When most people think about web3 security, they think about smart contracts holding hundreds of millions of dollars of funds. But web3 security is much broader than that. This article explores the intersection between web2 and web3 in NFT marketplaces, and how you can find Cross-Site Scripting (XSS.. read more  

Bridge exploits account for ~50% of all DeFi exploits since September 2020, totaling ~$2.5B in lost assets, according to the Token Terminal. Ever since chain interoperability has become a hot topic, Web3 bridges became a popular target for hackers. This is due to the nature of Web3 projects (open-so.. read more  

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch... read more  

Legion hacker, a commercial malware tool, has widened its scope in targeting cloud services and can now compromise SSH servers and steal additional AWS-specific credentials, according to security firm Cado Security. The tool's main goal is to harvest credentials and store configuration files. Atta.. read more  

Beginning August 2023, Azure storage will begin phased roll out of changes that disables anonymous access and cross tenant replication for all new storage accounts by default, to align with best practices for security and reduce the risk of data exfiltration. Existing storage accounts will not be im.. read more  

GitLab 16 includes more than 55 improvements and new features. Learn about the most notable new technologies in this GitLab platform... read more  

AWS IAM is a magnificent creation. But developers and security professionals continue to face some recurring challenges while dealing with the service. To that end, the author compiled a wishlist of 5 AWS IAM feature requests: - IAM Authorization Debugging - Mapping of API Calls, IAM Permissions, an.. read more  

The article compares Privileged Access Management (PAM) vs Privileged User Management (PUM) approaches to managing privileged access. PAM manages onetime permission while PUM manages permanent access to critical assets and built-in admin accounts. Combining both approaches can enhance protection of .. read more  

This post explores ways to optimize a Kubernetes cluster, including different cluster node tenancy configurations and sandbox solutions. It underlines the importance of considering critical factors such as resource utilization, network topology, and storage requirements, and provides good practices .. read more  

False positives can distract security teams from actual risks and make it harder to prioritize and address issues. Some common causes of false positives include outdated vulnerability data and inaccurate interpretation of configuration data. To mitigate false positives, it's important to keep vuln.. read more