New insights on cybersecurity in the age of hybrid work

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the mo...

Defending Assets You Don’t Know About Against Cyberattacks

Back in the 90s, we all used to build massive firewalls around our systems and spent our day-to-day resources looking for holes to patch. In theory, an impenetrable wall around everything you own is a great idea, because it protects even the things you’ve forgotten about. However, if a wall is yo...

4 Simple Steps for an Effective Threat Intelligence Program

Threat intelligence is a critical part of an organization's cybersecurity strategy, but given how quickly the state of cybersecurity evolves, is the traditional model still relevant? Whether you're a cybersecurity expert or someone who's looking to build a threat intelligence program from the...

US Navy ship Facebook page hijacked to stream video games

The official Facebook page of the US Navy’s destroyer-class warship, USS Kidd, has been hijacked. According to Task & Purpose, who first reported on the incident, the account has done nothing but stream Age of Empires, an award-winning, history-based real-time strategy RTS video game wherein...

How to help your DevOps teams become integral to your cybersecurity strategy

What happens when an unstoppable force meets an immovable object? It’s a classic paradox, but anyone who has witnessed the relationship between SecOps and DevOps teams in any enterprise may have an inkling of how that might unfold. There is nothing new about the contentious relationship between...

[eBook] Your First 90 Days as CISO — 9 Steps to Success

Chief Information Security Officers CISOs are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste,...

_harvest and _swap

Handle tensors Vulnerability details Impact The minimum amount out on the implemented harvest and swap methods means that attackers can manipulate the price with flashloans/frontrun before calling harvest to actually force the output to be small, pocketing the difference for themselves when they...

Controller.setCap sets wrong vault balance

Handle cmichel Vulnerability details The Controller.setCap function sets a cap for a strategy and withdraws any excess amounts diff. The vault balance is decreased by the entire strategy balance instead of by this diff: // @audit why not sub diff? vaultDetailsvault.balance =...

Controller.withdraw(...) User may lose funds when withdraw wantToken from the underlying contract

Handle WatchPug Vulnerability details The wantToken of the strategy may be different from the token argument of Controller.withdrawaddress token, uint256 amount according to code at line 469-474 of Controller.sol. if want != token address converter = vaultDetailsmsg.sender.converter;...

Vault may not have enough tokens for withdraw

Handle 0xRajeev Vulnerability details Impact There is an assumption in LegacyController.vault that the vault will have enough tokens0 to cover the balance difference. If not, the user may receive less than amount requested and balance funds get lost/locked unless the vault withdraws from the...

Incorrect access control on Harvester add/remove strategy functions

Handle 0xRajeev Vulnerability details Impact The documentation comments indicate that addStrategy and removeStrategy are gov/strategist only functions which is true for setHarvester and setSlippage but add/remove strategy have the incorrect onlyController modifier instead of onlyStrategist. Proof...

Reordering of strategies on Controller does not reorder strategies in Harvester

Handle itsmeSTYJ Vulnerability details Impact The harvester might harvest the wrong strategy because the array of strategies that it stored in its storage is not in the same order as the one stored in the controller. Recommended Mitigation Steps Add a similar reorder strategy function in...

Controller transfer extra token on withdrawing tokens

Handle jonah1005 Vulnerability details Impact The Controlle�r's function withdrawaddress token, uint256 amount should return whatever amount of the token user/vault asks. However, it tries to withdraw strategy.want token and convert it. Take for example, when a user/vault calls withdrawdai, 100,...

set cap breaks vault's Balance

Handle jonah1005 Vulnerability details Impact In controller.sol's function setCap, the contract wrongly handles vaultDetailsvault.balance. While the balance should be decreased by the difference of strategies balance, it subtracts the remaining balance of the strategy. Controller.solL262-L278...

This Week in Security News - September 10, 2021

Biden announces cybersecurity initiative partnership, US Government seeks public feedback on draft federal zero trust strategy and more...

Lift and drag: confronting complacency and disrupting inertia in cybersecurity strategy

Within corporate cybersecurity, resistance presents in a variety of forms. Individuals and institutions alike often face overwhelming peer pressure to "keep doing what made us successful in the past." In the face of that pressure, it can be difficult to generate or sustain momentum toward...

What Is Zero Trust and Why Does It Matter?

There has been a lot of discussion around Zero Trust recently—is it a solution? A strategy? A pipe dream? Eric Skinner from Trend Micro gets real about Zero Trust and explains what it really is, and how organizations can use it to be more resilient...

NVIDIA GPU Display Drivers - July 2021 - Lenovo Support US

No description provided...

NVIDIA GeForce Experience - June 2021 - Lenovo Support US

No description provided...

jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

A flaw was found in Jenkins Matrix Authorization Strategy Plugin. The jenkins plugin does not correctly perform permission checks, as consequences this allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. The highest...