The maxMint check should be cumulatively applied to ensure it's effectiveness

Lines of code Vulnerability details Impact Circumvention of the maximum minting restriction, since all a receiver need to do is not specify the whole amount of tokens in one attempt and then claim more than the maximum amount Proof of Concept Take a look at LiquidityPool.solL145-L157 /// @notice...

MAL-2023-7909 Malicious code in discord.js-selfbot-v14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3528a4508610b7617935e551ba3910b26524b8d515354d49c10f939bd73c3ae9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MTE As Implemented, Part 3: The Kernel

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...

Generative AI Assistant Makes Hunting Threats Faster

Learn how analysts can search for threats with greater accuracy, speed, and effectiveness...

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do...

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do...

When is it time for a cyber hygiene audit?

Cyber hygiene is crucial for keeping your organization safe by limiting security breaches, threats against your IT infrastructure, and more. Read on to learn more about what makes up cyber hygiene, and how to audit its effectiveness...

Executive Webinar: Confronting Security Fears to Control Cyber Risk

Last week, Rapid7 presented part one of a webinar called “Confronting Security Fears to Control Cyber Risk”. The webinar, which is available on demand, focused on cybersecurity simplicity and why everyone associated with your organization must develop a cybersecurity mindset. To do so, CISOs must...

CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

Careful Workload Placement Can Create Cloud Cost Savings

Optimizing the cost-effectiveness of cloud infrastructure requires the careful placement of workloads in the environments best suited to their execution...

A Simple Formula for Getting Your IT Security Budget Approved

Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the...

Malicious code in zagqckhvirtmwfun (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa12d3122e6768f881d68f6dd88ef5c6f3f6c4bc16be26e272af173ccc6cf180 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ozone-logic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61273f0e3e25cf967a6986776763dba552b707f820eb9e7c57d7cc02b5b6af39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The Limits of Cyber Operations in Wartime

Interesting paper by Lennart Maschmeyer: "The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations": Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utili...

Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7

The Rapid7 InsightConnect Extension library is getting bigger! We’ve teamed up with IT operations platform, Automox, to release a new plugin and technology alliance that closes the aperture of attack for vulnerability findings and automates remediation. Using the Automox Plugin for Rapid7...

CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

Ineffective Whitelist

Lines of code Vulnerability details Creating profiles through LensHub.createProfile requires the caller to be whitelisted. function validateCallerIsWhitelistedProfileCreator internal view if !profileCreatorWhitelistedmsg.sender revert Errors.ProfileCreatorNotWhitelisted; However, a single...

The Forecast Is Flipped: How Rapid7 Is Flipping L&D for the Future of Work

The last 2 years have turned the world on its head, and now, companies across the globe are transitioning into a new normal. In this hybrid world, employee engagement is a moving target, the market is more competitive, and historical face-to-face teaching practices are no longer viable. Rapid7’s...

Unclear TwapOracle.consult algorithm

Handle cmichel Vulnerability details The TWAPOracle.consult function is unclear to the auditor. It seems to iterate through all registered pairs that share the token parameter USDV or VADER and then sums up the foreign token pair per token price. And divides this sum sumNative by the summed-up US...

Employees Make Best Frontline Phishing Defense

The cybersecurity good news and bad news about phishing attacks is employees can be an enterprise’s weakest link or strongest first line of defense. Yes, we are talking about inboxes, human nature and the increasingly sophisticated number of phishing attacks. The Federal Bureau of Investigation...