Fireblocks researchers uncover first Account Abstraction wallet vulnerability

The Fireblocks research team recently uncovered an ERC-4337 Account Abstraction vulnerability in the smart contract wallet UniPass. Fireblocks worked with UniPass to fully mitigate the vulnerability, which was found in hundreds of mainnet wallets in a whitehat operation. All funds are now safe and accounted for.

Skeleton Keys and Local Admin Passwords: A Cautionary Tale

Picture yourself immersed in your favorite mystery novel, eagerly flipping through the pages as the suspense thickens. You’re enthralled, engrossed in the story of a hotel burglar with an uncanny ability to sneak into guest rooms without leaving telltale signs of break-ins or lock-picking. As you read on, you’re captivated – and stumped – by how this elusive bad actor can deftly close the doors behind them, leaving no clues.

A Deep Dive Into Cloud Security Assessments

Cloud platforms offer unparalleled scalability, flexibility, and cost-efficiency. However, the convenience and advantages of the cloud are accompanied by significant security challenges. Hackers are constantly trying to exploit weak cloud configuration settings, which is why it’s important to have visibility into the security of your organization’s cloud infrastructure.

Amazon-themed PDF Phishing, Abusing LinkedIn and Twitter, Targets Microsoft Live Outlook Users

In August 2023, Netskope Threat Labs highlighted an increase in downloads of PDF phishing attachments in Microsoft Live Outlook, caused by a series of phishing campaigns targeting users of the email service. We took a closer look and found that these campaigns are mostly Amazon-themed scams with a few Apple and IRS-themed phishing attempts sprinkled throughout. Just like in our previously reported phishing blog posts, attackers are abusing free services in these campaigns.

The Use Of AI In Cybersecurity - Consultants Roundtable || Razorthorn Security

Hello, and welcome to Razorwire. This week, I've had a great time discussing the fascinating topic of artificial intelligence (AI) and its potential impact on our industry, with my esteemed Razorthorn consultants, Tom, Jamie and Michael. We explore the different types of AI, including machine learning and chatbots, and discuss the challenges of achieving a low false positive rate and high general application. You'll gain valuable insights into the evolution of AI and why we MUST take seriously the very real potential for malicious actors to use it for nefarious purposes.

What you should know about VPN audits

The main reasons internet users choose to use a virtual private network (VPN) are to protect their online identity and bypass geo-restrictions. Cybercrime is on the rise and is expected to grow each year – the largest breach of 2023 so far occurred on Twitter. For those who reside in countries where internet freedom is lacking, a VPN is necessary to access certain content, and privacy is crucial. The rise in cybercrime has resulted in increased supply and demand in the VPN market.

[Cybersecurity Awareness Month] Enchantments Against Spear Phishing By Breachatrix le Phish

In the mystical realm of cyberspace, where digital forests hold secrets and virtual owls deliver messages, we find ourselves in a constant dance between magic and deception. Today, KnowBe4's Security Awareness Advocate Anna Collard will unveil the secrets of spear phishing.

Adding Snyk security to Jira and Bitbucket Cloud

In today's world of fast-paced software development, security is not an option — it’s a necessity. Security has become an integral part of the development process rather than a separate concern addressed by a different team once development is complete. Integrating Snyk security into your development workflows is a crucial step toward achieving comprehensive software security.