Security News
Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike's shoddy testing software made possible.
Just days after releasing the second - and supposedly more stable and secure - version of its decentralized finance app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million. The developers behind the Arbitrum-based app were the apparent victims of a flash loan attack and now are scrambling to track down the light-fingered coders and retrieve the lost funds.
Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently valued at over $7,500,000. According to blockchain security experts at PeckShield, Jimbos Protocol was the victim of a flash loan attack that leveraged the lack of slippage control on the platform.
A decentralized autonomous organization called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million. So Inverse Finance is counting it as bad debt rather than funds that need to be repaid to any individual.
The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets. The decentralized finance platform detailed on its Discord channel that the attacker took a flash loan on Aeve, a liquidity protocol, and used their voting power from holding a large amount of the Stalk native governance token to pass a malicious proposal.
The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets. The decentralized finance platform detailed on its Discord channel that the attacker took a flash loan on Aeve, a liquidity protocol, and used their voting power from holding a large amount of the Stalk native governance token to pass a malicious proposal.
The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features. Once in the device, FluBot can steal online banking credentials, send or intercept SMS messages, and capture screenshots.
The U.S. Federal Bureau of Investigation has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had their systems exploited in the wild. "The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a web shell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity," the agency said in an alert published this week.
The² Certified Cloud Security Professional stands out as the industry's premier cloud security credential and broadens your operational knowledge beyond vendor-specific platforms, differentiating you as a global leader in cloud security architecture, data security and infrastructure. Wondering if you're ready for the CCSP exam? Find out with the Official² CCSP Flash Cards, an interactive self-study tool that tests knowledge across all six CCSP domains.
Western Digital has confirmed that it changed the NAND flash memory in one of its most popular M.2 NVMe SSD models, the WD Blue SN550, which crippled writing speeds according to several reports, leading to a 50% performance hit. The company says that, in the future, it will also introduce a new model number when making any hardware changes to its products that impact performance.