallet. We are currently investigating and will provide regular updates. In the meantime deposits and withdrawals will be suspended,” Liquid said in a statement.
https://twitter.com/Liquid_Global/status/1428176357515612165