It is estimated that 587 wallets with around 513,774.16 ethers have been frozen after an anomaly in one of Ethereum’s most important wallets was detected. Parity Technologies, a company focused on the development of software specialized in peer-to-peer solutions, published the security alert on November 8, stating that they had detected a vulnerability in the Parity Wallet library contract of the standard multi-sig contract. Specifically, the company considers that those affected are those users with assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July.
Following the fix for the original multi-sig vulnerability that had been exploited on 19th of July, a new version of the Parity Wallet library contract was deployed on 20th of July. Unfortunately, that code contained another vulnerability which was undiscovered at the time – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function.
The company, in its last communication published yesterday, states that this is a learning opportunity (albeit a painful one) for our company, for our collaborators and the community that stands with us. There have been discussions within Parity and across the open source community for a while now on how to build better and more secure systems. After all security incidents that cryptocurrency users have suffered in recent years, there is only one thing that is clear: without security, there will be no transformation with the new payment methods.
More information at Parity Technologies
Critical Tor Flaw Leaks Users’ Real IP Address
Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users’ IP addresses when they visit certain types of addresses. TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file://. When the Tor browser for macOS and Linux is in the process of opening such an address, “the operating system may directly connect to the remote host, bypassing Tor Browser,” according to We Are Segment, the security firm that privately reported the bug to Tor developers.
More information at We Are Segment
APT28 Used Microsoft Office DDE Exploit Since October
Cybercriminals have started actively exploiting a newly discovered Microsoft Office vulnerability. This DDE attack technique has been found leveraging by an Advanced Persistent Threat (APT) hacking group—APT28 since October. The campaign involved documents referencing the recent terrorist attack in New York City in an attempt to trick victims into clicking on the malicious documents, which eventually infects their systems with malware.
Rest of the Week´s News
Bill to Formalize the Election System as Critical Infrastructure
A Senate bill would put the power of legislation behind much of the government’s election security work during the past year and would establish a national competition for hacking election systems. The Securing America’s Voting Equipment Act, or SAVE Act, would formalize the Homeland Security Department’s designation of election systems as critical infrastructure, a move that makes it easier for the federal government to share cyberthreat information with state election officials.
IEEE P1735 Implementations May Have Weak Cryptographic Protections
The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext intellectual property. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain such information even without the key, among other impacts.
Vault 8: WikiLeaks Releases Source Code For Hive
Wikileaks announced yesterday a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers. Hive’s infrastructure has been specially designed to prevent attribution, which includes a public facing fake website following multi-stage communication over a Virtual Private Network (VPN).
Built-in Keylogger Found in MantisTek GK2 Keyboards
More information at The Hacker News
SowBug Cyber-Espionage Group Stealing Diplomatic Secrets Since 2015
AVGater Attack Abuse Quarantine Vulnerabilities for Privilege Escalation
More information at Security Affairs