Ted Chiang on the Risks of AI

Ted Chiang has an excellent essay in the New Yorker: "Will A.I. Become the New McKinsey?" The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meaning...

An attacker whose a 3% shareholder can wipe-out all the tokens of anyone using a flash-loan

Lines of code Vulnerability details Impact A 3% votes holder can wipe the equity of any other holder using the restructureCapTable function. Proof of Concept 1. a Be a 3% votes holder or have helpers that together have 3% 2. b Reduce the equity to be less than MINIMUMEQUITY This could be done by...

SEC cyber risk management rule—a security and compliance opportunity

In my practice as a Microsoft Global Black Belt, I focus on the technical and business enablement aspects of protecting organizations from cyber threats with tools like Microsoft 365 Defender, Microsoft Purview and Microsoft Sentinel. In my role as a board member for another publicly traded...

IT security: An opportunity to raise corporate governance scores

What is a corporate governance score? Corporate governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. If we want to enlist the support of a stakeholder, we have to talk about the things that are important to them. Sales revenue is...

IT security: An opportunity to raise corporate governance scores

What is a corporate governance score? Corporate governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. If we want to enlist the support of a stakeholder, we have to talk about the things that are important to them. Sales revenue is...

Transitioning to a Risk-based Approach to Cybersecurity

For todays CISOs, managing cyber risk is Job 1, and its a full-time concern. This was communicated loud and clear when Qualys recently hosted several CISOs and cybersecurity executives from our global enterprise customer base at our Strategic Advisory Board meeting in London. Their teams are...

Does not check uniqueness of ShareHolder

Handle hack3r-0m Vulnerability details does not check if there is already a shareholder before creating a new shareholder. this will cause an issue in findShareHolder since it will return the first shareholder in the array while there are more than one. --- The text was updated successfully, but...

FeeSplitter: No sanity check to prevent shareholder from being added twice.

Handle GreyArt Vulnerability details Impact It is possible for duplicate shareholders to be added. These shareholders will get more than intended when sendFee is called. Recommended Mitigation Steps Ensure that the accounts array is sorted in setShareholders. for uint256 i = 0; i 0 requireaccount...

Free BrewDog beer with a side order of shareholder PII?

TL;DR BrewDog exposed the details of over 200,000 ‘Equity for Punks’ shareholders for over 18 months plus many more customers Every mobile app user was given the same hard coded API Bearer Token, rendering request authorisation useless It was therefore trivial for any user to access any other...

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. "This work indicates that an Advanced Persistent Threat APT actor, likely Russian in origin, is responsible for most ...

Command Execution Vulnerability in Yimin Trader Zhiying

Founded in 2005, Yimin Co., Ltd. provides customers with three major businesses, namely, securities assisted decision-making software, investor education, and investment consulting, and is committed to improving the profitability of its users. Tencent is the second largest shareholder of the...

Investors Application Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Shareholder Investor Relations. A remote attacker can manipulate client requests to obtain a user's session...

Nasdaq to Use Bitcoin-style Blockchain to Record Shareholder Votes

The Nasdaq stock exchange and the Republic of Estonia have announced the use of Blockchain-based technology to allow shareholders of companies to e-vote in shareholder meetings even when they're abroad, according to Nasdaq's press release. Global stock market giant is developing an electronic...

Investors Application - Client Side Cross Site Vulnerability

Document Title: =============== Investors Application - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1540 Facebook Security ID: 246414938 Release Date: ============= 2016-02-12 Vulnerability Laboratory ID VL-ID:...

Investors Application - Client Side Cross Site Vulnerability

Document Title: =============== Investors Application - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1540 Facebook Security ID: 246414938 Release Date: ============= 2016-02-12 Vulnerability Laboratory ID VL-ID:...