Airzero Sec

We Do Not Give Up ! Trust US !

Introduction

With the demand for next-generation financial technology newly increasing, there have been functional analyses on blockchain for the safe use of electronic cash by sharing solely between counterparts and without the involvement of third parties. A blockchain is a public ledger for commerce and it prevents hacking during trades involving virtual cash. As a kind of distributed database and a data form list that constantly grows, it is planned to undermine arbitrary tampering by the operator of dispersed peers. Trade records are encrypted according to a rule and used in computers that operate the blockchain software. Using blockchain can supply higher protection reached to storing all data in the main database. In the data storage and control aspect, injury from attacks on a database can be controlled. Moreover, since the blockchain has an exposure point, it can provide clarity in data when used in a space demanding the disclosure of data. Due to such powers, it can be used in different places including the economic sector and the Internet of Things domain and its applications are predicted to grow. The blockchain completes a trade record through the work authentication technique when someone who lends electronic cash forms a league by connecting the trades over the network. The hash value is then caused by confirming it and joining the last block. This block is sometimes updated and remembered on the electronic cash transaction parties to communicate the most delinquent transaction detail block. This approach delivers protection for the transaction of electronic cash and permits the use of a dedicated mechanism. Cloud computing has been used in many IT conditions due to its efficiency and availability. Moreover, cloud security and solitude issues have been examined in terms of critical security elements: confidentiality, integrity, authentication, access control, and so on.

In this study, we aspire to explore the description and base technology of blockchain and survey the direction of investigations to date to discuss places to be studied, considering cloud computing domains. In addition, we examine the reviews for blockchain protection and security solutions in components. This study of blockchain technology surveys the blockchain by studying generic technology and research directions and discusses the explanation for using bitcoin safely as well as future study areas. The outcomes of this study can act as important base data in examining blockchain and will aid in comprehending the known safety problems thus far. We can foster the growth of prospective blockchain technology by comprehending the trend of blockchain protection. The rest of this analysis is arranged as follows. later, we discuss related works including the fundamental idea of blockchain and bitcoin as a use case. Later explains a precise discussion and survey on the security cares for blockchain including the settlement of blockchain, the security of transactions, the protection of wallets, and the security of software. Later we discuss blockchain protection case studies—authentication, security happenings, and 51% attack—and enhance the blockchain.

Related Works

In this section, we examine the fundamental concept of blockchain and the current research. We also study the exact use of blockchain in bitcoin.

Blockchain

A blockchain is a technology that permits all associates to maintain a ledger including all transaction data and to update their ledgers to maintain integrity when there is a new transaction. Since the promotion of the Internet and encryption technology has created it feasible for all components to confirm the trustworthiness of a transaction, the single point of failure emerging from the dependence on an authorized third party has been translated.

Bitcoin

Bitcoin is the digital currency presented by Satoshi Nakamoto in 2009 to authorize transactions between peers without central control or a server to give and manage the currency. Bitcoins are sold with the P2P-based dispersed databases established on public-key cryptology. Bitcoin is one of the first performances of cryptocurrency in 1998. The bitcoin trade announcement is revealed over the network such that all peers can prove it and so money distribution is limited. The peers experiencing in the network have the same blockchain and the transaction data are held in blocks in the same way as the distributed storage of transaction data Although there are many dangers concerned in electronic transactions, bitcoin can be technically executed to cope with them. For example, an individual attempting to cause a falsified ticket record from another individual statement to his or her own account can be secured by securing it with the sender’s personal key. If numerous parties plan to use a bitcoin at the same time, the chain that loses in the match between peers will be destroyed.

Consideration for Blockchain Security: Challenges

Blockchain technology has been executed or learned as cyber money and is really used. Note, however, that extra security problems arising in blockchain contracts, transactions, wallets, and software have been reported. This report checks the signals of security problems presented to date and the security level of the current blockchain. We believe this shot is very important as the results can act as base data for planning future blockchain technology and improving security.

Settlement of Blockchain

Although there should only be one blockchain since it is the sequential connection of developed blocks, a blockchain may be divided into two because the two most offender blocks can be generated temporarily if two distinct peers increase in mining the solution for creating the block at the same time. In such a matter, the block that is not set as the belated block by the majority of peers in the bitcoin web to restart mining will become meaningless. In other words, bitcoin will keep the bulk of peers who have 50% or more mining ability. Therefore, if an assailant has 51% mining ability, a “51% Attack”, wherein the attacker has control of the blockchain and she can include falsified transactions, can be a problem.

Security of Transaction

Since the script used in inputs and outputs is a programming language with flexibility, other transaction forms can be made using such a bitcoin contract is a form of using bitcoin for the existing authentication and economic service. Widely used form problems making the contract using the script that has a considerable-signature procedure called multisig. Although the scripts are utilized to translate a wide range of bitcoin problems, the case of the improperly configured transactions has also increased as the complexity of the script increases. A bitcoin using an improperly configured locking writing is pitched since nobody can use it as the unlocking script cannot be created. To this end, there are studies that offer examples of bitcoin contract-type trades to confirm the accuracy of a script used in a transaction.

Security of Wallet

The bitcoin address is worth a public key encoded with a group of public and private keys. Therefore, the locking writing of a bitcoin transaction with an oration as work can be unlocked with a script that has the agreement signed with the public key of the speech and the personal key. The bitcoin wallet accounts report such as the private key of the analysis to be used for unlocking script. It suggests that failure of data in the wallet reveals a loss of bitcoin since the data is required for using the bitcoin. Therefore, the bitcoin wallet has evolved the primary subject of bitcoin aggression through hacking.

Security of Software

The bug of the software used in bitcoin can be needed. Although the official Bitcoin Developer Documentation site clearly explains all bitcoin operations, the bitcoin core software is always useful as the connection since the complicated methods of the early bitcoin invention have been established through the software managed by Satoshi Nakamoto. Nonetheless, even the bitcoin core software, which must be more reliable than anything, is not Positive from the issue of software malfunction such as bugs. The most superior software bug is the CVE-2010-5139 vulnerability that appeared in August. Due to the bug yielded by integer overflow, an invalid transaction wherein 0.5 bitcoin was introduced as 184 trillion bitcoin was formed in a normal block, and the matter was not settled until 8 h later. Moreover, there was a bug where a union processed in version 0.8 was not processed in version 0.7 as the database was changed from BerkeleyDB to LevelDB since the bitcoin performance of the bitcoin core was elevated from 0.7 to 0.8. It caused the peers of version 0.7 and equivalents of version 0.8 to have additional blockchains for 6 h. Both of these problems are cases showing that the widespread belief in the safety of bitcoin trades of a block is having significant depth after some time and can be threatened by a software bug.

Blockchain Security Case Studies

The demand for the security of bitcoins established on the blockchain has grown since hacking cases were reported. Mt. Gox, a bitcoin interaction established in Tokyo reported losses of USD 8.75 million due to hacking in June 2011, and bitcoin wallet assistance InstaWallet reported losses of USD 4.6 million due to hacking in April 2013. In November of the same year, anonymous marketplace Sheep Marketplace was compelled to shut down after someone stole USD 100 million worth of bitcoins. Mt. Gox, which had already mourned losses due to hacking, again conveyed losses of USD 470 million due to hacking in February 2014 and subsequently pointed for bankruptcy. The problems persisted, with the Hong Kong-based bitcoin exchange Bitfinex reporting failures of USD 65 million due to hacking in August 2016. These problems have introduced awareness of the necessity for protection. There have been studies on the safety of blockchain to overcome such safety problems and many reports have been published. In particular, since blockchain is the generic technology of cyber money, the impairments can be deep in cases of misuse and tries to steal cyber money occur repeatedly. Therefore, it seems very influential to comprehend the attack cases known so far and to have out inquiries to draw up countermeasures.

Authentication

An essential part of blockchain security is security connected to the personal key used in encryption. An attacker takes out different attempts to access a user’s personal key held in the user’s computer or a smartphone in order to hack the bitcoin. The assailant will install malware on the computer or smartphone to leak the user’s private key and use it to hack the bitcoin. Some studies have suggested a hardware token for the support of a transaction to cover the personal key. Other studies indicated strengthened authentication standards for the storage unit including the bitcoin. Two-factor authentication is supposed to be the greatest method for supporting authentication.

Security Incidents

With more people using bitcoins, chances of malware and malicious codes targeting bitcoins have also been live reported. Malware can hack bitcoins by contaminating computers. To translate such a situation, a PC security key must be established to catch malicious code. One recently found negative code looted game reports and can be used for stealing the bitcoin accounts. With more bitcoins being utilized for the cash trade of online game items, safety steps to cope with it are required. The Distributed Denial of Service spell floods the targeted server with superfluous demands to overload the system and control the condition of normal service to other users. Thus, it can control the users of blockchain from obtaining assistance. DDoS attacks contain the bandwidth-consuming attack that surpasses the bandwidth of all systems using the same network and the PPS-consuming attack that causes inner system failure or the denial of assistance to other servers in the same network. The http-flooding attack transfers a large number of http packets to a targeted server to cause the rejection of the service. Since the bitcoin service must be always provided to the users, countermeasures to DDoS attacks are needed

51% Attack

In bitcoin conditions, a 51% attack alters and manufactures 51% of the registers simultaneously. Thus, it is a very hard attack to blend. The assailant must have 51% or more calculating ability of all users, deliberately cause two branches, and place the targeted branch as the fair blockchain. To solve the issue, an intermediate confirmation process must be delivered to stop such tampering a race attack causes hundreds of trades and transmits them to numerous users when a fair transaction is sent. Since many users are possible to think the shared transaction to be legitimate, failures can be supported if 51% of users modify the ledger. In a Finney attack, an attacker causes a block having altered data and brings out the attack with it. Such aggression can be stopped when the attack mark sets the trade-in standby mode until block confirmation.

Improved Blockchain

Since the current payment system is very difficult and transaction facilitators are spread, the points targeted by security attacks are growing. A user planning to trade money will pay an annual membership fee to obtain a card and use it to buy goods or use services. The customer’s bank and the merchant’s bank interact with each other to recompense the fee and a shop planning to use the card accepts it from a bank and uses it for the acquisition of goods and services. A simplification of transactions is needed since more people use smartphones to purchase goods or services.

Secure Blockchain Solutions in Cloud Computing

If the user details are disclosed in the cloud computing environment, monetary and psychological Injuries can occur due to the leak of users’ sensitive data. The security of the protection and transmitting data, such as confidentiality and probity, in the cloud computing environment, is particularly studied. However, analyses on privacy protection and obscurity are not sufficient. Blockchain is a usual technology for providing anonymity. If connected with the cloud computing environment, blockchain can be elevated to a convenient service that equips stronger security. User anonymity can be provided if the blockchain method is used when saving user data in the cloud computing environment. An electronic wallet is installed when using blockchain technology. If the electronic wallet is not correctly deleted, the user data can be left behind. The remaining user data can be used to think about the user information. To crack this problem, we propose a solution that installs and deletes the electronic wallet securely.

The blockchain is used to remove the data of the user who uses cloud computing. The electronic wallet is securely released by transmitting the finished message. The leak of user data can be controlled only when the electronic wallet is fully removed. Even though many existing studies have been conducted on the blockchain protocol, a process for removing the electronic wallet ultimately is given to provide user anonymity and privacy protection. We reached the process with existing studies in terms of confidentiality, integrity, anonymity, privacy protection, and residual data protection. Confidentiality statements if the data is leaked to unauthorized peers, whereas goodness checks if the data used in transactions are limited or falsified without sanction during transfer or hold. Anonymity must ensure that the peer implicated in a transaction is not identifiable. Privacy guard protects the personal statement of peers experienced in the transaction, whereas residual transmission protection checks the safe expulsion of user data at the time of trade stop and program removal.

Conclusion

A blockchain has eliminated the need for a server, eliminating the need for a central authority, and has accelerated transactions by participants collectively storing transaction records and, finally, approving transactions using P2P network technology. The blockchain has a distributed structure and makes use of the peer network as well as the computing resources of peers. To increase the security of blockchain, technical measures such as proof of labour and proof of stack are enforced. Despite the fact that the security of the blockchain is constantly being improved, issues have continued to be rumoured, and there are active security studies. An aggressor makes numerous attempts to gain access to a user's private key stored on the user's computer or a smartphone in order to hack the bitcoin. There are studies on using a secure token or securely storing it to protect the private key. Throughout this study, we will refer to blockchain technology and connected devices and examined the trend of studies thus far to discuss additional areas to be studied Several current issues must be addressed before using blockchain in a cloud computing environment. Even now, blockchain raises several issues, such as the security of transactions, wallets, and packages, and numerous studies are being conducted to address these issues. When utilizing blockchain in a cloud computing setting, the obscurity of user data should be ensured, and the user data should be completely deleted once the service is removed. If the user data is not deleted but instead remains, the user data is frequently guessed from the remaining data. As a result, this study mentioned the security strategy of presenting a technique of secure blockchain use and removal protocol. Given the environment in which a massive amount of data is transmitted, it appears that studies on potency, in addition to security, are required.

If you have any doubt about the topic. Don’t hesitate to contact us Airzero sec will be your digital partner.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Malware can infect your Android phone in the same way that it can infect your computer. It slows down your system and causes glitches that make it difficult to use your phone. To protect your phone and yourself, you must act quickly. There are steps you can take to remove malware and protect your phone in the future, whether you downloaded an infected app or visited a corrupted website.

How to Get Rid of Malware and Viruses?

The initial step is to locate the malware on your phone. We'll show you how to do it, and then we'll give you some protection options, as well as antivirus apps you can use to restore your phone's health and keep it safe in the future.

Step 1: Turn off the computer until you have determined the specifics.

Once you've determined that your phone has been infected with malware, hold the power button down and turn the phone off completely. It will not prevent the malware from causing damage, but it will prevent the problem from worsening and may halt ongoing malware attempts to access nearby networks.

Shutting down also gives you time to reflect and conduct research. Do you know which infected app installed malware on your device? Do you know what other software it may have downloaded without your permission? If not, switch to a different computer and look up your symptoms (along with any new apps you tried out) to narrow down the problem. You can't remove an app if you can't find it at the source of the problem.

Step 2: While working, switch to safe/emergency mode. When you restart your device and attempt to isolate the problematic app, go into safe mode first. This will help to limit the amount of damage the infected app can cause.

Step 3: To enter safe mode on most Android devices, hold down the power button for a few seconds while the device is turned on, then tap and hold the Power off option.

Step 4: This should bring up a few power options, including a Reboot to safe mode option.

Select this mode and wait for your phone to reboot before proceeding. If you can't find a safe mode, use aeroplane mode to disconnect your device from all networks. That option is usually at the top of your notifications shade.

Note: If you can't figure out what's causing your malware problem after downloading a security app, don't tinker. Consult a professional to determine whether you should wipe your phone. This is a good strategy if ransomware, which is becoming more common, takes control of your phone and prevents you from doing anything.

Step 5: Navigate to Settings and locate the app.

On your Android device, go to Settings. Settings are typically represented by a gear-shaped icon, but this varies depending on your themes and arrangement: If you're having trouble finding it, look for it.

Step 6: In Settings, scroll down to the Apps section and click it. Look for a list of all your current apps — you may need to select App Manager to see the entire list.

Step 7: Once there, scroll down until you find the infected app that is causing your issues.

Step 8: Select the app, and you should be able to uninstall, force close, or force stop it (often, you cannot uninstall core apps, only disable them, but these apps are unlikely to be the problem).

Step 9: Select Uninstall to delete the infected app and anything else suspicious, and your Android device should remove the app in question. It's also a good idea to go through your app list and uninstall any suspicious downloads — if you haven't looked through this list before, you might be surprised at some of the strange things your device has on it.

What should you do if you are unable to uninstall the app?

In some cases, you will be unable to uninstall the problematic app. In fact, the option to delete may not exist at all. Instead, you'll see Disable on the menu, and that'll be the end of it. An app with superpowers (and potentially dangerous malware or ransomware) can gain access to your administrator settings. The app may have granted itself administrative privileges in order to protect itself from deletion.

Step 1: Simply return to the original Settings menu and scroll down to Lock Screen and Security (or a similar corresponding section).

Step 2: In the Security menu, look for a tab labeled Phone (Device) Administrators. Keep in mind that depending on the hierarchy of your security menu, you may need to go to Other security settings first. You should be able to find the setting that allows the malware to camp out in Phone Administrators.

Step 3: After that, all you have to do is tweak the settings and you can finally delete the app.

Get some Malware Protection

It's a good idea to give each Android device plenty of security and malware protection, and it's especially important to install antivirus software if you've had bad luck with questionable apps in the past. After you have manually deleted the app that is causing you problems, you will need to increase the overall security of your phone.

Fortunately, there are plenty of security apps available. Rather than downloading multiple apps that only do one or two things, look for a security app that has all of the features you need in one. A good security app will be able to delete junk or spam files, scan for viruses, and keep your data safe. Some apps have options to automatically delete any questionable software.

We recommend Safe Security, AVG Antivirus, or Avast Antivirus, all of which can be downloaded from the Google Play Store. In addition, we have a comprehensive guide to Android security and antivirus recommendations. You'll notice that your device performs better overall once you've downloaded proper malware protection.

Remember to always keep your software up to date with the latest version. Your devices should do this automatically, but you can manually check for updates on a regular basis. Your phone will be far more vulnerable to attack if you do not perform regular software updates. If you have any doubt about the topic. Please contact us. Airzero sec will be your security partner.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

PhoneSpy can steal important data, obtain the full list of installed apps, record audio, and video in real-time, extract device information, and even grant remote access to the device. In 23 apps, malware that spies on Android devices have been discovered. This Android malware, known as PhoneSpy, has been active in the US and Korean markets. One ray of hope is that none of the infected apps were available on Google Play.

PhoneSpy can steal critical data such as images, call logs, contacts, and messages, as well as get the full list of installed apps, record audio and video in real-time "The app has the ability to uninstall any user-installed applications, including mobile security apps." The malicious actors have real-time access to the device's precise location, all without the victim's knowledge. "The spyware also allows the threat actor to use phishing pages to harvest Facebook, Instagram, Google, and Kakao Talk credentials," the agency said in a statement.

To stay safe from such malware, users should never install apps from untrusted sources on their phones. In addition, never click on links or download attachments sent in suspicious emails or messages.

Airzero Sec is at the cutting edge of security technology, supporting you in conquering the most complex security challenges. If you have any questions, please contact us.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

The most recent WordPress security update corrects a number of issues. WordPress's developers have released a security-focused update that fixes four major security problems in the content management system. WordPress 5.8.3 explicitly addresses cross-site scripting (XSS) and SQL injection vulnerabilities in WordPress versions 3.7 to 5.8. The first is a fix for a stored XSS through post slugs vulnerability found by SonarSource's Karim El Ouerghemmi and Simon Scannell. "We uncovered and reported a stored XSS vulnerability in WordPress that might allow an authenticated attacker to inject a JavaScript payload into post slugs," El Ouerghemmi told The Daily Swig. Bugs such as XSS and SQL injection.

"After infecting the administrative dashboard, this payload might be used to steal administrator accounts and undermine the installation." "We disclosed the issue more than three years ago, and we're delighted to see it's been addressed," El Ouerghemmi continued. Next Tuesday, SonarSource aims to publish the technical specifics of this vulnerability in a blog post, along with information on how it may have been exploited without requiring any user credentials if an older version of the widely used plugin is installed. Separately, Simon Scannell of SonarSource identified a problem with "object injection in some multi-site deployments," which was also fixed with the WordPress 5.8.3 release.

The same version addresses a SQL injection vulnerability in WP_Query found by GiaoHangTietKiem JSC's ngocnb and khuyenn and reported through Trend Micro's Zero Day Imitative (ZDI) program.

The ZDI was contacted for comment by the Daily Swig. We haven't heard anything yet, but we'll keep you updated as more information becomes available. WordPress 5.8.3 is a security-focused interim version that doesn't include any new features or functionality.

Airzero Sec is at the forefront of security innovation, assisting you in overcoming the toughest security difficulties. Please contact us if you have any queries about the recent WordPress security update that resolves XSS and SQL injection issues.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

With the arrival of 2022, ransomware operators are back in business. It had only been a week into the new year when investigators administered a notification about the newly discovered Lapsus$ ransomware.

What's the latest?

  • During the New Year's holiday, Impresa, Portugal's largest media conglomerate, was infected with the new Lapsus$ ransomware.
  • The gang claimed responsibility for the attack by defacing all Impresa websites with a ransom note.
  • The attack, however, had no effect on radio or cable television broadcasts.
  • While the company has reclaimed control of many of its impacted sites, the gang claims to still have access to company resources.

The overall picture

  • The Lapsus$ group had hacked several other organizations since its discovery in December 2021.
  • This included an attack on the websites of Brazil's Ministry of Health, which resulted in the loss of COVID-19 vaccination data for millions of citizens.
  • Claro and Embratel, two South American telecommunications companies, were the other two victims.

In conclusion

For cybercriminals, ransomware is a lucrative business. It's working and it's paying off. With each passing year, threat actors become more creative in their extortion and propagation techniques, posing a significant threat to organizations. Instead of becoming a sitting duck for such threats, organizations must strengthen their cybersecurity posture by implementing a robust backup process and detection measures for malicious activities.

Airzero Sec is leading the way in innovation to help you overcome your most difficult security challenges. If you have any questions about newly discovered Lapsus$ ransomware targets, please contact us.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

On infected PCs, Trojanized Telegram chat app installers are being used to disseminate the Windows-based Purple Fox backdoor.

According to recent research from Minerva Labs, the attack differs from other types of intrusions that often exploit legitimate software to deliver harmful payloads.

"By separating the attack into considerable little files, the majority of which had very low detection speeds by engines, with the last stage leading to Purple Fox rootkit infection," said researcher Natalie Zargarov.

Purple Fox was identified in 2018 and possesses rootkit characteristics, allowing it to elude detection by being planted outside the reach of security solutions. In a March 2021 study, Guardicore described its worm-like propagation function, which allows the backdoor to proliferate faster.

Then, in October 2021, Trend Micro researchers uncovered FoxSocket, a.NET implant used in conjunction with Purple Fox to interact with its command-and-control (C2) servers using WebSockets for a more secure method of communication.

The researchers concluded, "Purple Fox stays on impacted systems longer and delivers extra payloads."

Finally, in December 2021, Trend Micro revealed the Purple Fox infection chain's later stages, which include targeting SQL databases by inserting a malicious SQL common language runtime (CLR) module to gain a steady and stealthier performance and eventually abusing SQL servers for illicit cryptocurrency mining.

Minerva identified a new attack chain that starts with a Telegram installer file, an AutoIt script that drops a legal Telegram installer, and a malicious downloader called "TextInputh.exe," which is used to download next-stage malware from the C2 server.

Following that, the downloaded files disable antivirus engine processes before moving on to the last stage, which involves downloading and executing the Purple Fox rootkit from a now-defunct remote server.

"We detected a huge number of malware installers that used the same attack chain to deploy the same Purple Fox rootkit version," Zargarov added.”The attack's beauty is that each stage is segregated into its own file, leaving it unusable without the complete file set."

Every business faces daunting challenges when it comes to protecting its assets:

  • Threats that are new and evolving

  • Regulations governing privacy and compliance

  • The increased risk associated with digital transformation

With hundreds of point-solution dealers and cheap, inadequate tools, companies face a cyber security dilemma that can only be solved by a truly integrated cyber defense.

Airzero Sec is driving innovation to assist you in overcoming your most difficult challenges. If you have any questions about the fake telegram messenger app. Contact us through the given email.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

A team of researchers from the University of California, Santa Barbara, has demonstrated a "scalable technique" for vetting smart contracts and mitigating state-inconsistency bugs, uncovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process.

Smart contracts are programs that are stored on the blockchain and are automatically executed when predetermined conditions are met based on the agreement's encoded terms. They enable anonymous parties to carry out trusted transactions and agreements without the need for a central authority.

In other words, the code is intended to be the final arbiter of "the deal" that it represents, with the program controlling all aspects of execution and providing an immutable evidentiary audit trail of transactions that are both trackable and irreversible.

This also implies that vulnerabilities in the code could result in significant losses, as evidenced by hacks against the DAO and, more recently, MonoX, in which adversaries exploited loopholes to illicitly syphon funds, a scenario that could have disastrous consequences given the burgeoning adoption of smart contracts in recent years.

"Because smart contracts are not easily upgradeable, auditing the contract's source prior to deployment and deploying a bug-free contract is even more important than in the case of traditional software," the researchers wrote in a paper.

Enter Sailfish, which aims to detect state inconsistency vulnerabilities in smart contracts that allow an attacker to tamper with transaction execution order or take over control flow within a single transaction (i.e., reentrancy).

The tool operates as follows. Given a smart contract, Sailfish converts it into a dependency graph, which captures the control and data flow relations between storage variables and smart contract state-changing instructions, and uses it to identify potential flaws by defining hazardous access, which is implemented as graph queries to determine whether two different execution paths, at least one of which is a write operation, operate on the same storage variable.

The researchers tested Sailfish on 89,853 contracts obtained from Etherscan, discovering 47 zero-day vulnerabilities that could be exploited to drain Ether and even corrupt application-specific metadata.

This also includes a vulnerable contract implementing a housing tracker that could be abused in such a way that a homeowner could have multiple active listings. The study's findings will be presented at the IEEE Symposium on Security and Privacy (S&P) in May 2022.

This is not the first time that academics have been drawn to problematic smart contracts. In September 2020, Chinese researchers created a framework for categorizing known vulnerabilities in smart contracts, with the goal of providing a detection criterion for each bug.

Airzero Sec's cybersecurity experts have worked on a wide range of projects for a number of well-known companies for many years. Use our previous experience to your advantage, whether it's to assist you in getting there or to perform technical tests. If you have any doubts about the aforementioned issue, please contact us. Please do not hesitate to get in touch with us.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Microsoft has issued a warning about continuous attempts by nation-state adversaries and commodity attackers to use security holes in the Log4j open-source logging platform to spread malware on vulnerable computers.

"Exploitation shots and testing have remained high over the closing weeks of December," according to revised guidance published earlier this week by Microsoft Threat Intelligence Center. "We've seen a number of living attackers incorporate these vulnerabilities into their existing malware kits and methods, ranging from coin miners to hands-on-keyboard attacks," says the researcher.

The Apache Software Foundation formally revealed the remote code execution (RCE) vulnerability in Apache Log4j 2, dubbed Log4Shell, on December 10, 2021, and it has since emerged as a new attack vector for a number of threat actors.

Four more vulnerabilities in the utility were discovered in the weeks after that — CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, and CVE-2021-44832 — allowing opportunistic bad actors to maintain persistent control over the compromised machines and mount an evolving collection of attacks going from cryptocurrency miners to ransomware.

Efforts are being made to circumvent string-matching detections by obfuscating the malicious HTTP requests staged to build a web request log using Log4j that utilizes JNDI to complete a submission to the attacker-controlled site, even as mass scanning attempts continue unabated.

"Rapid approval of the exposure into living botnets like Mirai, past efforts targeting susceptible Elasticsearch servers to deploy cryptocurrency miners, and activities distributing the Tsunami backdoor to Linux systems," according to Microsoft. Additional remote access toolkits and reverse shells, such as Meterpreter, Bladabindi (aka NjRAT), and habitsRAT, have been delivered via the Log4Shell vulnerability.

"Clients should consider the general availability of exploit code and scanning capabilities to be a simple and present threat to their environments at this time," MSTIC warned. "Because of the massive number of vulnerable software and services, as well as the rapid pace of progress, remediation is projected to take a long time, needing continued, long-term attention."

The news comes as the US Federal Trade Commission (FTC) issued a statement warning that it "intends to use its full legal authority to pursue companies that fail to take appropriate steps to safeguard customer data from exposure as a result of Log4j, or equivalent is known vulnerabilities in the future."

For many years, Airzero Sec's cybersecurity experts have worked on a variety of projects for a number of well-known companies. Take advantage of our previous experience, whether it's to aid you in getting there or to undertake technical tests. If you have any doubt about the above topic. Don’t hesitate to contact us. Airzero Cloud will be your digital companion.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

PYSA, which has surpassed the Conti ransomware gang, has found success with government-sector attacks.

PYSA, also known as Mespinoza, has reached Conti as the leading ransomware threat group in November. It joined the ranks of Lock bit, which has dominated the space since August.

According to NCC Group's November ransomware insights, PYSA increased its market share with a 50% increase in the number of targeted organizations, including a 400% increase in attacks against government-sector systems.

Double-Extortion and Beyond

PYSA frequently uses double-extortion against its marks, exfiltrating and encrypting data before threatening to publicly publish the data if the victim does not pay the ransom.

The FBI issued a special alert about PYSA's focus on the education sector in March, warning schools to be on the lookout for phishing lures and brute-force Remote Desktop Protocol attacks as initial-access techniques.

Everest Changes Tactics to Sell Early Access

According to NCC Group, the Russian-language ransomware positioned Everest is getting its extortion tactics to the next level, threatening to sell off access to targeted systems if their demands are not met.

According to NCC Group, Everest would sometimes skip the ransom demand entirely and instead focus on selling access. Analysts are keeping a close eye on this to see if it sparks a new trend among other groups.

"While ransomware-as-a-benefit has grown in favour in the last year, this is an example of a group preceding a ransom demand and rather of delivering access to IT infrastructure – but we may witness copycat aggression in 2022 and beyond," the report said. According to the NCC Group, the regions with the most attacks are North America and Europe.

Conti is making a comeback.

Meanwhile, the Russian-language group Conti's prevalence fell by 9.1 percent. However, the threat group is expected to make amends in December by announcing that it was the first professional ransomware attacker to develop a full weaponized attack chain against the Log4Shell vulnerability.

According to an advance report from last week, Conti's advantage is its size: The organization "plays a unique role in today's threat landscape, owing to its size."

Airzero Sec's Cybersecurity experts have been working on a variety of projects for a number of well-known organizations for many years. Use our prior experience to your advantage, whether it's to assist you in getting there or to conduct technical tests. If you have any concerns about PYSA emerging as the leading ransomware actor, please contact us. Airzero Sec will be your companion.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

According to researchers, attackers are spreading the harmful Echelon info stealer, which steals credentials for cryptocurrencies and other user accounts, using the Telegram handle "Smokes Night."

Attackers are employing the Echelon info stealer to target Telegram users' crypto-wallets in an attempt to swindle new or naïve users of a cryptocurrency discussion channel on the messaging network, according to researchers.

According to an inquiry posted on Thursday, researchers from SafeGuard Cyber's Division Seven hazard analysis section identified a sample of Echelon in a cryptocurrency-focused Telegram chat in October.

The malware used in the campaign is set to rob certificates from a variety of messaging and file-sharing platforms, such as Discord, Edge, FileZilla, OpenVPN, Outlook, and even Telegram itself, as well as cryptocurrency wallets, such as AtomicWallet, BitcoinCore, and ByteCoin.

The effort was a "spray and pray" operation, according to the report: "Based on the malware and the way in which it was released, SafeGuard Cyber believes it was not part of a coordinated campaign and was merely targeting new or inexperienced users of the channel."

Researchers decided that assailants tried to spread Echelon on the channel utilizing the handle "Smokes Night," although it's unclear how effective they were.

"The post seemed not to be a reaction to any of the surrounding posts in the channel," they stated.

Other users on the track, they assert, did not seem to detect anything strange or respond to the message. According to the researchers, this does not mean that the malware did not reach consumers' devices.

"We did not notice anyone answer to 'Smoke Night' or whine about the file," they said, "but this does not rule out the possibility that channel members were infected."

Cybercriminals have taken advantage of Telegram's popularity and large attack surface by distributing malware on the platform via bots, rogue accounts, and other methods.

Malware Analysis

The Echelon credential thief was furnished to the cryptocurrency channel via a.RAR file called "present).rar," which contained three files: "pass – 123.txt," a benign text document containing a password; "DotNetZip.dll," a non-hostile type library and toolset for manipulating.ZIP files; and "Present.exe," the malicious executable for the Echelon credential stealer.

The.NET payload also contains obfuscation utilizing the open-source ConfuserEx program, as well as two anti-debugging capabilities that promptly terminate the process if a debugger or other malware analysis tools are identified.

Researchers were able to decode the code and look inside the Echelon sample that was sent to Telegram channel subscribers. According to the researchers, they identified domain detection, which implies the sample would try to steal data from any domain that the victim has visited. A detailed list of platforms that the Echelon sample attempted to target is included in the report.

Other aspects of the malware, according to the researchers, include computer fingerprinting and the ability to take a screenshot of the victim's workstation. According to the researchers, the Echelon model used in the campaign transmits credentials, other stolen data, and screenshots back to a command-and-control server through a compressed.ZIP file.

According to the researchers, Windows Defender detects and deletes the Present.exe malicious executable sample and flags it as '#LowFI: HookwowLow,' protecting users who have the antivirus program from any potential Echelon damage.

For years, Airzero Sec's Cyber Security Consulting experts have worked on a variety of projects for a number of well-known organizations. Use our previous experience to your advantage, whether it's to help you get there or to perform technical tests. If you have any doubts about telegram being used to steal passwords of bitcoin wallets, please contact us. Airzero sec will be your digital partner.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/