On August 8, 2023, the.NET community was informed that the testing library called Moq exfiltrates developer's emails from their development machine and sends them off to third-party remote servers. Snyk has already published a security advisory and will alert developers who scan and monitor their.NET projects with Snyk.

Where do vulnerabilities fit with respect to security standards and guidelines? Was it a coverage issue or an interpretation and implementation issue? Where does a product, environment, organization, or business vertical fail the most in terms of standards requirements? These questions are usually left unanswered because of the gap between standards or regulations on the one hand, and requirements interpretation and implementation, on the other.

The Fireblocks cryptography research team has uncovered BitForge – a series of zero-day vulnerabilities in some of the most widely adopted implementations of multi-party computation (MPC) protocols, including GG-18, GG-20, and Lindell17.

This vulnerability allows an attacker to extract a full private key from a wallet implementing Lindell17 2PC protocol, by extracting a single bit in every signature attempt (256 in total). Coinbase WaaS, Zengo and other libraries have been patched.

This newfound vulnerability allows an attacker to extract a full private key from any wallet using the GG18 and GG20 protocols. More than 10 wallets and libraries have been found vulnerable, including Binance custody.

The SafeBreach Labs team is committed to conducting original research to uncover new threats and ensure our Hacker’s Playbook provides the most comprehensive collection of attacks. As part of our recent research efforts, we discovered a vulnerability in the Windows Defender update process that could effectively allow an unprivileged user to take full control of the Windows Defender tool and leverage it for future malicious activities.

Organizations modernizing applications in the cloud find themselves drowning in vulnerabilities. There are too many alerts and not enough time to address them all. Sysdig and Checkmarx announced a partnership today focused on solving this problem.

Ivanti has warned users of its Endpoint Manager Mobile (EPMM) mobile device management (MDM) platform, urging immediate actions to address two vulnerabilities – including a zero-day exploit. These vulnerabilities can potentially be exploited by an unauthorized attacker, leading to unauthorized access to sensitive data and the execution of malicious actions on the affected system.

As the partnership between Snyk and GitGuardian continues to grow, we’ve collaborated on a new cheat sheet that identifies key security considerations and tools that can help you mitigate risks and protect your code. The journey from code to cloud and back to code necessitates a holistic approach to security.