The Qwiet Blog

Infiltrating the software supply chain is not a new attack method, but the way cybercriminals insinuate themselves and their malicious code into repositories continues to become more sophisticated. Although developers know that any open-source code should be reviewed and vetted, attackers now work to circumvent that practice.  In a recent campaign targeting the software supply […]

Misconfigurations are the bane of a developer’s existence and a not-so-secret joy for malicious actors. A recently discovered emerging malware campaign focuses on misconfigured servers to gain initial access, then uses traditional Linux attack techniques to deliver a cryptocurrency miner malware and maintain persistence after spawning a reverse shell.  The malware attack begins by exploiting […]

A fascinating paper was recently published titled “Stealing Part of a Production Language Model.” In the paper, the authors present the very first attach technique for stealing models that can extract the complete embedding projection layer of proprietary production transformer language models like ChatGPT or PaLM-2. The paper details how an attacker can attack these […]

Frontend security is a critical aspect of web application development. Attackers often target the front end as the first line of user interaction, looking to exploit vulnerabilities. This article delves into essential practices for securing your user interface and safeguarding it against common attacks. Frontend Security Risks The front end of a web application, typically […]

Researchers recently uncovered a vulnerability in Hugging Face’s Safetensor conversion service and its associated service bot that could allow attackers to hijack user-submitted language models, ultimately resulting in potential supply chain attacks.   For those not in the know, Hugging Face is a platform for community collaboration on AI models, datasets, and applications.  Users of the […]

“We, as a nation, have the ability – and the responsibility – to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem, but that means we need to tackle the hard problem of moving to memory safe programming languages,”  – Harry Coker (US National Cyber Director) […]

Cooking and software development have a lot in common. With cooking, you bring together different ingredients, looking at how the flavors blend and textures combine. With software development, you combine different components, including open-source libraries and your code. With cooking, you might decide to take something from a recipe, change it a bit, and create […]

Introduction RESTful APIs are the linchpins of software communication, facilitating data exchange between diverse systems. Their ubiquity and accessibility, however, make them prime targets for exploitation. This article aims to fortify your approach to API security by providing practical tips and shedding light on common vulnerabilities. The Security Landscape of RESTful APIs RESTful APIs are […]

For anyone who’s ever had test anxiety, notification of any audit can send them right back to middle or high school. An internal audit is basically like working with a tutor who helps you find mistakes while an external auditor can feel like having a grumpy teacher marking you down for not crossing a “t” […]