Smart Contract Security: An In-Depth Exploration

https://supedium.com/cryptocurrency-and-web3/smart-contract-security-an-in-depth-exploration/ #blockchainsecurity #codeaudits #formalverification #smartcontracts #vulnerabilities Smart Contract Security: An In-Depth Exploration https://supedium.com/cryptocurrency-and-web3/smart-contract-security-an-in-depth-exploration/

https://bit.ly/3oSntJa - �� Fortinet, in response to a critical CVSS PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) and other SSL-VPN related issues, has published an analysis with additional details to assist customers in making informed, risk-based decisions. Affected platforms are primarily those in government, manufacturing, and critical infrastructure, with potential risks including data loss and OS/file corruption. #Cybersecurity #Fortinet #CriticalAdvisory 🕵️ The vulnerabilities were discovered following a code audit initiated after the previous incident (FG-IR-22-398 / CVE-2022-42475), which observed a heap-based buffer overflow in FortiOS SSL VPN. The audit, coupled with a responsible disclosure from a third-party researcher, helped to identify the issues that are now rectified in the current firmware releases. #SSLVPN #DataBreach #CodeAudit 🔍 The Fortinet team identified several vulnerabilities with severity levels ranging from medium to critical, one of which (FG-IR-23-097) may have been exploited in a limited number of cases. To mitigate potential risks, Fortinet is advising all customers with SSL-VPN enabled to upgrade to the most recent firmware release immediately. #ProductSecurity #FortinetAdvisory ⚡ In the case of the Volt Typhoon campaign, Fortinet's research suggests that it uses a variety of tactics and techniques for network access, including “living off the land” strategies to evade detection. Notably, the campaign primarily exploits patched vulnerabilities like FG-IR-22-377 / CVE-2022-40684 for initial access. However, FG-IR-23-097 is currently not linked to the Volt Typhoon campaign. #CyberThreats #VoltTyphoon 🔧 To help customers maintain a secure environment, Fortinet recommends immediate and regular system patching, maintaining good cyber hygiene, adhering to vendor patching recommendations, minimizing the attack surface, and managing devices via out-of-band methods when possible.