In this post, we’re going to learn how Foundry can be used to write a proof of concept (PoC) for uninitialized smart contract vulnerabilities. We will take a look at and exploit a simple uninitialized smart contract vulnerability we found in BadgerDAO. If you are familiar with this type of vulnerability, jump straight to the Foundry PoC section. You can also find the PoC code on this GitHub repository.

Healthcare cyberattacks are increasing in “frequency, severity and sophistication,” said Nitin Natarajan, U.S. Cybersecurity and Infrastructure Security Agency (CISA) deputy director, in his recent HIMSS23 Healthcare Cybersecurity Forum keynote. Attacks on hospitals have surged by 86% since 2021, with the average healthcare organization experiencing two or more ransomware attacks in the past year. “And this is going to continue to increase,” Natarajan warned.

In today’s Trust Issues episode, Dusty Anderson, a managing director of Global Digital Identity at the consulting firm Protiviti, digs into all things DevSecOps and cautions against a one-size-fits-all approach. In conversation with host David Puner, Anderson emphasizes the significance of strategic planning and well-defined goals – demonstrating how bite-sized steps can add up to major security wins and bottom-line benefits over time.

Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted this approach. However, intermittent encryption is flawed. In this blog post, I will introduce White Phoenix, a tool my team built that takes advantage of the fact that those files aren’t entirely encrypted and can, in the right circumstances, salvage some content from the unencrypted parts of the files.

The need for strong identity security protocols for humans has been a given for years. Your organization likely has multiple layers of controls to ensure that access to sensitive assets is limited to those that need it. But a certain large, global (well…multi-global) organization that comes to mind on this May the Fourth also had layers of human identity controls that adhered to the principles of least privilege.

In the previous post (Part 1), we covered several rootkit technique implementations. Now we will focus on kernel rootkit analysis, looking at two case studies of rootkits found in the wild: Husky Rootkit and Mingloa/CopperStealer Rootkit.Through these case studies, we’ll share our insights about rootkit analysis techniques and methodology.

The people closest to your business can sometimes cause the most damage. Yet while top-secret data leaks are headline news today, most insider threats are well-intentioned people who just screw up.

In recent years, several major cyberattacks targeted critical infrastructure in Australia, including a major telecommunication company, which suffered a devastating data breach in September 2022. Soon after this cyberattack, Australia’s biggest health insurer also faced a ransomware attack in October 2022 that caused systems to go down. Customers could not access services through the company’s website or app.

Andy Thompson, Offensive Security Research Evangelist at CyberArk Labs, returns to Trust Issues for a dive with host David Puner into the latest developments in the world of ransomware. With ransomware events on the rise, Thompson sheds light on the alarming trend of data exfiltration and double extortion. But what’s causing this surge? Thompson connects the dots between the rise of digital identities and the increasing frequency of ransomware attacks.