SIG Lite Questionnaire

The SIG Lite Questionnaire is now available as a part of UpGuard’s questionnaire library! We’ve partnered with Shared Assessments to offer this leading security framework to help businesses identify, assess, and mitigate cyber risk in their third-party vendors. SIG Lite is one of the most popular questionnaires for assessing vendors and covers a wide range of IT security and risk management topics, including data privacy, network security, and vulnerability management!

Fireblocks researchers uncover first Account Abstraction wallet vulnerability

The Fireblocks research team recently uncovered an ERC-4337 Account Abstraction vulnerability in the smart contract wallet UniPass. Fireblocks worked with UniPass to fully mitigate the vulnerability, which was found in hundreds of mainnet wallets in a whitehat operation. All funds are now safe and accounted for.

Skeleton Keys and Local Admin Passwords: A Cautionary Tale

Picture yourself immersed in your favorite mystery novel, eagerly flipping through the pages as the suspense thickens. You’re enthralled, engrossed in the story of a hotel burglar with an uncanny ability to sneak into guest rooms without leaving telltale signs of break-ins or lock-picking. As you read on, you’re captivated – and stumped – by how this elusive bad actor can deftly close the doors behind them, leaving no clues.

A Deep Dive Into Cloud Security Assessments

Cloud platforms offer unparalleled scalability, flexibility, and cost-efficiency. However, the convenience and advantages of the cloud are accompanied by significant security challenges. Hackers are constantly trying to exploit weak cloud configuration settings, which is why it’s important to have visibility into the security of your organization’s cloud infrastructure.

Amazon-themed PDF Phishing, Abusing LinkedIn and Twitter, Targets Microsoft Live Outlook Users

In August 2023, Netskope Threat Labs highlighted an increase in downloads of PDF phishing attachments in Microsoft Live Outlook, caused by a series of phishing campaigns targeting users of the email service. We took a closer look and found that these campaigns are mostly Amazon-themed scams with a few Apple and IRS-themed phishing attempts sprinkled throughout. Just like in our previously reported phishing blog posts, attackers are abusing free services in these campaigns.

DC Board of Elections breach: Voter data is now online and up for sale

Earlier this month, the District of Columbia Board of Elections (DCBOE) warned that a threat actor may have gained access to the personal information of their registered voters. This would include personally identifiable information (PII) such as contact details, partial social security numbers, dates of birth, and driver’s license numbers. In an X post on Friday 20th October, the agency was keen to stress that it was only a possibility the voter roll had been accessed.

Detecting Network-Based Anomalies with Calico

In the vast digital landscape, the flow of data across networks is akin to water coursing through a city’s plumbing system. Just as impurities in water can signal potential issues, deviations in network traffic, termed as network inserted anomalies, can hint at cyber threats. These anomalies range from overt signs like unauthorized access attempts to subtler indicators like unusual data transfer patterns.