blockchain

A HyFi Approach Should be the Answer to DeFi Security
I will be the first to admit to my prior skepticism with regards to cryptocurrencies and other sorts of decentralized finance (DeFi). Having spent most of my career immersed in securing centralized ...
Cloudy Crystal Gazing: Top 5 Cloud Security Predictions for 2022
We're joined by Dr. Michael J. Savoie to discuss the top 5 cloud security trends and predictions to watch in 2022. The post Cloudy Crystal Gazing: Top 5 Cloud Security Predictions for ...

Cybersecurity Considerations for Web3
We’ve begun a major shift in how the internet is structured. Our current Web2, defined by a read/write architecture that, until recently was dominated by a handful of massive technology companies, is ...

Banking’s Digital Future Raises Security Concerns
As the global financial services industry undergoes a seismic shift, disruption is prompting the industry to replace traditional practices, with emphasis on the inevitable digital future banks will have to embrace. In ...

Monero Cryptominer Attack Exploits Exchange Server Flaw
It didn’t take threat actors long to jump on a vulnerability affecting Microsoft Exchange mail server software. While exploits involving an array of malware from ransomware to webshells are well-documented, Sophos researchers ...

Solar: Context-free, interactive analysis for Solidity
We’re hiring for our Research + Engineering team! By Aaron Yoo, University of California, Los Angeles As an intern at Trail of Bits, I worked on Solar, a proof-of-concept static analysis framework ...
Illegal Content and the Blockchain
Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the ...

Fintech Cybersecurity Trends in 2021
Article by Beau PetersWhen the pandemic struck, online bad actors took it as an opportunity to double-down on their attacks through ransomware, malware, and social engineering. Newly remote workers and remotely connected workplaces ...
Confessions of a smart contract paper reviewer
If you’re thinking of writing a paper describing an exciting novel approach to smart contract analysis and want to know what reviewers will be looking for, you’ve come to the right place ...

Breaking Aave Upgradeability
On December 3rd, Aave deployed version 2 of their codebase. While we were not hired to look at the code, we briefly reviewed it the following day. We quickly discovered a vulnerability ...