Security Alerts & News
by Tymoteusz A. Góral

History
#989 Bitcoin rival Ethereum fights for its survival after $50 million heist
The attacker managed to combine 2 exploits. The first exploit was to call the split DAO function recursively. That means the first regular call would trigger a second (irregular) call of the function and the second call would trigger another call and so on. The following calls are done in a state before the balance of the attacker is set back to 0. This allowed the attacker to split 20 times (have to look up the exact number) per transaction. He could not do more—otherwise the transactions would have gotten too big and eventually would have reached the block limit. This attack would already have been painful. However—what made it really painful is that the attacked managed to replicate this attack from the same two addresses with the same tokens over and over again (roughly 250 times from 2 addresses each). So the attacker found a second exploit that allowed to split without destroying the tokens in the main DAO. They managed to transfer the tokens away before they get sent to address 0x0 and only after this they are sent back) The combination of both attacks multiplied the effect. Attack one on its [own] would have been very capital intensive (you need to bring up 1/20 of the stolen amount upfront)—the attack two would have taken a long time.
Read more
#993 KSN Report: Ransomware from 2014-2016
#992 3 million strong botnet grows right under Twitter's nose
#991 PayPal dumped cloud company (Seafile) after It refused to monitor customers' files
#990 Bitcoin phishing campaign uncovered
#989 Bitcoin rival Ethereum fights for its survival after $50 million heist
#988 NEC to launch AU$4.38m IoT-focused cybersecurity centre in Adelaide
#987 Tech support scams target victims via their ISP
#986 Hackers hit central banks in Indonesia and South Korea
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12