Security - Articles for the year 2025

Read interesting articles and reviews for the year 2025. Analysis of key events in the "Security" sector

How HTTP is Used for DNS: DNS-over-HTTPS in Practice

HTTPS makes it possible to implement secure interaction with the DNS resolver interface, concealing the DNS traffic that would otherwise be transmitted in plain text.…

How a Designer’s Stolen Passwords Nearly Tanked a Startup [MITRE: T1078 — Valid Accounts]

Incident Description: The attacker uses stolen credentials to access the company’s server, website, or cloud.

Protection Without Encryption: Paradox or Alternative?

Is it possible to protect data without encryption? In 2025, as algorithms become outdated, quantum computing is on the rise, and most data breaches are caused by human…

How one developer prevented the largest cyberattack: the story of the XZ Utils hack

Exactly one year has passed since the world watched in awe as the investigation of one of the most sophisticated backdoors in Linux history unfolded. The story of the…

Digest of Information Security Regulation. January – March 2025

Hello, tekkix! We continue our series of reviews on laws, orders, decrees, and regulatory initiatives related to information security. In this article, we cover what…

Let's still make it until the May holidays: what is important to do so that the "long" weekend is not overshadowed by cyberattacks

Holidays, public holidays, any "extra" days off - this is an opportunity for attackers to try to launch an attack. The attackers' calculation is simple: the fewer "defending"…

Password Transmission over the Internet: Which is Safer - Hashing or TLS?

In this article, we will examine which methods of transmitting a password over the internet are the safest. Hashing passwords or the TLS protocol - which one to choose…

Several rules for organizing a cybersecurity hackathon

Hello! This is Masha from AppSec at Alfa-Bank. Recently, we held the first cybersecurity hackathon, which took place with the joint efforts of the IT, AppSec, Intranet,…

WebSocket: simple about the complex. Part 2 — practical application and nuances

Julia here again, a systems analyst at EvApps, and we continue exploring WebSocket technology. In the first part, we learned the basics of WebSocket, and now let's look…

Five things you shouldn’t tell ChatGPT

Don’t let your thoughts become training material for AI — or leak in a data breach. It doesn’t matter which chatbot you choose: the more you share, the more useful it…

The history of "World Backup Day" [and a compact solutions digest] is a good reason to make a backup

March 31 is a day meant to bring together those who make backups and those who don't yet. And to quickly reduce the number of the latter. At beeline cloud, we've decided…

Top infosec news for March 2025

Hello everyone! Time to refresh your memory on the key information security events from last month. The main one, undoubtedly, was Signalgate involving top U.S. officials,…

How a Former Employee Transferred Data to Competitors

In the small company TechnoSoft, which specialized in business automation software, a Friday evening seemed ordinary. The sales manager—a young, attractive girl with…

April Fools' joke that almost got me fired

Everyone should play one great joke at least once in their life. In this article, I will talk about mine. The story is true, only the names have been removed to protect…

How the call for papers at OFFZONE works: from submission to presentation

Getting to OFFZONE as a speaker is not the easiest task. Every year we get questions: how does the CFP work? which topics are better to choose? how to submit an application…

IDOR & UUIDs for PII Leakage

Hello, today I will share with you another report. The vulnerability we will discuss is IDOR. Using it, I was able to expose personally identifiable information (PII…

How to Protect Wealth Using IT and "Hostile" Interfaces?

A good interface should help the user. But what if I say that sometimes a good interface should hinder them?

Anomaly detection and leak prevention — how signature-based analysis helps detect internal threats

Hello, tekkix! My name is Alexander Shcherbakov. I will tell you how Privileged Access Management systems help control the actions of privileged users with the help of…

Security - Articles for the year 2025

Read interesting articles and reviews for the year 2025. Analysis of key events in the "Security" sector

How HTTP is Used for DNS: DNS-over-HTTPS in Practice

How a Designer’s Stolen Passwords Nearly Tanked a Startup [MITRE: T1078 — Valid Accounts]

Protection Without Encryption: Paradox or Alternative?

How one developer prevented the largest cyberattack: the story of the XZ Utils hack

Digest of Information Security Regulation. January – March 2025

Let's still make it until the May holidays: what is important to do so that the "long" weekend is not overshadowed by cyberattacks

Password Transmission over the Internet: Which is Safer - Hashing or TLS?

Several rules for organizing a cybersecurity hackathon

WebSocket: simple about the complex. Part 2 — practical application and nuances

Five things you shouldn’t tell ChatGPT

The history of "World Backup Day" [and a compact solutions digest] is a good reason to make a backup

Top infosec news for March 2025

How a Former Employee Transferred Data to Competitors

April Fools' joke that almost got me fired

How the call for papers at OFFZONE works: from submission to presentation

IDOR & UUIDs for PII Leakage

How to Protect Wealth Using IT and "Hostile" Interfaces?

Anomaly detection and leak prevention — how signature-based analysis helps detect internal threats

Also read

Prepare your applications, this is a security audit

In Windows, an 8-year security flaw has been discovered that Microsoft does not want to fix

WebSocket: simple about the complex. Part 2 — practical application and nuances

Protection Without Encryption: Paradox or Alternative?