Hackers Stole $19 Million From Bithumb Cryptocurrency Exchange
#Bithumb #crypto #cryptocurrency #hackers #hacktorial #vulnerability
Hackers yesterday stole nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based popular cryptocurrency exchange admitted today.
According to Primitive Ventures' Dovey Wan, who first broke the information on social media, hackers managed to compromise a number of Bithumb's hot EOS and XRP wallets and transferred around 3 million EOS (~ $13 million) and 20 million XRP (~ $6
#Bithumb #crypto #cryptocurrency #hackers #hacktorial #vulnerability
Hackers yesterday stole nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based popular cryptocurrency exchange admitted today.
According to Primitive Ventures' Dovey Wan, who first broke the information on social media, hackers managed to compromise a number of Bithumb's hot EOS and XRP wallets and transferred around 3 million EOS (~ $13 million) and 20 million XRP (~ $6
Critical vulnerability in Apache HTTP Server patched
#Apache #Vulnerability #HttpServer #CVE20190211 #hacktorial
A critical vulnerability in Apache HTTP Server that if exploited could allow an attacker to gain full root control has been patched.
The cause, dubbed Carpe Diem by the researcher who discovered it Ambionics engineer Charles Fol, affects Apache HTTP Server versions 2.4.17 to 2.4.38.
The vulnerability, CVE-2019-0211, is a privilege escalation issue that happens when Apache executes what is called a “graceful restart”. A Graceful restart describes a situation when existing server threads are allowed to complete their task on a live website, Sophos’ Naked Security noted in a blog.
Fol found that during a restart “an opportunity arises for a low-privilege process to elevate itself to root via a script, for example via PHP or CGI.”
An attacker would require local access or being part of a shared hosting environment where many separate websites are hosted under a single IP address. This means any company or individual who currently maintains a website in such an environment should immediately updated to version 2.4.39, Naked Security said.
Jim O’Gorman, chief strategy officer at Offensive Security, pointed out how difficult it is to suss out vulnerabilities such as Carpe Diem, particularly when at first glance the issue might seem minor and require a complex exploitation chain. But if exploited the results are devastating.
“Thinking through the ways that attackers will actually exploit bugs to penetrate systems requires a creative, persistent, and adversarial mindset, and is not something that we can teach a security product to do,” he said.
In addition to patching CVE-2019-0211, the update also handled CVE-2019-0217, CVE-2019-0215, CVE-2019-0197, CVE-2019-0196, and CVE-2019-0220.
#Apache #Vulnerability #HttpServer #CVE20190211 #hacktorial
A critical vulnerability in Apache HTTP Server that if exploited could allow an attacker to gain full root control has been patched.
The cause, dubbed Carpe Diem by the researcher who discovered it Ambionics engineer Charles Fol, affects Apache HTTP Server versions 2.4.17 to 2.4.38.
The vulnerability, CVE-2019-0211, is a privilege escalation issue that happens when Apache executes what is called a “graceful restart”. A Graceful restart describes a situation when existing server threads are allowed to complete their task on a live website, Sophos’ Naked Security noted in a blog.
Fol found that during a restart “an opportunity arises for a low-privilege process to elevate itself to root via a script, for example via PHP or CGI.”
An attacker would require local access or being part of a shared hosting environment where many separate websites are hosted under a single IP address. This means any company or individual who currently maintains a website in such an environment should immediately updated to version 2.4.39, Naked Security said.
Jim O’Gorman, chief strategy officer at Offensive Security, pointed out how difficult it is to suss out vulnerabilities such as Carpe Diem, particularly when at first glance the issue might seem minor and require a complex exploitation chain. But if exploited the results are devastating.
“Thinking through the ways that attackers will actually exploit bugs to penetrate systems requires a creative, persistent, and adversarial mindset, and is not something that we can teach a security product to do,” he said.
In addition to patching CVE-2019-0211, the update also handled CVE-2019-0217, CVE-2019-0215, CVE-2019-0197, CVE-2019-0196, and CVE-2019-0220.