To bind or not to bind: how we manage the identity of corporate "Macs"
Hello! My name is Pavel, and I am the head of office IT infrastructure at Yandex. For more than a year of my work, to one degree or another, I have dedicated myself to…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
90 days tested BitNinja - a boxed solution for server and website protection. We tell who, where and what attacks
BitNinja is an analogue of Dr.Web or Immunify, but unlike them, it specializes not only in catching viruses, but also in filtering incoming traffic. The antivirus uses…
Dependency-Track v4.12: обзор обновлений
Прошло почти полгода с момента предыдущего релиза Dependency‑Track v4.11 . 1 октября вышел новый релиз Dependency‑Track v4.12.0, а на днях — релиз v4.12.1. Мы опробовали…
Human-AI Interfaces: The Key to Future Interaction
Analysis of the evolution and development prospects of interfaces for harmonious cooperation between humans and artificial intelligence.
CISQ. Software Quality Analysis Study 2020 — Part 1
The Consortium for Information and Software Quality launched the "State of the Industry" survey - the first comprehensive study of software quality analysis. This article…
Nose to the wind: how our DNS sniffer helps find Blind vulnerabilities
Hello everyone! In the blog of the Solar 4RAYS Cyber Threat Research Center, we continue to share the results of incident investigations, useful tools for information…
Catch the vulnerability with your own hands: custom annotations of C# code
I think it is no secret to many that vulnerabilities in a project can have an extremely negative impact on it. There are a number of ways to deal with vulnerabilities,…
Attacks on SMTP and MTA-STS downgrade
When SMTP was created, it worked by transmitting data in clear text, as we had not yet developed a solution for secure data transmission, what we now call "transport…
Software Supply Chain Security. Building processes with OSS
Hello, tekkix! We are talking about one of the options for using Open Source tools for Software Supply Chain Security. Colleagues in the field asked to post a small overview…
How to safely share information in the digital world without revealing yourself?
For example, an open-source project contributor wants to share plans while remaining anonymous.
Simple script protection in Python
Stack: Python 3.11.7, ntplib, subprocess, getpass for time, system, password,
Built-in security mechanisms of Python frameworks
When conducting software development process audits, we often hear that functionality is implemented in the framework, and this may raise questions from security personnel.
Find out what the user did through the registry dump
When investigating computer incidents, one of the most important actions is the collection of evidence. So it is very important for us to have a dump of the RAM, because…
Profiling: comparing pt-pmp and perf tools on real examples
Hello, tekkix! In the previous article, the primary analysis of the application was discussed, which tools should be used to collect information and how to work with…
Ensuring security in software development — CI/CD pipeline issues and threat prevention methods
Security is a critical aspect in software development, the very fact of implementing which eliminates design errors, reduces costs, and focuses the team on using reliable…
Analysis of vulnerability CVE-2024-38227 in Microsoft SharePoint
On September 10, Microsoft released another set of updates, fixing 79 vulnerabilities in various products. Our attention was drawn to patches for Microsoft SharePoint…
How SPAM appeared — the main booster of cybercrime
Do you like canned food? Or Viagra? You can buy them from us!
Attacks on web caching. Cache poisoning: theory and practice
Caching is an efficient architectural solution that is used at all levels of computing systems today, from processor and hard disk cache to web server cache and reverse…
