Managing the Threat of Big Sig and Cryptographic Vulnerabilities

Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

WP Rocket - WordPress Caching Plugin

Must Read

Recently, professional bug spotter Tavis Ormandy of Project Zero, Alphabet’s initiative for finding zero-day vulnerabilities, discovered a critical security flaw in Mozilla’s cross-platform Network Security Services (NSS) cryptography libraries.

Officially known as CVE-2021-43527 and nicknamed BigSig (because Ormandy noted, all bugs require a “catchy name”), the critical memory corruption vulnerability could result in a heap-based buffer overflow that might trigger an application to crash or let attackers execute arbitrary code. This would take place during the verification process of signatures in certain PDF viewers and email clients – such as LibreOffice, Evolution, Thunderbird, and Evince. The vulnerability is reportedly found in every version of NSS dating back to version 3.14, released in October 2012.

Also Read

While Mozilla sprang into action to fix the bug (which did not affect its popular Firefox web browser), it’s nonetheless a reminder of software’s risks. Even when you’re dealing with a well-regarded and well-known developer such as Mozilla, it highlights the necessity of tools such as Runtime Application Self Protection to keep you properly protected.

The traditional Web Application Firewall

Traditionally, a Web Application Firewall (WAF) was considered adequate to protect against many online attacks, such as those stemming from vulnerabilities. WAFs have been around since the 1990s, when webserver attacks began to become more commonplace as an attack method. A WAF works by filtering, monitoring, and blocking HTTP traffic on its way both to and from a web server. The idea is that, by inspecting this HTTP traffic, it’s possible to stop attacks that seek to exploit web applications’ vulnerabilities – whether that’s a cross-site scripting (XSS) attack, SQL injection, or any other attack of a large number of possible attack methods.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

But WAFs aren’t always enough. While they monitor traffic at the network perimeter, providing broad and shallow protection, they may lack the visibility necessary to detect attempted exploitation of a vulnerability like BigSig. Traditional WAFs can fail to spot some of the threats in the cybersecurity landscape, leaving targets open to possible attacks.

Commonly cited weaknesses with WAFs include their tendency to generate both false positives and false negatives, and the fact that they can be bypassed using the right approaches. Perhaps most significantly, they may offer limited protection against zero-day vulnerabilities. A zero-day vulnerability – the type of vulnerability that Alphabet’s Project Zero is tasked with finding – refers to a vulnerability that’s known to attackers, but not to an application vendor.

Enter Runtime Application Self Protection

WAFs most certainly have their place when it comes to defending against cyberattacks. But they are not the only tool you should be considering when protecting against such threats. The latest, most advanced defense that’s available against zero-day attacks is what is known as Runtime Application Self Protection (RASP). RASP agents are designed to sit inside applications, where they can examine request payloads in real-time.

They do this with the context of the application code as it runs, allowing them to work out whether a request is regular or possibly malicious. This includes both non-web and web apps. In doing so, it allows applications to defend themselves, making it an invaluable game-changer for those who need to rely on such tools. Doing so makes it possible to detect and block attempted exploitation of BigSig and similar other vulnerabilities.

In the case of the BigSig vulnerability, Mozilla worked hard to fix the vulnerability when they became aware of it. But waiting on patches for defense is not the most foolproof way of safeguarding your systems. It’s a bit like waiting on someone on your street to have their home burglarized before you decide to start locking your front door and windows at night. By using RASP, security is there by default.

Vulnerabilities aren’t going anywhere

Vulnerabilities are never going to entirely go away. Bugs are part of virtually every sufficiently advanced piece of software. A certain percentage of these bugs will take the form of vulnerabilities when attackers find a way of exploiting them in order to cause damage. BigSig may be one of the latest examples of a vulnerability, but it’s far from the only example to have arisen in 2021 – and, with 2022 here, there will be plenty more where that came from. However, by investing in the right tools, such as RASP, organizations can protect themselves against whatever risks come their way.

For any organization that has experienced a cyberattack based on a vulnerability (or just those that are smart enough to have followed this area, and know the risks), this is an investment well worth making. The cyber security landscape continues to evolve, with more and more vulnerabilities discovered all the time. By seeking out cyber security experts to help safeguard your system, you can ensure you are protected against all manner of vulnerabilities – cryptographic and otherwise. Doing so is some of the smartest money you can spend.

iThemes WordPress Hosting

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.



- Advertisement -
- Advertisement -


Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.


Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.


OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.


- Advertisement -
- Advertisement -
ChatGPT Reaches 100 Million Users in Two Months Microsoft’s Teams Get OpenAI-Based Features WhatsApp New Feature that Allows Users to Create Calling Shortcuts Instagram Working On Twitter-like Paid Verification Feature OnePlus Ace 2 Specs Exposed Online Realme GT Neo 5 Full Specs Revealed  Samsung Galaxy S23 Ultra: The New Android King Twitter To End Free API February 9 MLS Season Pass Now Available On Apple TV App Tesla To Increase Giga Shanghai EV Production to 20,000 Weekly 
OpenAI Releases Tool To Detect AI-generated Text Tesla Records Double Net Profit in 2022 India to Produce Upcoming iPhones: Trade Minister Japanese Professor Developed A Power Semiconductor made of Diamond Google Releases New Product for India’s Merchants Indian EV Startup Unveil Two AutoBalancing Electric Scooters OPPO Find X6 Pro Images Render via Weibo Sony Develops New Tech to Reduce Noise of Image Sensors