Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 02/03/23 in all areas

  1. Raportat. Astept sa vedem ce si cum.
    1 point
  2. North Korea-linked hackers stole $1.7bn of cryptocurrency in 2022 North Korea-backed hackers stole $1.7bn (£1.4bn) of crypto in 2022, says blockchain analysis firm Chainalysis. This nearly quadruples the country's previous record for cryptocurrency theft - $429m in 2021. The loot also made up 44% of the $3.8bn stolen in crypto hacks last year, which the firm called "the biggest year ever for crypto hacking". Experts have said the country, facing heavy sanctions, is turning to crypto theft to fund its nuclear arsenal. North Korea has conducted six nuclear tests and analysts expect the seventh one this year, as the country accelerates its nuclear weapons programme under leader Kim Jong-un. Last year, Pyongyang launched a record number of ballistic and other missiles. This is despite the country's struggling economy. These hackers typically launder crypto through "mixers", which blend cryptocurrencies from various users to obfuscate the origins of the funds, the firm said. Other experts have also said that North Korea launders stolen crypto through brokers in China and non-fungible tokens (NFTs). Last month, the FBI confirmed that North Korea-affiliated Lazarus Group was responsible for a $100m crypto heist on a blockchain network called Horizon bridge last year. Overall, decentralised finance protocols, or DeFi, accounted for over 82% of cryptocurrency stolen in 2022, Chainalysis' report said. DeFi users know what will happen to their funds when they use them because smart contract codes governing these protocols are publicly accessible by default. But this transparency also makes DeFi particularly attractive to hackers, who can scan the codes for vulnerabilities and "strike at the perfect time" to maximise their loot, according to the report. David Schwed, chief operating officer at blockchain security firm Halborn, noted that DeFi developers "prioritise growth over all else", and funds that could be used to enhance security are often directed instead to rewards, in order to attract users. DeFi developers can take a leaf from traditional financial institutions in making their platforms more secure, Mr Schwed said. For instance, they can simulate different hacking scenarios to test their protocols, or design mechanisms to pause or halt transactions when suspicious activity is detected. "You don't need to move as slow as a bank, but you can borrow from what banks do," he said. Via bbc.com
    1 point
  3. Un XSS Reflected in www.apple.com. Raportul a fost acceptat. Nu sunt sigur daca o sa primesc vreo recompensa, dar am sa va zic. Issues eligible for public acknowledgment. We review all issues reported to us, and all legitimate services issues are eligible for public acknowledgement. While we request that you report all issues, the following issues are eligible for bounty reward payments only if they’re evaluated as novel or high impact based on Apple’s discretion. Open Redirects Reflected or Self XSS Bugs requiting exceeding unlikely user interaction Cross-site request forgery vulnerabilities where the only impact is logout Banner Grabbing or Service Versions without a vulnerability or PoC Rate Limiting unless credentials are able to be guessed External and Public Credential Dumps Denial of Service vulnerabilities Username enumeration unless some personal identifiable information is disclosed like email or phone number Report from automated tools or scanners where the vulnerability is not proven Expired Certificates DMARC/SPF Misconfiguration concerns Social engineering Properties that are not owned or operated by Apple Link: https://security.apple.com/bounty/categories/
    1 point
×
×
  • Create New...