The Qwiet blog

Introduction Have you ever wondered how your private info stays safe online? In a world where cyber threats are rising and we share more data than ever, data encryption is our digital guardian angel. This article will take you through how encryption works to protect your information and why it’s more important now than ever. […]

Introduction Dive into online security with a closer look at authentication and authorization. This article unravels how these key processes verify your identity and manage your access rights, acting as the frontline defenses for your data.  What are Authentication and Authorization? Authentication verifies a user’s identity with things like passwords or fingerprints. It’s about making […]

Introduction Have you ever wondered how safe your code is in a world full of digital threats? This article dives into the world of secure coding, revealing how it’s essential for keeping software safe from cyber threats. Learn why secure coding matters and how it fits into every stage of software development to protect against […]

Introduction Have you ever thought about what keeps your apps safe from hackers? That’s where application security comes in – the armor shields software applications from threats at every stage, from design to daily use. This blog will shed light on how application security is woven into the fabric of software development, ensuring that apps […]

Introduction Are you confident that your Python application can stand up to the latest cybersecurity threats? As Python’s popularity surges across various fields, the security of its codebases has become critical. This article delves into essential security practices for Python developers, aiming to fortify applications against cyber threats. You’ll walk away with a clear understanding […]

After a fiendishly clever sequence of events, the open-source community narrowly avoided a devastating supply chain attack that could have allowed threat actors to gain near-total control over a huge swath of Linux systems and servers worldwide. The target was XZ Utils, a ubiquitous data compression utility in almost every major Linux distribution. By slipping […]

Infiltrating the software supply chain is not a new attack method, but the way cybercriminals insinuate themselves and their malicious code into repositories continues to become more sophisticated. Although developers know that any open-source code should be reviewed and vetted, attackers now work to circumvent that practice.  In a recent campaign targeting the software supply […]

Misconfigurations are the bane of a developer’s existence and a not-so-secret joy for malicious actors. A recently discovered emerging malware campaign focuses on misconfigured servers to gain initial access, then uses traditional Linux attack techniques to deliver a cryptocurrency miner malware and maintain persistence after spawning a reverse shell.  The malware attack begins by exploiting […]

A fascinating paper was recently published titled “Stealing Part of a Production Language Model.” In the paper, the authors present the very first attach technique for stealing models that can extract the complete embedding projection layer of proprietary production transformer language models like ChatGPT or PaLM-2. The paper details how an attacker can attack these […]