The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the...
Morpho Blue is a lending protocol that took security extremely serious from the ground up. So, their perspective on how to make a protocol unhackable is truly interesting. For their security...
The Ethereum Virtual Machine (EVM) has EIPs for various large or VM breaking changing. At some specific point, these changes are made to the VM and are there until some other change is made. When...
Wiz found two critical security risks that were present in Hugging Face’s environment:Specifically, Wiz Research showed that an attacker targeting Hugging Face could have achieved the...
We explore assessment, prevention, and detection strategies for protecting your organization from the XZ Utils vulnerability.
Those who have worked in our industry for a certain amount of time will be acutely aware that executives often encounter information security media articles and flag them to their teams. This is...
At hacker congress this year, some of the folks found a vulnerability in the check in kiosk. Shocker! When checking in at the hotel terminal, the lookup function required an alphanumeric booking...
Cryptographic signatures are super useful in Ethereum Solidity smart contracts for proving that a user approves an action. However, it'd be nice to do this for smart contracts but there is no key....
Outage occurs on same day as special election, but election offices remain open.
Authored by Anuradha and Preksha Introduction PikaBot is a malicious backdoor that has been active since early 2023. Its modular... The post Distinctive Campaign Evolution of Pikabot Malware...
Wiz practices what it preaches. Let’s look at how the security team at Wiz uses the power of the Wiz platform to monitor all its cloud-based infrastructure and services.
KubeCon Europe is the largest open source community conference in Europe with hundreds of talks, many of them about security. All the sessions are available online; in this blog, we’ll discuss our...
An overview of reports of APT and financial attacks on industrial enterprises, as well as related activities of groups that have been observed attacking industrial organizations and critical...
Recently, there was a bypass in DOMPurify when it's used to sanitize XML documents. Since bugs come in pairs, the author looked and found two more variants of the bug in the codebase. For context,...
In April 2020, Microsoft acquired Affirmed Networks. Sometime prior to that, Storm-0558 likely gained access to a device used by one of the company’s engineer, and retained that access following...
April 1, 2024 According to detection statistics collected by the Dr.Web for Android anti-virus, February 2024 saw a significant increase in Android.HiddenAds trojan family activity―it was up...
April 1, 2024 An analysis of Dr.Web anti-virus detection statistics for February 2024 revealed a 1.26% increase in the total number of threats detected, compared to January. At the same time, the...
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic,...
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.
The staking module is at the core of the Cosmos SDK ecosystem. If the security of this can be broken, then all is lost. The economic security of the Cosmos SDK relies on four related concepts:...
March 29, 2024 An analysis of Dr.Web anti-virus detection statistics for January 2024 revealed a 95.66% increase in the total number of threats detected, compared to December 2023. At the same...
March 29, 2024 According to detection statistics collected by the Dr.Web for Android anti-virus, in January 2024, users were most likely to encounter Android.HiddenAds trojan applications; these...
This is part 3 of a series about IBC (interblockchain communication) token rate limiting. They have a nice dashboard that shows all of the rate limits on Osmosis. In this article, they attempt to...
A backdoor has been identified in versions 5.6.0 and 5.6.1 of XZ Utils (assigned CVE-2024-3094), which under some conditions may allow SSH authentication bypass in specific versions of certain...
Wiz SPM for version control systems helps you find and fix risks in your GitHub instance.
While social engineering attacks such as phishing are a great way to gain a foothold in a target environment, direct attacks against externally exploitable services are continuing to make...
Written by: Andrew Oliveau Over the last several years, the security community has witnessed an uptick in System Center Configuration Manager (SCCM)-related attacks. From extracting network access...
Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny...
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely...
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely...