It appears popular cryptocurrency Monero , often praised for its privacy functions , was riddled with security vulnerabilities – one of which allowed hackers to steal coins directly from the wallets of exchange desks . Utilizing old-fashioned social engineering , inventive hackers could forge Attack.Phishing transaction data and use it to trick Attack.Phishing support staff into crediting their account manually with extra XMR . By simply copying a line of code from Monero ’ s wallet – which is open-sourced and accessible to everyone – the attackers could manipulate the amounts shown by the wallet when facilitating transactions between addresses . The good thing is that the flaw has since been patched Vulnerability-related.PatchVulnerability ( in Monero at least , it is not entirely clear if this is the case for other Monero-based coins ) . The more concerning part is that it is only one out of six vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability by Monero in the last 24 hours alone , according to information from its HackerOne bug bounty program . Other bugs included a Denial of Service attack vector that could ’ ve been abused to clog the Monero blockchain and a Python script exploit that made it possible to take down active nodes on the network . Just like the wallet flaw , all of these vulnerabilities have already been fixed Vulnerability-related.PatchVulnerability . This is not the first time researchers have found Vulnerability-related.DiscoverVulnerability kinks in the anonymous cryptocurrency ’ s code – but to Monero ’ s credit , its dev team has always made sure to address Vulnerability-related.PatchVulnerability such concerns appropriately . It ’ s no surprise that bug bounties are really becoming an industry standard , considering considering how much damage they can prevent . Recently $ 24,000 was claimed in one week across four different blockchain projects . Apparently , probing EOS is even more profitable : one hacker got paid $ 80,000 in one day for identifying critical bugs in its code . Update August 3 , 09:15 AM UTC : Monero project lead Riccardo Spagni , better known under the pseudonym ‘ fluffypony , ’ has since addressed Vulnerability-related.PatchVulnerability the vulnerability disclosures Vulnerability-related.DiscoverVulnerability in an email to Hard Fork . Spagni highlighted Vulnerability-related.DiscoverVulnerability that although the bugs were made public Vulnerability-related.DiscoverVulnerability yesterday , they were discovered Vulnerability-related.DiscoverVulnerability – separately – over the span of several months . “ The [ wallet ] vulnerability was introduced Vulnerability-related.DiscoverVulnerability by the sub-address functionality , so it ’ s relatively new , ” Spagni told Vulnerability-related.DiscoverVulnerability Hard Fork .

Microsoft releases Vulnerability-related.PatchVulnerability Intel 's microcode updates , including one to address Vulnerability-related.PatchVulnerability the recently revealed Foreshadow flaw . Microsoft has released Vulnerability-related.PatchVulnerability a set of new microcode patches from Intel that address Vulnerability-related.PatchVulnerability Spectre vulnerabilities , as well as the recently disclosed Foreshadow attacks . The updates are available Vulnerability-related.PatchVulnerability for all supported versions of Windows 10 and Windows Server . As noted on the support page for Windows 10 version 1803 , the microcode updates include mitigations for Spectre Variant 3a , CVE-2018-3640 , Spectre Variant 4 , CVE-2018-3639 , as well as two of the Foreshadow bugs , CVE-2018-3615 and CVE-2018-3646 , which are also known as Vulnerability-related.DiscoverVulnerability L1TF or 'L1 Terminal Fault ' . As Microsoft recently highlighted Vulnerability-related.DiscoverVulnerability , Windows machines with affected Intel CPUs will need microcode as well as software patches to mitigate Vulnerability-related.PatchVulnerability the Foreshadow attacks . Microsoft began helping Intel deliver Vulnerability-related.PatchVulnerability its microcode updates after Intel first started addressing Vulnerability-related.PatchVulnerability the Meltdown and Spectre CPU flaws in January . The microcode updates help mitigate Vulnerability-related.PatchVulnerability Spectre Variant 2 , CVE-2017-5715 . Foreshadow includes CVE-2018-3615 , which affects Vulnerability-related.DiscoverVulnerability Intel 's Software Guard Extensions ( SGX ) enclaves , while CVE-2018-3620 affects Vulnerability-related.DiscoverVulnerability operating systems and System Management Mode ( SMM ) memory . CVE-2018-3646 impacts Vulnerability-related.DiscoverVulnerability virtualization . Microsoft made Vulnerability-related.PatchVulnerability the updates , all dated 8/20/2018 , available Vulnerability-related.PatchVulnerability on the Microsoft Update Catalog this week .

Researchers have discovered Vulnerability-related.DiscoverVulnerability some serious security flaws threatening Linux . These vulnerabilities exist in Vulnerability-related.DiscoverVulnerability Linux systemd component . According to the researchers , the vulnerabilities pose a risk to all systemd-based Linux distros . Allegedly , researchers at Qualys have disclosed Vulnerability-related.DiscoverVulnerability some bugs targeting the Linux systemd component . Systemd provides the core building blocks for Linux and handles major processes after booting . As revealed Vulnerability-related.DiscoverVulnerability , three vulnerabilities have targeted the systemd-journald , which is responsible for data collection and log storage . The vulnerabilities let an attacker gain root privileges on the target device . The researchers state Vulnerability-related.DiscoverVulnerability that these vulnerabilities threaten all Linux distros based on systemd except a few . As stated in their report , “ To the best of our knowledge , all systemd-based Linux distributions are vulnerable Vulnerability-related.DiscoverVulnerability , but SUSE Linux Enterprise 15 , openSUSE Leap 15.0 , and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC ’ s -fstack-clash-protection. ” The three bugs include two different memory corruption flaws ( CVE-2018-16864 and CVE-2018-16865 ) , and an out-of-bounds flaw ( CVE-2018-16866 ) . At first , the researchers accidentally discovered Vulnerability-related.DiscoverVulnerability CVE-2018-16864 while working on an exploit for a previously disclosed vulnerability , Mutagen Astronomy . Then , when they were busy on its PoC , they spotted Vulnerability-related.DiscoverVulnerability the other two bugs . “ We developed Vulnerability-related.DiscoverVulnerability a proof of concept for CVE-2018-16864 that gains eip control on i386… We developed Vulnerability-related.DiscoverVulnerability an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64 , on average. ” Interestingly , the bugs had been around for quite a few years . For now , Red Hat has patched Vulnerability-related.PatchVulnerability the bugs CVE-2018-16864 and CVE-2018-16865 . Whereas , Debian has fixed Vulnerability-related.PatchVulnerability CVE-2018-16866 in the unstable systemd 240-1 release . Other distros will also supposedly release Vulnerability-related.PatchVulnerability the fixes soon . In November 2018 , a Google researcher also highlighted Vulnerability-related.DiscoverVulnerability a critical flaw in Systemd that induced system crashes and hacks .