Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CentOS 7 has been a popular choice for many businesses and developers due to its stability, robustness, and compatibility with enterprise-level applications. According to W3Techs, CentOS is used by 2.8% of all the websites whose operating system is known. However, as announced on the official CentOS blog, the end of life (EOL) for CentOS 7 is fast approaching. This means that after June 30, 2024, CentOS 7 will no longer receive official support, updates, or security patches.

Incorporating security into the software development lifecycle helps ensure the creation of secure and robust software applications from the very beginning. To further evolve our security offerings in the developer community, we announced our partnership with Atlassian to introduce Snyk Security in Jira Cloud as a part of the Security in Jira launch in June. Snyk started gradually rolling out the Jira Security App and has significantly improved the functionality and features available to users.

On August 8, 2023, the.NET community was informed that the testing library called Moq exfiltrates developer's emails from their development machine and sends them off to third-party remote servers. Snyk has already published a security advisory and will alert developers who scan and monitor their.NET projects with Snyk.

Where do vulnerabilities fit with respect to security standards and guidelines? Was it a coverage issue or an interpretation and implementation issue? Where does a product, environment, organization, or business vertical fail the most in terms of standards requirements? These questions are usually left unanswered because of the gap between standards or regulations on the one hand, and requirements interpretation and implementation, on the other.

The Fireblocks cryptography research team has uncovered BitForge – a series of zero-day vulnerabilities in some of the most widely adopted implementations of multi-party computation (MPC) protocols, including GG-18, GG-20, and Lindell17.

This vulnerability allows an attacker to extract a full private key from a wallet implementing Lindell17 2PC protocol, by extracting a single bit in every signature attempt (256 in total). Coinbase WaaS, Zengo and other libraries have been patched.

This newfound vulnerability allows an attacker to extract a full private key from any wallet using the GG18 and GG20 protocols. More than 10 wallets and libraries have been found vulnerable, including Binance custody.

The SafeBreach Labs team is committed to conducting original research to uncover new threats and ensure our Hacker’s Playbook provides the most comprehensive collection of attacks. As part of our recent research efforts, we discovered a vulnerability in the Windows Defender update process that could effectively allow an unprivileged user to take full control of the Windows Defender tool and leverage it for future malicious activities.

The state of cybersecurity is in constant flux — meaning we must constantly iterate and revisit our systems to protect ourselves. With security logging and monitoring failures moving up to number 9 of the OWASP Top 10, organizations everywhere are revisiting their stance on network and application monitoring. This is great for getting a pulse check on security posture and is certainly key in any good strategy, but we might be forgetting something — IoT devices.