Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Access Tokens. Show all posts

Dingo Token Charging 99% Fee is a Scam

A major cryptocurrency scam by Dingo Token, as per researchers who discovered backdoor features intended to steal users' money.

Check Point analysts observed this fraudulent charge modification 47 times before issuing the alert. The Dingo Smart Contract's purchase and sell fees are adjustable by up to 99% using a backdoor method called 'setTaxFeePercent,' according to Check Point Research (CPR), which examined the code for the contract. Despite the fact that the project's whitepaper claims that only a 10% fee for each transaction, this is the case. 

According to the cyber security software company, one customer purchased 427 million Dingo Tokens for $26.89 but received 4.27 million, or $0.27 value of Dingo Tokens. Dingo Token had a current market valuation of $223,992 and was rated 1915 on CoinMarketCap.  Recent complaints about the Dingo Token have also been made by users of CoinMarketCap and Twitter. Crypto dealer IncredibleJoker stated in a post on February 5 they could not sell their assets.

According to Check Point's head of product vulnerabilities research, Oded Vanunu, what his group uncovered at Dingo Token is becoming more regular, "this is a popular method that locks users' funds until the scammers gradually withdraw the entire sum. A growing number of scammers are lured to cryptocurrencies. They can remain unidentified. It moves quickly. It's profitable." 

Users are worried that once the creators determine that the value has peaked, they will turn on the backdoor to steal 99% of all users' coins. Investors in cryptocurrencies should be upfront about their questions in order to hear what other people have to say about a project. Whether you are new to trading, it is advised to diversify your money over several different coins and only utilize reliable exchange providers.

DingoToken: What is it?

DingoToken enables users to quickly deposit ANY tokens, including BEP-20 tokens, into an NFT. Now, a rare NFT can be turned into a basket containing a variety of different tokens. An entirely new NFT world is made possible by the DingoToken platform, a new protocol layer. The decentralized app (DApp) built on top of the DingoToken Protocol and targeted at art/collectible NFTs will also be made available for our public launch.

The DApp enables users to Mint / Generate an NFT, deposit their preferred asset into it, and then create their own NFTs. Only NFTs produced with the Dingo NFT Minting Station are supported in our v1 online application. To protect platform users' safety, steps are being taken by the firm. The option to mint one's own NFTs or buy those produced by Dingo Token platform users is available to users.


 CircleCI Breach: Encryption Keys & User Data Seized

A software company CircleCi has acknowledged that a data breach that occurred last month resulted in the theft of customers' personal information. 

After an engineer contracted data-stealing malware that made use of CircleCi's 2FA-backed SSO session cookies to get access to the company's internal systems, hackers broke into the company in December. CircleCi reminded consumers to change their credentials and passwords earlier this month after disclosing a security breach.

The company accepted responsibility for the breach and criticized a system failure, noting that its antivirus program missed the token-stealing malware on the employee's laptop. Using session tokens, users can maintain their login status without constantly typing their password or re-authorizing using two-factor authentication. However, without the account holder's password or two-factor code, an attacker can access the same resources as them by using a stolen session token. As a result, it may be challenging to distinguish between a session token belonging to the account owner and one stolen by a hacker.

According to CircleCi, the theft of the session token enabled the hackers to assume the identity of the employee and obtain access to a few of the business systems, which store client data. CircleCi states they rotated all customer-related tokens, including Project API Tokens, Personal API Tokens, and GitHub OAuth tokens, in retaliation to the hack. Additionally, the business collaborated with Atlassian and AWS to alert clients of potentially hacked AWS and Bitbucket tokens.

CircleCi claims that in order to further fortify its infrastructure, they have increased the number of detections for the actions taken by the information-stealing malware in its antivirus and mobile device management (MDM) programs.

"While client data was encrypted, the cybercriminals also gained the encryption keys able to decrypt consumer data," claimed Rob Zuber, the company's chief technology officer. To avoid illegal access to third-party systems and stores, researchers urge customers who have not already taken steps to do so. The company additionally tightened the security of its 2FA solution and further limited access to its production settings to a smaller group of users.

JsonWebToken Library Security Flaw: Used in 20,000+ Projects

In the widely-used open-source project, JavaScript library JsonWebToken researchers from Palo Alto Networks unit 42 found a new high-severity vulnerability   CVE-2022-23529. 

Palo Alto Networks released a security advisory on Monday highlighting how the weakness could be used by an attacker to execute code remotely on a server that was verifying a maliciously constructed JSON web token (JWT) request. 

The JSON web token JavaScript module, designed and maintained by Okta's Auth0, enables users to decode, validate, and create JSON web tokens as a way of securely communicating information among two entities enabling authorization and authentication. The npm software registry receives more than 10 million downloads per week and is used in more than 22,000 projects.

Therefore, the capability of running malicious code on a server could violate confidentiality and integrity guarantees, enabling a bad actor to alter any files on the host and carry out any operation of its choice using a contaminated private key. However, Unit 42 cautions that to exploit it, malicious actors would need to first breach the secret management procedure with an app and a JsonWebToken server, dropping the severity level to 7.6/10.

Researchers discovered that after verifying a maliciously constructed JWS token, threat actors might use JsonWebToken to execute remote malware on servers. This is aided by a bug in JsonWebToken's verify() method, which checks a JWT and returns the decoded data. The token, the secretOrPublicKey, and options are the three inputs that this method accepts.

Artur Oleyarsh of Palo Alto Networks Unit 42 said, "An attacker will need to leverage a fault within the secret management mechanism to exploit the vulnerability mentioned in this post and manipulate the secretOrPublicKey value."

The security researcher claims that the Auth0 technical team released a patch for the vulnerability in December 2022. "We appreciate the Auth0 team's competent handling of the disclosure procedure and the provision of a patch for the reported vulnerability," said Oleyarsh.

In summary, the cybersecurity analyst stressed the importance of security awareness when utilizing open-source software. It is critical that downstream users proactively identify, mitigate, and patch vulnerabilities in such products as open-source software often appears as a lucrative first entry pathway for threat actors to stage supply chain attacks. The fact that hackers are now considerably faster at exploiting recently discovered flaws, substantially reducing the time between a patch release and exploit availability, simply makes matters difficult.

Attackers Use Stolen OAuth Access Tokens to Breach Dozens of GitHub Repos

 

GitHub has shared a timeline of last month's security breach that saw an attacker using stolen OAuth app tokens to steal private repositories from dozens of organizations. 

OAuth tokens were issued to two third-party integrators, Heroku and Travis-CI but were stolen by an unknown hacker. According to GitHub's Chief Security Officer Mike Hanley, the company is yet to unearth evidence that its systems have been breached since the incident was first identified on April 12th, 2022. 

OAuth tokens are one of the go-to elements that IT vendors use to automate cloud services like code repositories and DevOps pipelines. While these tokens are useful for enabling key IT services, they are also susceptible to theft. 

“If a token is compromised, in this case, a GitHub token, a malicious actor can steal corporate IP or modify the source to initiate a supply chain attack that could spread malware or steal PII from unsuspecting customers," Ray Kelly, a researcher at NIT Application Security, explained. 

GitHub said it is in the process of sending the final notification to its customer. The firm’s examination of the hacker’s methodology includes the authentication of the GitHub API using the stolen OAuth tokens issued to accounts Heroku and Travis CI. It added that most of those affected authorized Heroku or Travis CI OAuth apps in their GitHub accounts. Attacks were selective and attackers listed the private repositories of interest. Next, attackers proceeded to clone private repositories.

“This pattern of behavior suggests the attacker was only listing organizations to identify accounts to selectively target for listing and downloading private repositories. GitHub believes these attacks were highly targeted based on the available information and our analysis of the attacker behavior using the compromised OAuth tokens issued to Travis CI and Heroku,” GitHub stated. 

GitHub also issued recommendations that can assist users in investigating logs for data exfiltration or malicious activity. This includes scanning all private repositories for secrets and credentials stored in them, checking OAuth applications authorized for a personal account, and adhering to GitHub policies to improve the security of their GitHub organizations. Others include checking their account activity, personal access tokens, OAuth apps, and SSH keys for activity or changes that may have come from the malicious actor.