Infiltrating the software supply chain is not a new attack method, but the way cybercriminals insinuate themselves and their malicious code into repositories continues to become more sophisticated. Although developers know that any open-source code should be reviewed and vetted, attackers now work to circumvent that practice. In a recent campaign targeting the software supply […]
READ MOREMisconfigurations are the bane of a developer’s existence and a not-so-secret joy for malicious actors. A recently discovered emerging malware campaign focuses on misconfigured servers to gain initial access, then uses traditional Linux attack techniques to deliver a cryptocurrency miner malware and maintain persistence after spawning a reverse shell. The malware attack begins by exploiting […]
A fascinating paper was recently published titled “Stealing Part of a Production Language Model.” In the paper, the authors present the very first attach technique for stealing models that can extract the complete embedding projection layer of proprietary production transformer language models like ChatGPT or PaLM-2. The paper details how an attacker can attack these […]
As the US federal government continues to inch toward implementing the various national cybersecurity executive orders and implementation strategies, the Cybersecurity and Infrastructure Security Agency (CISA) will be publishing more documents to help companies achieve the desired outcomes. To be more succinct, agencies are going to write a lot about actions developers must take to […]
Introduction The age of SPAs, or single-page applications, has dawned. Everywhere we look, seamless user experiences and dynamic content loading take the forefront. However, such power and efficiency come with its fair share of challenges—especially in security. SPAs have revolutionized the way users interact with web applications. With faster transitions, reduced server load, and a […]
Fedora Linux has long been a favorite operating system (OS) for developers looking for an innovative, free environment. Originally developed and now sponsored by Red Hat, the open-source Fedora Project has a little something for everyone with its Workstation, Server, Internet of Things (IoT), Virtual Machine (VM), and container-optimized CoreOS options. As a trusted open-source […]
Introduction The world of application development is a balance between providing features and ensuring security. One tool that stands as a bridge between functionality and security is the JSON Web Token (JWT). While powerful and versatile, like all tools, it requires understanding and caution in its implementation. A Primer on JWTs JWT is a concise, […]
You can admit it. You love Docker because it makes building, testing, and shipping software easier for you. The problem is that attackers love Docker, too. Even if you’re already scanning for Docker container vulnerabilities, your code could still create a data security risk. The good news is that OWASP has your back. Recognizing that […]
Most people find compliance a big ol’ snoozefest. It consumes time and resources that could be better allocated elsewhere. The language that regulatory bodies use is so “lawyered!” as to be nearly incomprehensible. For developers, the recent requirements around secure software attestations that start bringing the President’s “Executive Order on Improving the Nation’s Cybersecurity” (EO) […]
On August 22, 2023, security researchers at Symantec’s Threat Hunter Team identified a previously unknown advanced persistent threat (APT) group using Cobra DocGuard to deliver a backdoor to victim devices via the Korplug/PlugX malware. Carderbee used a known issue with Microsoft’s Windows Hardware Developer Program (MWHDP) to deploy the attack, one that Microsoft responded to […]
Introduction Every developer craves building applications that offer stellar functionalities. But equally, if not more, crucial is ensuring that these applications are built on a bedrock of security. Today, we’ll unravel one of the more notorious vulnerabilities plaguing the web – Cross-Site Scripting (XSS). In particular, we’ll dissect its most treacherous variant: the DOM-based XSS. […]
Introduction Decoding the Topic Every developer, at some point in their journey, is entrusted with the monumental task of ensuring data security, especially passwords. The weight of this responsibility cannot be emphasized enough. How we handle this task, choosing between hashing and encryption, can be the defining line between a rock-solid application and a security […]
© 2024 Qwiet. All rights reserved.