Last Week In Blockchain and CyberSecurity News - May 21, 2019

New Zealand-Based Cryptocurrency Exchange, Cryptopia, Shuts Down 

Over the past three months, Cryptopia wound down operations as the team attempted to recover stolen funds and review their security practices. In January, the exchange experienced a significant breach in which hackers siphoned over $16 million worth of various cryptocurrencies. The exchange opened again in March 2019, but unfortunately failed to attract new users and continued to lose more money. Last week, the company posted an update stating, 

“Despite the efforts of management to reduce cost and return the business to profitability, it was decided the appointment of liquidators was, in the best interests of customers, staff and other stakeholders. The liquidators are focused on securing the assets for the benefit of all stakeholders. While this process and investigations take place, trading on the exchange is suspended.” 

It is still not clear whether users will be able to get back the tokens they had on the exchange before the hack occurred. Many throughout the crypto community are upset about the Cryptopia shutdown citing the team’s lack of communication about the incident.  

Read more here

TeamViewer Confirms Undisclosed Breach From 2016 

During the autumn of 2016, TeamViewer experienced a cyber-attack that was undisclosed until late last week. The team claims that they discovered the breach before the hackers were able to do any damage, and security experts within the company did not find any evidence of stolen data.  

The attack is theorized to have come from China. Backdoors, which might have been planned during the attack, were removed “after a data center overhaul.” There was also no evidence that hackers were able to compromise or steal source code.  

According to Bleeping Computer, TeamViewer decided not to disclose the breach as “informing [their] users was not necessary and would have been counterproductive to the effective prosecution of the attackers.”  

Read more here

Stack Overflow Hacker Goes Undetected for a Week 

Last week, Stack Overflow, one of the largest Q&A sites for programming-related questions, disclosed a platform security breach. Hackers were able to access user IP addresses, names, or emails for a minimal number (around 250) of Stack Exchange user accounts.  

Mary Ferguson, VP of Engineering at Stack Overflow, stated,  

“The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com.”  

The hacker remained undetected in Stack Overflow’s systems from May 5 through May 11 until they attempted to grant themselves privileged access in production. Stack Overflow is currently working with a forensics firm to audit its logs and trace the intruders’ actions on its servers. 

Get more information here

Unpatched Ethereum Clients Expose the Ecosystem to 51% Attack Risk 

Using data from ethnodes.org, researchers at SRLabs published a report revealing that a large chunk of nodes using Ethereum clients such as Parity and Geth have been unpatched for “extended periods of time” even though patches for security flaws are available.  

According to their research, “only two-thirds of nodes have been patched so far.” Many clients are at risk of denial of service attacks, which allow malicious individuals to crash Ethereum nodes by sending malformed packets remotely.  

If an attacker were to crash enough nodes, they could successfully overload the network and gain a 51% majority on the blockchain. With this majority, a hacker could conduct double-spend attacks as well as undermine the trust in the ecosystem.  

Shortly after the report was released, Parity sent out a security alert urging participants to update their nodes. As with Windows and other software, it is essential to patch systems and protect yourself from hackers in the blockchain world. 

Read more here
 

ZombieLoad Attacks May Affect All Intel CPUs Released Since 2011 

The same researchers who brought the critical Spectre and Meltdown flaws into the spotlight have revealed a new vulnerability class impacting Intel CPUs. The vulnerabilities exploit weaknesses in a feature called “speculative execution,” which helps a processor predict what a program will need next to improve performance.  

According to ZDNet, four MDS attacks were disclosed last week, and “Zombieload” is the most dangerous of them all: 

  • CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) [codenamed Fallout]  

  • CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) 

  • CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) [codenamed Zombieload, or RIDL]  

  • CVE-2018-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) 

The vulnerabilities allow an attacker to retrieve data from a CPU in areas to which it should not have access. Thankfully, Intel and many other companies have provided patches to mitigate such attacks from happening. However, various performance decreases are expected to arise.  

Read more here