Malicious actors could exploit a now-addressed vulnerable in the Rarible NFT marketplace to take over accounts and steal cryptocurrency assets, reports The Hacker News.
Check Point researchers revealed that users could be lured into clicking malicious NFTs to gain cryptocurrency wallet control and exfiltrate funds.
"There is still a huge gap between, in terms of security, between Web2 and Web3 infrastructure. Any small vulnerability can possibly allow cybercriminals to hijack crypto wallets behind the scenes. We are still in a state where marketplaces that combine Web3 protocols are lacking from a security perspective. The implications following a crypto hack can be extreme," said Check Point Products Vulnerabilities Research Head Oded Vanunu.
Meanwhile, Rarible said that only users who leave the site for a malicious third-party and use their wallets to sign suggested transactions could be impacted by the bug.
"Simply clicking the link is not enough and user interaction and confirmation for transactions is required. We encourage users to stay vigilant, and pay attention to the websites they visit and transactions they sign to stay safe," Rarible said.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.