Fraud Based on Trusted Data
The profession of a fraudster is highly competitive: to stay afloat and be economically efficient, poor fellows must keep up with trends and respond quickly to changes.…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
Bypassing Github access restriction to the Trivy vulnerability database. Quick fix to help you
Recently, developers using the Trivy image scanner encountered the TOOMANYREQUESTS error. It occurred due to the maximum number of tool users and the download rate limit…
Revealing Privileges: How PAM Helps Identify Hidden Risks
In the article, we will talk about the PAM class solution, as well as consider who privileged users are and what key role they play in managing access to critical systems…
Artificial Intelligence in Information Security: Increasing Business Efficiency and Profitability
Artificial intelligence has already firmly entered the arsenal of modern business tools. Its application is now the norm, not the exception. AI effectively solves the…
Application of SIEM for incident investigation
Identifying incidents is one of the main tasks of information security specialists. Incidents can be detected in various ways. For example, you can manually analyze event…
The dark side of IT: sinister stories about passwords, stinginess, and DDoS
When spirits come into our world and magic becomes not just a myth, but something real, anything can happen. For example, all servers suddenly overheat, smoke, and users…
To bind or not to bind: how we manage the identity of corporate "Macs"
Hello! My name is Pavel, and I am the head of office IT infrastructure at Yandex. For more than a year of my work, to one degree or another, I have dedicated myself to…
90 days tested BitNinja - a boxed solution for server and website protection. We tell who, where and what attacks
BitNinja is an analogue of Dr.Web or Immunify, but unlike them, it specializes not only in catching viruses, but also in filtering incoming traffic. The antivirus uses…
Dependency-Track v4.12: обзор обновлений
Прошло почти полгода с момента предыдущего релиза Dependency‑Track v4.11 . 1 октября вышел новый релиз Dependency‑Track v4.12.0, а на днях — релиз v4.12.1. Мы опробовали…
Human-AI Interfaces: The Key to Future Interaction
Analysis of the evolution and development prospects of interfaces for harmonious cooperation between humans and artificial intelligence.
CISQ. Software Quality Analysis Study 2020 — Part 1
The Consortium for Information and Software Quality launched the "State of the Industry" survey - the first comprehensive study of software quality analysis. This article…
Nose to the wind: how our DNS sniffer helps find Blind vulnerabilities
Hello everyone! In the blog of the Solar 4RAYS Cyber Threat Research Center, we continue to share the results of incident investigations, useful tools for information…
Catch the vulnerability with your own hands: custom annotations of C# code
I think it is no secret to many that vulnerabilities in a project can have an extremely negative impact on it. There are a number of ways to deal with vulnerabilities,…
Attacks on SMTP and MTA-STS downgrade
When SMTP was created, it worked by transmitting data in clear text, as we had not yet developed a solution for secure data transmission, what we now call "transport…
Software Supply Chain Security. Building processes with OSS
Hello, tekkix! We are talking about one of the options for using Open Source tools for Software Supply Chain Security. Colleagues in the field asked to post a small overview…
How to safely share information in the digital world without revealing yourself?
For example, an open-source project contributor wants to share plans while remaining anonymous.
Simple script protection in Python
Stack: Python 3.11.7, ntplib, subprocess, getpass for time, system, password,
