Last Week In Blockchain and CyberSecurity News - May 14, 2019

Binance Hacked: Bitcoin Exchange Suffers $40 Million Security Breach 

The largest cryptocurrency exchange based on trading volume has been hacked. Binance’s CEO, Changpeng “CZ” Zhao announced on May 7, 2019 the extent of the breach. Binance stated “We have discovered a large-scale security breach today, May 7, 2019, at 17:15:24. Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.” Hackers were able to steal 7,000 BTC, resulting in approximately $40 million stolen. Thankfully, Binance has a “SAFU” fund which was created for situations like this. The SAFU fund will cover the incident, and no user funds will be affected. Binance is currently working with a dozen of security teams with the hopes of tracking down and freezing the stolen funds.  

Read more here

‘Unhackable’ eyeDisk Flash Drive Exposes Passwords in Clear Text

Eyedisk states they have created an “unhackable” USB flash drive that keeps your data secure, and only provides access to the buyer. It is currently up for sale on the Kickstarter crowdfunding platform for $99. The company states the “eyeDisk features AES 256-bit encryption for your iris pattern, [and they developed their] own iris recognition algorithm so that no one can hack your USB drive even they have your iris pattern.” However, Pen Test Partners researcher David Lodge has claimed the device contains a vulnerability, thus harming it’s “unhackable” assurance. By using an open-source packet analyzer called Wireshark, whose USBPcap function allows real-time packet-sniffing from a USB, David was able to determine the device uses Command Descriptor Blocks (CDB) to send commands to and from the device. Through further investigation, David discovered he could obtain the password/hash in clear text of the “unhackable device.” David stated “The software collects the password first, then validates the user-entered password BEFORE sending the unlock password. This is a very poor approach given the unhackable claims and fundamentally undermines the security of the device.” On April 9, eyeDisk stated it would fix the problem; however, no patch has been provided yet.  

Read more here

Two Crypto Mining Groups are Fighting a Turf War Over Unsecured Linux Servers

Two cyber-criminal groups are battling to take over as many Linux cloud-based environments and use their server resources to increase their cryptojacking profits. A relatively new cryptojacking group Pacha has begun to challenge the “champion” of Monero cryptojacking operations, Rocke. Both groups have conducted mass-scanning operations that look for unpatched or open cloud services to infect with their “multi-functional Linux-based malware strain.” By removing a large amount of known cryptoming malware strains on each server it infects, Pacha has slowly gained territory throughout the crypto mining scene. According to a report published last week, “the Pacha Group paid special attention to identifying and removing versions of Rocke's miner, most likely to eat away at its rival's "market share." Rocke has been conducting similar practices; however, it is not at as large of a scale as Pacha’s operations.

Get more information here

Nvidia Warns Windows Gamers on GPU Driver Flaws

Nvidia has recently released three patches for critical vulnerabilities in its GPU display driver. The vulnerabilities could lead to “information disclosure, escalation of privileges and denial of service (DoS) in impacted Windows gaming devices.” According to an advisory released by Nvidia, the most severe of the flaws is CVE‑2019‑5675, which could be exploited to launch DoS and provide escalation privileges to attackers. Nvidia’s security release states “[The driver] contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges or information disclosure.” CVE‑2019‑5675 is rated with a CVSS score of 7.7. Nvidia encourages users to update their drivers on various software products running on windows.  

Read more here
 

Tron Fixed A Critical Vulnerability That Would Have Crashed the TRX Blockchain

On May 2 The Tron Foundation disclosed it had patched a “critical vulnerability which could have crashed its blockchain” on the vulnerability disclosure platform HackerOne. The disclosure explained that if an attacker conducted an attack with enough malicious requests, they could have filled up “all the available memory and effectively perform a Distributed Denial of Service attack on the TRX network by employing malicious code in a smart contract.” This vulnerability would have been catastrophic for the network, as it could allow an attacker to use a single machine to attack all or a majority of the currency's nodes. The disclosure states, “Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and render Tron network unusable or make it unavailable.” The discovery was made in early January, and the Tron Foundation awarded a cybersecurity researcher $1,500 for discovering and disclosing the vulnerability.  

Read more here