Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
217878 ZDNET 2021-10-13:
Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace
1.000 Find similar Compare side-by-side
217796 THEVERGE 2021-10-13:
OpenSea fixes vulnerabilities that could let hackers steal crypto with malicious NFTs
0.985 0.635 Find similar Compare side-by-side
218183 ZDNET 2021-10-14:
HP Wolf report highlights widespread exploitation of MSHTML, typosquatting and malware families hosted on Discord
0.388 Find similar Compare side-by-side
218074 ZDNET 2021-10-15:
This malware botnet gang has stolen millions with a surprisingly simple trick
0.377 Find similar Compare side-by-side
217869 ZDNET 2021-10-13:
1 in 15 organizations runs actively exploited version of SolarWinds: Report
0.377 Find similar Compare side-by-side
218060 VENTUREBEAT 2021-10-15:
Cybersecurity report reveals critical business vulnerabilities
0.366 Find similar Compare side-by-side
217990 TECHREPUBLIC 2021-10-12:
What it costs to hire a hacker on the Dark Web
0.353 Find similar Compare side-by-side
218160 THEVERGE 2021-10-15:
Tether will pay $41 million over ‘misleading’ claims it was fully backed by US dollars
0.348 Find similar Compare side-by-side
218188 ZDNET 2021-10-13:
Brazilian e-commerce firm Hariexpress leaks 1.75 billion sensitive files
0.343 Find similar Compare side-by-side
218212 ZDNET 2021-10-14:
Verizon-owned Visible acknowledges hack, confirms account manipulations
0.334 Find similar Compare side-by-side
217778 ZDNET 2021-10-13:
Scammers abused Apple developer program to steal millions from victims on Tinder, Bumble, Grindr, Facebook Dating
0.334 Find similar Compare side-by-side
217855 TECHREPUBLIC 2021-10-13:
Dark Web: Many cybercrime services sell for less than $500
0.327 Find similar Compare side-by-side
218100 THEVERGE 2021-10-14:
Missouri governor threatens reporter who discovered state site spilling private info
0.326 Find similar Compare side-by-side
218035 ZDNET 2021-10-12:
Microsoft October 2021 Patch Tuesday: 71 vulnerabilities, four zero-days squashed
0.320 Find similar Compare side-by-side
218077 THEVERGE 2021-10-14:
Signal’s founder is trolling with an NFT that’ll turn to shit if you buy it
0.319 Find similar Compare side-by-side
217784 ZDNET 2021-10-13:
International cryptocurrency scam ring targets European dating app users
0.319 Find similar Compare side-by-side
218133 ZDNET 2021-10-15:
Critical infrastructure security dubbed 'abysmal' by researchers
0.319 Find similar Compare side-by-side
217975 ZDNET 2021-10-11:
FontOnLake malware strikes Linux systems in targeted attacks
0.314 Find similar Compare side-by-side
218114 ZDNET 2021-10-15:
Brazilian insurance giant Porto Seguro hit by cyberattack
0.312 Find similar Compare side-by-side
217890 VENTUREBEAT 2021-10-13:
Cyberattack response time averages 2 days, report finds
0.307 Find similar Compare side-by-side
218049 ZDNET 2021-10-14:
This new ransomware encrypts your data and makes some nasty threats, too
0.295 Find similar Compare side-by-side
218083 ZDNET 2021-10-15:
Google: We're sending out lots more phishing and malware attack warnings - here's why
0.293 Find similar Compare side-by-side
218082 ARSTECHNICA 2021-10-14:
Verizon’s Visible cell customers hacked, leading to unauthorized purchases
0.286 Find similar Compare side-by-side
217965 TECHREPUBLIC 2021-10-12:
How to protect your organization from security threats across your supply chain
0.282 Find similar Compare side-by-side
218132 TECHREPUBLIC 2021-10-14:
How a vishing attack spoofed Microsoft to try to gain remote access
0.279 Find similar Compare side-by-side

1

ID: 217878

URL: https://www.zdnet.com/article/bugs-allowing-malicious-nft-uploads-uncovered-in-opensea-marketplace/

Date: 2021-10-13

Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace

Malicious NFTs could have become an attack vector for hackers trying to steal digital wallet funds. Critical security issues in the OpenSea NFT marketplace that allowed attackers to steal cryptocurrency wallet funds have been patched.  NFTs, also known as non-fungible tokens, are digital assets that can be sold and traded on the blockchain. While some NFTs -- from a pixel cartoon to a popular meme -- can reach a sale price of millions of dollars, the popularity of this phenomenon has also created a new attack vector for exploitation.   On Wednesday, the Check Point Research (CPR) team said that flaws in the OpenSea NFT marketplace could have allowed "hackers to hijack user accounts and steal entire crypto wallets of users, by sending malicious NFTs." An investigation was launched after reports surfaced of malicious NFTs, airdropped for free, being used as conduits for cryptocurrency theft and account hijacking.  The NFT itself, and the airdrop, was not the source of the issue. Instead, once an NFT had been gifted to a potential victim, they would view it -- and then a pop-up would trigger, requesting a signature to connect to a wallet. A secondary signature request prompt would then appear, and if accepted, could grant attackers access to an unwitting user's wallet, funds, and more.  In OpenSea's case, the security flaw allowed the team to upload an .SVG file containing a malicious payload, which would execute under the OpenSea storage subdomain. " In our attack scenario, the user is asked to sign with their wallet after clicking an image received from a third party, which is unexpected behavior on OpenSea, since it does not correlate to services provided by the OpenSea platform, like buying an item, making an offer, or favoring an item," CPR says. "However, since the transaction operation domain is from OpenSea itself, and since this is an action the victim usually gets in other NFT operations, it may lead them to approve the connection." The researchers disclosed their findings to OpenSea on September 26. Within less than an hour, the marketplace had triaged and verified the security issues and deployed a fix.  In a statement, OpenSea said: "Security is fundamental to OpenSea. We appreciate the CPR team bringing this vulnerability to our attention and collaborating with us as we investigated the matter and implemented a fix within an hour of it being brought to our attention.  These attacks would have relied on users approving malicious activity through a third-party wallet provider by connecting their wallet and providing a signature for the malicious transaction." OpenSea added that the organization has not found any evidence of exploitation in the wild. Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0