Fireblocks Researchers Uncover BitGo Wallet Vulnerability
The vulnerability would have exposed BitGo wallet user's private key with a simple attack.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
BitGo Wallet Zero Proof Vulnerability: Technical Report
The vulnerability allows an attacker to extract the full ECDSA private key from BitGo Ethereum TSS wallets using a single signature and a few seconds of computation, bypassing all of BitGo security features.
Vulnerabilities page updates: Major improvements to accelerate remediation
We know that most security teams today handle a backlog of thousands of vulnerabilities. We also know that not all of these vulnerabilities pose a significant risk to your organization, whether or not they have a high severity score or are present on a business-critical asset. We’ve spoken with dozens of security teams over the last few months and have learned that filtering vulnerabilities across several factors is critical to accelerating remediation.
API4:2019 - Lack of Resources & Rate Limiting: The What, Sample Exploit, and Prevention Methods
Lack of resources & rate limiting is #4 on the OWASP Top 10 API Security Risks 2019. It is a prevalent API security risk. As per OWASP, rate limiting and resource-related flaws in APIs are quite easy to exploit, especially with automated toolkits and for-hire services. But the exploitation of the lack of resources & rate limiting flaws has severe consequences for the organization. So, what exactly is this security risk, and how do you prevent it?
Patching Vulnerabilities Within 24 hours
The average time of vulnerabilities remain open is 180+ days from the time it is discovered. When it comes to business growth vs security, business always wins, which means vulnerabilities are not patched on time allowing hackers to exploit them. However, most of these can be patched using Virtual patching. That too within 24 hours and ZERO impact to business continuity.
AWS top 10 misconfigurations and how to fix them: A cheat sheet
Amazon Web Services (AWS) remains the dominant cloud provider, with 40.8% of the market share. Many enterprises and organizations today have some, if not most, of their infrastructure on Amazon Web Services. AWS helps organizations accelerate their digital transformations and innovate faster, but there are common misconfigurations when moving to AWS.
New language-specific Snyk Top 10 for open source vulnerabilities
Developers use open source code because it facilitates fast development. In fact, the vast majority of code in modern applications is open source. But just like any other code, open source libraries are open to vulnerabilities that can negatively affect a wide range of end-user products. So with widespread usage of open source, it's important for teams to be aware of the risks that can be hidden in the libraries they use.
How Vulnerability Scanning Can Keep Your Business Safe and Secure
Vulnerability scanning doesn't just alert you to your network's weaknesses. Here's how it can help identify various threats, prevent attacks and mitigate risk.
Examining OpenSSH Sandboxing and Privilege Separation - Attack Surface Analysis
The recent OpenSSH double-free vulnerability – CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms – Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.