Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Hackers Exploit Log4j Flaw to Hijack Crypto Platform ONUS

published on 2021-12-30 14:11:29 UTC by CISOMAG
Content:

Recently, the popular Vietnamese  crypto trading platform ONUS sustained a large-scale cyberattack after threat actors exploited its payment system running on a vulnerable Log4j version. ONUS provides multiple applications for buying, selling, and managing cryptocurrencies. In an official release, the company stated unknown hackers illicitly accessed and stole certain critical corporate data.

“Through a security hole, a third party was able to gain unauthorized access to and steal certain critical ONUS data,” ONUS said.

Log4j or Log4Shell is a critical vulnerability found in the widely used Apache Log4j Library. The flaw allows hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework.

Log4j Flaw Exploited

The intrusion allegedly exploited the infamous vulnerability in a set of libraries on the ONUS system to penetrate the sandbox server, which contains the organization’s critical data. The flaw enabled attackers to access the data storage system (Amazon S3) and steal some essential data, exposing many users’ data to security risks. The compromised information includes user names, email addresses, phone numbers, addresses, KYC information, encrypted passwords, transaction history, and other encrypted information.

Also Read: Log4j Explained: How It Is Exploited and How to Fix It

Mitigation

While the actors behind the attack are unknown, ONUS stated it had engaged a  cybersecurity experts team to investigate the security incident. The company urged its customers to update their account credentials to prevent further damage immediately.

“To ensure our users’ safety, the ONUS team has actively worked with security experts to find vulnerabilities, thoroughly fix them, and implement additional methods to improve the whole system’s security. We also carried out an upgrade to the asset management and storage system (ONUS Custody). In addition, to limit the risks that may be encountered in the future, please change your ONUS application password,” ONUS added.

Also Read: Scammers Force Victims to Use Crypto ATMs and QR Codes

Crypto Platforms on Hackers’ Radar

Cryptocurrency exchanges and hot wallets continue to become a primary target for threat actors.  Recently, the cryptocurrency trading platform BitMart stated that it had sustained a large-scale security breach that affected its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The attackers reportedly stole cryptocurrencies worth over $150 Mn. Blockchain security and data analytics firm PeckShield claimed that the estimated loss would be around $200 Mn.

The post Hackers Exploit Log4j Flaw to Hijack Crypto Platform ONUS appeared first on CISO MAG | Cyber Security Magazine.

Article: Hackers Exploit Log4j Flaw to Hijack Crypto Platform ONUS - published almost 3 years ago.

https://cisomag.eccouncil.org/hackers-exploit-log4j-flaw-to-hijack-crypto-platform-onus/   
Published: 2021 12 30 14:11:29
Received: 2021 12 30 14:26:16
Feed: Ciso Mag - All
Source: CISO Mag
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor