Spring Cloud Gateway + Keycloak: a complete example
Hello everyone! Today we will look at how to make a full integration of the Spring Cloud Gateway API gateway and Keycloak, as it seemed to me that the topic was not sufficiently…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
ONCE AGAIN ABOUT THE GREAT BORDER between matter and consciousness
According to an ancient tradition, the roots of which even old-timers with advanced amnesia do not remember, before the New Year, one wants to say something significant…
The complexity of biometric identification of monozygotic twins
Imagine a courtroom. The prosecutor proudly presents what he believes to be irrefutable evidence: a fingerprint, a surveillance camera recording, a DNA test. Everything…
Top cybersecurity news for December 2024
Hello everyone! We are closing the year with our traditional news digest. December was rich in spyware news: Pegasus was highlighted due to the won Whatsapp case, its…
Incident response XXII века: как PAM-система помогла выявить атаку в прямом эфире
In the article "Reign of king: tactics and tools of the Obstinate Mogwai group" from the Solar 4Rays Cyber Threat Research Center, there is an interesting case of an…
Cryptography of the Middle Ages: from alchemical ciphers to magic squares
Among the bright symbols of the Middle Ages are sorcerers, witches, and alchemists who "enchant and turn mercury into gold." Cryptography at this time also went hand…
Safe Digest New Year Edition: "bot" among "friends", bushido against fraud, TB of leaked "snowflakes"
Throughout 2024, we have witnessed a lot of high-profile hacks, leaks, failures, and just funny news from the world of information security. For the New Year, we traditionally…
Secrets in Java services on Spring: where to get and how to update
Hello, tekkix! My name is Andrey Chernov, I am a Java architect at SberTech, where I develop the architecture of microservices. Now I will talk about the nuances of working…
Mix, but do not shake. How we added Sec between Dev and Ops
Hello, tekkix! My name is Natali Dubotolkova, I am a senior secure software development engineer at Basis. I want to talk about how we thought about integrating the work…
How OSINT reunited two long-lost soldiers
Faces and names mentioned in this blog are real and used with their permission. Some details have been edited or hidden to protect the privacy of others.
Basic SAST and DAST setup for django in gitlab cicd: how to quickly implement security solutions
Hello, my name is Egor and I am a Tech Lead at IdaProject :) I am engaged in strategy, processes, and teams in the direction of backend development.
Development of Security Proxy. Dynamic Rights
Hello everyone! The classic approach to authorization is when its control is placed inside a specific service in the form of static rules. That is, the role and rights…
Worse than a flood, scarier than a fire: how to prepare your backups for a ransomware virus visit
For decades, backups have primarily protected us from physical equipment failure and accidental data corruption. A good backup system should survive a fire, a flood,…
Evolution of NGFW in Russia on the example of UserGate. Interview with UserGate NGFW Development Manager Kirill Pryamov
There was already an interview on tekkix about Next Generation Firewall from Solar, which touched on the technical aspects of developing such solutions. There was also…
OSINT. Now what is the buzz about?
We at IDX, a company engaged in legal personal data verification, are naturally interested in everything related to PD, even if it goes beyond our operational activities.…
Database Hardening
Nowadays, any serious application needs a database to store information. DBMS allows you to save data, quickly find and retrieve what you need using queries. But in order…
Attacks on GitHub developer in 2024
The "Platform Engineering" trend proposed by analytical agencies has become interesting not only to companies that transform their processes, teams, and tools according…
Hiding VMware from malware
Methods for detecting malicious code are improving, as is the malicious code itself. In the past, antivirus systems used signature analysis to detect viruses, but now…
