Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from a flaw in the design of the email sending API, which could lead to an attacker sending unsolicited emails to anyone on behalf of the...

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. A security vulnerability exists in Bluspark BLUVOYIX that stems from the exposure of sensitive internal API documentation, which could lead to an attacker abusing internal functionality to compromise the...

What is DevSecOps and Why is it Essential for Secure Software Delivery?

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle either right before or after a service is deployed, the ensuing process of compiling and fixing vulnerabilities creates massive...

Cybercrime (and Security) Predictions for 2023

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and...

Scribe Platform: End-to-end Software Supply Chain Security

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they...

No Damsels in Distress: How Media and Entertainment Companies Can Secure Data and Content

Streaming is king in the media and entertainment industry. According to the Motion Picture Association’s Theatrical and Home Entertainment Market Environment Report, the global number of streaming subscribers grew to 1.3 billion in 2021. Consumer demand for immediate digital delivery is...

What Are Shadow IDs, and How Are They Crucial in 2022?

Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shado...

Securing the software supply chain, with Kim Lewandowski: Lock and Code S03E13

At the start of the global coronavirus pandemic, nearly everyone was forced to learn about the "supply chain." Immediate stockpiling by an alarmed and from a smaller share, opportunistic public led to an almost overnight disappearance of hand sanitizer, bottled water, toilet paper, and face masks...

The New Frontier of Enterprise Risk: Nth Parties

By Ran Nahmias, Co-Founder and CBO, Cyberpion The concept of risk in enterprise IT is constantly evolving. And considering recent findings, it’s clear that there’s a risk frontier that’s been underestimated – Nth party risk. Traditional enterprise risk management has focused on two domains:...

BTC2X has an unspecified vulnerability

BTC2X B2X is an application. The smart contract implements its own functionality, a tradable Ether ERC20 token with unprotected ownership, which allows anyone to become the owner of the contract, including the recipient. there is a security vulnerability in BTC2X that could be exploited by an...

CVE-2021-34273

A security flaw in the 'owned' function of a smart contract implementation for BTC2X B2X, a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets...

CVE-2021-34272

A security flaw in the 'owned' function of a smart contract implementation for RobotCoin RBTC, a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets...

Security feature bypass

A security flaw in the 'owned' function of a smart contract implementation for RobotCoin RBTC, a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets...

Security feature bypass

A security flaw in the 'owned' function of a smart contract implementation for BTC2X B2X, a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets...

CVE-2021-34273

A security flaw in the 'owned' function of a smart contract implementation for BTC2X B2X, a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets...

CVE-2021-34273

The CVE-2021-34273 entry describes a vulnerability in BTC2X (B2X), a tradable Ethereum ERC20 token. The issue is in the smart contract’s owned function, tied to “unprotected ownership,” which can enable an attacker to hijack a victim’s account and arbitrarily increase the token supply. Several so...

CVE-2021-34272

The CVE-2021-34272 entry concerns RobotCoin (RBTC), a tradeable Ethereum ERC20 token implemented via a smart contract. The vulnerability is in the contract’s owned function, described as enabling attackers to hijack victim accounts and arbitrarily increase the token’s digital supply. The connecte...

Rooster Teeth Attack Showcases New Magecart Approach

The online store for the Rooster Teeth video-streaming service has been hit with a malicious web redirect attack by Magecart, which allowed the cybercriminals to harvest users’ payment-card details. The attack marks a slight departure from the group’s typical tactics. Rooster Teeth, which offers...

Overview of the Marsh-Microsoft 2019 Global Cyber Risk Perception survey results

Technology is dramatically transforming the global business environment, with continual advances in areas ranging from artificial intelligence AI and the Internet of Things IoT to data availability and blockchain. The speed at which digital technologies evolve and disrupt traditional business...

Save Time by Streamlining Vendor Risk Assessments in the Cloud

As your organization enthusiastically adopts cloud and mobile services from multiple new vendors, are your already-busy security and compliance teams scrambling to assess the risks of using these new providers’ products? Are you still using a manual process for conducting these vendor evaluations...