vulnerabilities
10,201 vistas
17 están debatiendo
Hot
Lo último
Ver traducción
#Cloudflare recently mitigated the largest recorded distributed denial-of-service (#DDoS ) attack, peaking at 3.8 terabits per second (Tbps), during a campaign targeting financial services, internet, and telecom sectors. The attack lasted for a month, with over 100 hyper-volumetric attacks, one of which lasted 65 seconds. The attack overwhelmed network infrastructure with large volumes of data, some exceeding two billion packets per second. Many compromised devices, including #ASUS routers and #MikroTik systems, were involved, with significant infection in Russia, Vietnam, the U.S., Brazil, and Spain. The attackers mainly used the UDP protocol to execute the attacks. Previously, Microsoft held the record with a 3.47 Tbps DDoS attack on its Azure network.
Additionally, Akamai highlighted that #vulnerabilities in Linux CUPS servers could become a potential vector for future DDoS attacks, with over 58,000 systems currently exposed. Testing revealed CUPS flaws could amplify attacks through repeated requests, presenting a significant threat - #bleepingcomputer
Additionally, Akamai highlighted that #vulnerabilities in Linux CUPS servers could become a potential vector for future DDoS attacks, with over 58,000 systems currently exposed. Testing revealed CUPS flaws could amplify attacks through repeated requests, presenting a significant threat - #bleepingcomputer
#Google y #Arm han colaborado para mejorar la seguridad de #GPU , centrándose especialmente en la GPU Mali de uso generalizado, para proteger a los dispositivos Android de vulnerabilidades que pueden provocar una escalada de privilegios.
- Importancia de las GPU: las GPU son fundamentales para las experiencias visuales móviles, pero pueden exponer los dispositivos a riesgos de seguridad a través de sus pilas de software y firmware.
- Investigación de vulnerabilidades: el equipo Android Red Team y Arm tienen como objetivo identificar y abordar de forma proactiva #vulnerabilities en los módulos del kernel de la GPU, que a menudo se escriben en lenguajes que no son seguros para la memoria, como C.
- Iniciativas recientes:
- Pruebas del controlador del kernel: las pruebas de fuzzing revelaron problemas de memoria (CVE-2023-48409, CVE-2023-48421) en el controlador Mali #kernel , que se solucionaron rápidamente.
- Pruebas de firmware: un enfoque multifacético descubrió CVE-2024-0153, un desbordamiento de búfer en el firmware de la GPU, que también se solucionó rápidamente.
- Tiempo para aplicar parches: para combatir la explotación activa, los equipos desarrollaron nueve nuevas pruebas de Security Test Suite para ayudar a los socios a garantizar la aplicación oportuna de parches.
- Direcciones futuras: Arm está lanzando un programa de recompensas por errores para mejorar la detección de vulnerabilidades y mantener una colaboración continua con el Android Red Team para fortalecer la seguridad de la GPU en todo el ecosistema.
Esta asociación representa un esfuerzo significativo para reforzar la seguridad de los dispositivos Android y, al mismo tiempo, mantener un alto rendimiento.
- Importancia de las GPU: las GPU son fundamentales para las experiencias visuales móviles, pero pueden exponer los dispositivos a riesgos de seguridad a través de sus pilas de software y firmware.
- Investigación de vulnerabilidades: el equipo Android Red Team y Arm tienen como objetivo identificar y abordar de forma proactiva #vulnerabilities en los módulos del kernel de la GPU, que a menudo se escriben en lenguajes que no son seguros para la memoria, como C.
- Iniciativas recientes:
- Pruebas del controlador del kernel: las pruebas de fuzzing revelaron problemas de memoria (CVE-2023-48409, CVE-2023-48421) en el controlador Mali #kernel , que se solucionaron rápidamente.
- Pruebas de firmware: un enfoque multifacético descubrió CVE-2024-0153, un desbordamiento de búfer en el firmware de la GPU, que también se solucionó rápidamente.
- Tiempo para aplicar parches: para combatir la explotación activa, los equipos desarrollaron nueve nuevas pruebas de Security Test Suite para ayudar a los socios a garantizar la aplicación oportuna de parches.
- Direcciones futuras: Arm está lanzando un programa de recompensas por errores para mejorar la detección de vulnerabilidades y mantener una colaboración continua con el Android Red Team para fortalecer la seguridad de la GPU en todo el ecosistema.
Esta asociación representa un esfuerzo significativo para reforzar la seguridad de los dispositivos Android y, al mismo tiempo, mantener un alto rendimiento.
Ver traducción
📊 PYR (Vulcan Forged): Price Prediction with Bitcoin Growth 🚀
🔹 Current Price: $3.298 | 24H High: $3.397 | 24H Low: $3.092
PYR, the native token of Vulcan Forged, continues to demonstrate solid growth potential as Bitcoin leads the way in the crypto market. As a platform for NFTs and blockchain games, Vulcan Forged stands to benefit greatly from Bitcoin’s price momentum and the growing interest in the NFT and gaming sectors.
✨ Price Prediction
Support Level: $3.092 (Key Floor)
Resistance Level: $3.397 (Critical Barrier)
📈 Short-Term Projection:
A breakout above $3.397 could see PYR pushing towards $3.50 and higher.
With Bitcoin’s bullish movement, PYR is likely to hold steady around $3.298, with support remaining firm at $3.092.
A market correction may bring PYR down to $3.00, but it is expected to rebound quickly.
Investor Outlook
As Bitcoin drives market growth, Vulcan Forged’s NFT and gaming ecosystem makes PYR an attractive investment option for those looking to capitalize on the booming blockchain gaming industry.
💡 Pro Tip: PYR’s strong position in the gaming and NFT space combined with Bitcoin’s growth offers investors great potential for long-term returns.
$PYR
#PYR | #vulnerabilities | #NFT | #BitcoinGrowth
🔹 Current Price: $3.298 | 24H High: $3.397 | 24H Low: $3.092
PYR, the native token of Vulcan Forged, continues to demonstrate solid growth potential as Bitcoin leads the way in the crypto market. As a platform for NFTs and blockchain games, Vulcan Forged stands to benefit greatly from Bitcoin’s price momentum and the growing interest in the NFT and gaming sectors.
✨ Price Prediction
Support Level: $3.092 (Key Floor)
Resistance Level: $3.397 (Critical Barrier)
📈 Short-Term Projection:
A breakout above $3.397 could see PYR pushing towards $3.50 and higher.
With Bitcoin’s bullish movement, PYR is likely to hold steady around $3.298, with support remaining firm at $3.092.
A market correction may bring PYR down to $3.00, but it is expected to rebound quickly.
Investor Outlook
As Bitcoin drives market growth, Vulcan Forged’s NFT and gaming ecosystem makes PYR an attractive investment option for those looking to capitalize on the booming blockchain gaming industry.
💡 Pro Tip: PYR’s strong position in the gaming and NFT space combined with Bitcoin’s growth offers investors great potential for long-term returns.
$PYR
#PYR | #vulnerabilities | #NFT | #BitcoinGrowth
Ver traducción
Thorchain and RUNE Token: A Critical Analysis of the Current Crisis
#Thorchain , a decentralized liquidity protocol, is facing significant challenges as its native token, $RUNE , undergoes a steep decline in value. These developments expose critical #vulnerabilities in its lending mechanics, raising serious questions about the protocol's long-term viability and solvency.
The Lending Mechanism and Its Flaws
Thorchain introduced a lending feature allowing users to borrow assets by collateralizing Bitcoin ($BTC ). Upon borrowing, the system converted BTC collateral into RUNE, creating an inherent dependency on RUNE's value. The repayment process would require selling #RUNE to reacquire #BTC , leaving the protocol exposed to a cascading failure if RUNE's price fell.
This mechanism is now showing cracks:
Death Spiral Dynamics: A drop in RUNE's price creates pressure as borrowers repay loans, forcing the protocol to sell more RUNE to meet BTC obligations. This selling further depresses RUNE’s value, triggering a vicious cycle of price declines.Minting RUNE: To address outstanding liabilities, the protocol mints additional RUNE tokens. At the current price levels, complete loan closure would require the minting of 24 million RUNE tokens, exacerbating the oversupply issue and diluting the token's value.
Outstanding Liabilities and Pool Liquidity
The protocol’s current liabilities include:
BTC Collateral: 1,604 BTC is owed, but only 592 BTC is available in Thorchain's BTC pool.ETH Collateral: 18,258 ETH is owed, with 7,404 ETH available.
The gap in reserves is stark: 210 BTC and 1,725 ETH remain unaccounted for. This shortfall highlights the inability to fully repay depositors, even if borrowers return half of the owed amount.
Market Dynamics and Risks
Several factors are intensifying the crisis:
Shallow Pools: Liquidity pools for BTC and ETH are insufficient to cover liabilities, and the declining RUNE price discourages further liquidity provision.Shorting RUNE: Market participants are capitalizing on RUNE’s weakness, shorting the token and accelerating its decline.Arbitrage Opportunities: A widening gap between RUNE and BTC prices creates opportunities for arbitrage, further depleting USD liquidity pools.
Current Solvency Status
At current market prices, Thorchain's solvency hangs by a thread:
Available USD liquidity in the protocol is approximately $22-$23 million.Outstanding unmet liabilities exceed $24 million.
If RUNE's price continues to drop, the protocol will face a solvency crisis, triggering further panic and liquidation risks.
Broader Implications
The unfolding situation bears striking similarities to the Terra/Luna collapse in 2022. Both scenarios involved unsustainable tokenomics and over-reliance on volatile native tokens to back significant financial obligations. Thorchain's failure to account for systemic risks in its lending design now threatens the integrity of the entire protocol.
Lessons and Path Forward
The Thorchain crisis underscores an essential lesson for the crypto space: poorly designed systems with inherent vulnerabilities are prone to failure. Transparent and sustainable mechanisms, such as over-collateralized loans with minimal exposure to native token fluctuations, are crucial for maintaining stability.
Protocols like Lava, which embed traditional lending logic into smart contracts without relying on ponzinomics, offer a safer alternative for borrowing against assets like BTC. Such models avoid the cascading risks that arise from token dependency.
Call to Action
Immediate action is required to address Thorchain’s vulnerabilities. A coordinated focus on mitigating lending risks, improving liquidity, and stabilizing RUNE’s price is essential to prevent further damage. Institutions and users must remain vigilant as the situation evolves, as the crisis could have far-reaching consequences across the decentralized finance (DeFi) ecosystem.
Thorchain's current predicament serves as a cautionary tale. The promise of DeFi lies in decentralization and security, but these principles must be backed by robust and sustainable economic models. Without these, the industry risks repeating the mistakes of the past.
#RUNE/USDT
$RUNE
The Lending Mechanism and Its Flaws
Thorchain introduced a lending feature allowing users to borrow assets by collateralizing Bitcoin ($BTC ). Upon borrowing, the system converted BTC collateral into RUNE, creating an inherent dependency on RUNE's value. The repayment process would require selling #RUNE to reacquire #BTC , leaving the protocol exposed to a cascading failure if RUNE's price fell.
This mechanism is now showing cracks:
Death Spiral Dynamics: A drop in RUNE's price creates pressure as borrowers repay loans, forcing the protocol to sell more RUNE to meet BTC obligations. This selling further depresses RUNE’s value, triggering a vicious cycle of price declines.Minting RUNE: To address outstanding liabilities, the protocol mints additional RUNE tokens. At the current price levels, complete loan closure would require the minting of 24 million RUNE tokens, exacerbating the oversupply issue and diluting the token's value.
Outstanding Liabilities and Pool Liquidity
The protocol’s current liabilities include:
BTC Collateral: 1,604 BTC is owed, but only 592 BTC is available in Thorchain's BTC pool.ETH Collateral: 18,258 ETH is owed, with 7,404 ETH available.
The gap in reserves is stark: 210 BTC and 1,725 ETH remain unaccounted for. This shortfall highlights the inability to fully repay depositors, even if borrowers return half of the owed amount.
Market Dynamics and Risks
Several factors are intensifying the crisis:
Shallow Pools: Liquidity pools for BTC and ETH are insufficient to cover liabilities, and the declining RUNE price discourages further liquidity provision.Shorting RUNE: Market participants are capitalizing on RUNE’s weakness, shorting the token and accelerating its decline.Arbitrage Opportunities: A widening gap between RUNE and BTC prices creates opportunities for arbitrage, further depleting USD liquidity pools.
Current Solvency Status
At current market prices, Thorchain's solvency hangs by a thread:
Available USD liquidity in the protocol is approximately $22-$23 million.Outstanding unmet liabilities exceed $24 million.
If RUNE's price continues to drop, the protocol will face a solvency crisis, triggering further panic and liquidation risks.
Broader Implications
The unfolding situation bears striking similarities to the Terra/Luna collapse in 2022. Both scenarios involved unsustainable tokenomics and over-reliance on volatile native tokens to back significant financial obligations. Thorchain's failure to account for systemic risks in its lending design now threatens the integrity of the entire protocol.
Lessons and Path Forward
The Thorchain crisis underscores an essential lesson for the crypto space: poorly designed systems with inherent vulnerabilities are prone to failure. Transparent and sustainable mechanisms, such as over-collateralized loans with minimal exposure to native token fluctuations, are crucial for maintaining stability.
Protocols like Lava, which embed traditional lending logic into smart contracts without relying on ponzinomics, offer a safer alternative for borrowing against assets like BTC. Such models avoid the cascading risks that arise from token dependency.
Call to Action
Immediate action is required to address Thorchain’s vulnerabilities. A coordinated focus on mitigating lending risks, improving liquidity, and stabilizing RUNE’s price is essential to prevent further damage. Institutions and users must remain vigilant as the situation evolves, as the crisis could have far-reaching consequences across the decentralized finance (DeFi) ecosystem.
Thorchain's current predicament serves as a cautionary tale. The promise of DeFi lies in decentralization and security, but these principles must be backed by robust and sustainable economic models. Without these, the industry risks repeating the mistakes of the past.
#RUNE/USDT
$RUNE
📉🧩⚠️🔗 ¿Cuáles son los principales riesgos de invertir en Solana? ⚡💻
⚠️ “Volátil, innovador, de alta recompensa y arriesgado, las inversiones en Solana requieren precaución,” 🌍🪙 ya que la rápida adopción trae tanto oportunidades como vulnerabilidades 🚀💡📊.
#solana #Risks #Investing #HighRewards #vulnerabilities
⚠️ “Volátil, innovador, de alta recompensa y arriesgado, las inversiones en Solana requieren precaución,” 🌍🪙 ya que la rápida adopción trae tanto oportunidades como vulnerabilidades 🚀💡📊.
#solana #Risks #Investing #HighRewards #vulnerabilities
Asegurando el futuro de la cadena de bloques: los 10 contratos inteligentes más importantes de OWASP (2025)
A medida que los ecosistemas blockchain y Web3 continúan expandiéndose, también lo hace la sofisticación de las amenazas dirigidas a los contratos inteligentes. Con pérdidas financieras que totalizan $1,42 mil millones en 149 incidentes documentados en 2024, se ha vuelto fundamental que los desarrolladores y los profesionales de seguridad aborden las vulnerabilidades de manera efectiva. El Top 10 de contratos inteligentes de OWASP (2025) sirve como una guía integral para mitigar los riesgos más significativos en el panorama de la tecnología descentralizada.
¿Cuáles son los 10 mejores contratos inteligentes de OWASP?
¿Cuáles son los 10 mejores contratos inteligentes de OWASP?
Ver traducción
Ronin Network Loses $9.8M 💸
#Ronin Network has lost $9.8 million worth of Ether in a potential exploit, which may have been conducted by a white hat hacker, according to a post by PeckShield.
White hat hackers exploit #vulnerabilities to help improve security and typically return the stolen funds after proving the code is flawed. If this is the case with Ronin, the funds could be returned soon.
Additionally, hackers with malicious intent have also been known to return #stolen funds, as evidenced by a $71 million crypto return in May after significant attention was brought to the incident.
#Binance
#crypto2024
#Ronin Network has lost $9.8 million worth of Ether in a potential exploit, which may have been conducted by a white hat hacker, according to a post by PeckShield.
White hat hackers exploit #vulnerabilities to help improve security and typically return the stolen funds after proving the code is flawed. If this is the case with Ronin, the funds could be returned soon.
Additionally, hackers with malicious intent have also been known to return #stolen funds, as evidenced by a $71 million crypto return in May after significant attention was brought to the incident.
#Binance
#crypto2024
Una guía completa para la emulación y análisis de firmware.
La emulación es un proceso esencial en la investigación de sistemas integrados y permite a los analistas probar, inspeccionar e identificar en el firmware sin necesidad de acceder al hardware físico.
Herramientas como QEMU, Firmadyne y Firmware Analysis Toolkit (FAT) son fundamentales para emular el firmware basado en Linux que se utiliza en enrutadores, dispositivos IoT y otros sistemas integrados. En este artículo, se detallan estas herramientas y se proporciona una guía paso a paso sobre cómo utilizarlas de manera eficaz para el análisis de firmware.
QEMU: emulación de procesador versátil
Herramientas como QEMU, Firmadyne y Firmware Analysis Toolkit (FAT) son fundamentales para emular el firmware basado en Linux que se utiliza en enrutadores, dispositivos IoT y otros sistemas integrados. En este artículo, se detallan estas herramientas y se proporciona una guía paso a paso sobre cómo utilizarlas de manera eficaz para el análisis de firmware.
QEMU: emulación de procesador versátil
Sentimiento de los inversores sobre los mercados de divisas criptográficas...
Los mercados de criptomonedas son conocidos por su volatilidad, impulsada por factores que van desde tendencias macroeconómicas hasta anuncios regulatorios y desarrollos tecnológicos. A pesar de las correcciones periódicas, los inversores a largo plazo siguen siendo optimistas sobre el potencial transformador de la tecnología blockchain y los activos digitales.
Desafíos y riesgos en los mercados de criptomonedas...
1. **Volatilidad:** Las oscilaciones de precios en las criptomonedas pueden ser sustanciales, lo que plantea riesgos tanto para los inversores como para los comerciantes.
2. **Preocupaciones de seguridad:** Los ciberataques, los hackeos y las vulnerabilidades en los contratos inteligentes siguen siendo riesgos importantes en el ecosistema de las criptomonedas.
3. **Incertidumbre regulatoria:** La falta de marcos regulatorios claros en algunas jurisdicciones crea incertidumbre para los participantes del mercado y puede obstaculizar una adopción más amplia.
#VolatilityWarning #smartcontracts #vulnerabilities #risks #StabilityAndInnovation $USDC $SOL $BNB
Los mercados de criptomonedas son conocidos por su volatilidad, impulsada por factores que van desde tendencias macroeconómicas hasta anuncios regulatorios y desarrollos tecnológicos. A pesar de las correcciones periódicas, los inversores a largo plazo siguen siendo optimistas sobre el potencial transformador de la tecnología blockchain y los activos digitales.
Desafíos y riesgos en los mercados de criptomonedas...
1. **Volatilidad:** Las oscilaciones de precios en las criptomonedas pueden ser sustanciales, lo que plantea riesgos tanto para los inversores como para los comerciantes.
2. **Preocupaciones de seguridad:** Los ciberataques, los hackeos y las vulnerabilidades en los contratos inteligentes siguen siendo riesgos importantes en el ecosistema de las criptomonedas.
3. **Incertidumbre regulatoria:** La falta de marcos regulatorios claros en algunas jurisdicciones crea incertidumbre para los participantes del mercado y puede obstaculizar una adopción más amplia.
#VolatilityWarning #smartcontracts #vulnerabilities #risks #StabilityAndInnovation $USDC $SOL $BNB
Ver traducción
Did ERC-2771 and Multicall Integration Cause Web3's Smart Contract Vulnerabilities? ☠️
#OpenZeppelin identified 13 vulnerable smart contracts resulting from the ERC-2771 and Multicall integration.
#Thirdweb revealed a widespread security risk affecting common Web3 contracts, prompting alerts from OpenZeppelin, Coinbase NFT, and OpenSea.
The issue stems from flawed integration, allowing potential exploitation. OpenZeppelin proposed a 4-step safety protocol, advising disabling forwarders, contract pausing, revoking approvals, upgrades, and snapshot evaluations.
Thirdweb launched a tool to check #vulnerabilities . Velodrome paused Relay services for a secure update. AI's role in contract auditing was discussed; while not on par with human auditors, it accelerates and strengthens the process, according to Librehash's James Edwards.
#Binance
#crypto2023
#OpenZeppelin identified 13 vulnerable smart contracts resulting from the ERC-2771 and Multicall integration.
#Thirdweb revealed a widespread security risk affecting common Web3 contracts, prompting alerts from OpenZeppelin, Coinbase NFT, and OpenSea.
The issue stems from flawed integration, allowing potential exploitation. OpenZeppelin proposed a 4-step safety protocol, advising disabling forwarders, contract pausing, revoking approvals, upgrades, and snapshot evaluations.
Thirdweb launched a tool to check #vulnerabilities . Velodrome paused Relay services for a secure update. AI's role in contract auditing was discussed; while not on par with human auditors, it accelerates and strengthens the process, according to Librehash's James Edwards.
#Binance
#crypto2023
#AnciliaInc
Un proyecto desconocido perdió alrededor de 85k (aproximadamente 150 $BNB ) debido a dos #vulnerabilities en sus dos contratos.
Tx: 0x0b45e23c6af507caa78b8fe3783c2f6c8486cb18c7a0324afc268ab1797260ce
Dirección del atacante 0x3C4e4fbc17A7caa22570E54b57Ba42cF053A777A
Un proyecto desconocido perdió alrededor de 85k (aproximadamente 150 $BNB ) debido a dos #vulnerabilities en sus dos contratos.
Tx: 0x0b45e23c6af507caa78b8fe3783c2f6c8486cb18c7a0324afc268ab1797260ce
Dirección del atacante 0x3C4e4fbc17A7caa22570E54b57Ba42cF053A777A
Vulnerabilidades comunes en los sistemas de criptomonedas
Los sistemas criptográficos sustentan los ecosistemas de finanzas descentralizadas (DeFi) y blockchain, ofreciendo a los usuarios un control incomparable sobre los activos digitales. Sin embargo, la sofisticación de estos sistemas también abre una variedad de vectores de ataque, desde contratos inteligentes hasta billeteras multisig e incluso billeteras de hardware. Los desarrolladores, que a menudo se centran en la funcionalidad, pueden pasar por alto vulnerabilidades críticas, lo que crea oportunidades para ataques sofisticados como los que se vieron en el hackeo de 50 millones de dólares de Radiant Capital. Este artículo explorará las vulnerabilidades dentro de los sistemas criptográficos y brindará información detallada sobre cómo ocurren, aprovechando las últimas tendencias de ataque y los errores de los desarrolladores que a menudo se pasan por alto.
Inicia sesión para explorar más contenidos