Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East...
More details.
Posted on Fri, 07 Nov 2025 23:30:00 +0530
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues...
More details.
Posted on Fri, 07 Nov 2025 21:37:00 +0530
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.
According to software supply...
More details.
Posted on Fri, 07 Nov 2025 17:25:00 +0530
Enterprise Credentials at Risk – Same Old, Same Old?
Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet...
More details.
Posted on Fri, 07 Nov 2025 16:00:00 +0530
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments...
More details.
Posted on Fri, 07 Nov 2025 14:45:00 +0530
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded...
More details.
Posted on Fri, 07 Nov 2025 12:18:00 +0530
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities.
The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned...
More details.
Posted on Thu, 06 Nov 2025 21:01:00 +0530
Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362
Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362...
More details.
Posted on Thu, 06 Nov 2025 20:28:00 +0530
From Tabletop to Turnkey: Building Cyber Resilience in Financial Services
Introduction
Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement.
Crisis management...
More details.
Posted on Thu, 06 Nov 2025 17:29:00 +0530
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors...
More details.
Posted on Thu, 06 Nov 2025 17:10:00 +0530
Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response
Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion...
More details.
Posted on Thu, 06 Nov 2025 16:13:00 +0530
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware.
According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine...
More details.
Posted on Thu, 06 Nov 2025 12:52:00 +0530
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files.
"The malicious...
More details.
Posted on Thu, 06 Nov 2025 11:10:00 +0530
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion...
More details.
Posted on Wed, 05 Nov 2025 21:03:00 +0530
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge...
More details.
Posted on Wed, 05 Nov 2025 19:34:00 +0530
Securing the Open Android Ecosystem with Samsung Knox
Raise your hand if you’ve heard the myth, “Android isn’t secure.”
Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical...
More details.
Posted on Wed, 05 Nov 2025 17:25:00 +0530
Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel...
More details.
Posted on Wed, 05 Nov 2025 16:50:00 +0530
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud...
More details.
Posted on Wed, 05 Nov 2025 16:25:00 +0530
Why SOC Burnout Can Be Avoided: Practical Steps
Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach...
More details.
Posted on Wed, 05 Nov 2025 16:00:00 +0530
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild...
More details.
Posted on Wed, 05 Nov 2025 11:42:00 +0530
A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces
The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025.
"Since its...
More details.
Posted on Tue, 04 Nov 2025 22:55:00 +0530
European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep
Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million)...
More details.
Posted on Tue, 04 Nov 2025 21:27:00 +0530
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions...
More details.
Posted on Tue, 04 Nov 2025 19:54:00 +0530
Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed
Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks.
The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News...
More details.
Posted on Tue, 04 Nov 2025 19:30:00 +0530
Ransomware Defense Using the Wazuh Open Source Platform
Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide...
More details.
Posted on Tue, 04 Nov 2025 16:36:00 +0530
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.
According to multiple reports from Cyble...
More details.
Posted on Tue, 04 Nov 2025 16:19:00 +0530
Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit
Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption...
More details.
Posted on Tue, 04 Nov 2025 13:40:00 +0530
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks
Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them.
Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U...
More details.
Posted on Tue, 04 Nov 2025 13:15:00 +0530
Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel
Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications.
"Instead of relying...
More details.
Posted on Tue, 04 Nov 2025 11:28:00 +0530
Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive
Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck.
According to Secure Annex's John Tuckner, the extension in question, juan-bianco...
More details.
Posted on Mon, 03 Nov 2025 23:38:00 +0530
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight...
More details.
Posted on Mon, 03 Nov 2025 18:48:00 +0530
⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found...
More details.
Posted on Mon, 03 Nov 2025 18:26:00 +0530
The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations
Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious...
More details.
Posted on Mon, 03 Nov 2025 17:26:00 +0530
Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices.
According to CYFIRMA,...
More details.
Posted on Mon, 03 Nov 2025 16:44:00 +0530
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea...
More details.
Posted on Mon, 03 Nov 2025 16:12:00 +0530
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY...
More details.
Posted on Sat, 01 Nov 2025 19:13:00 +0530
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code...
More details.
Posted on Fri, 31 Oct 2025 22:49:00 +0530
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack.
Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation...
More details.
Posted on Fri, 31 Oct 2025 21:38:00 +0530
China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025...
More details.
Posted on Fri, 31 Oct 2025 19:27:00 +0530
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.
The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9...
More details.
Posted on Fri, 31 Oct 2025 18:56:00 +0530
The MSP Cybersecurity Readiness Guide: Turning Security into Growth
MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves...
More details.
Posted on Fri, 31 Oct 2025 17:00:00 +0530
CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation...
More details.
Posted on Fri, 31 Oct 2025 14:16:00 +0530
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace...
More details.
Posted on Fri, 31 Oct 2025 13:32:00 +0530
CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild...
More details.
Posted on Fri, 31 Oct 2025 12:39:00 +0530
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do
A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose...
More details.
Posted on Fri, 31 Oct 2025 09:07:00 +0530
Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month
Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month.
The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent...
More details.
Posted on Thu, 30 Oct 2025 22:30:00 +0530
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs.
AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing...
More details.
Posted on Thu, 30 Oct 2025 22:10:00 +0530
New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds.
Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash...
More details.
Posted on Thu, 30 Oct 2025 20:15:00 +0530
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact.
That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction...
More details.
Posted on Thu, 30 Oct 2025 17:25:00 +0530
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering...
More details.
Posted on Thu, 30 Oct 2025 16:24:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
-
A Note on Our Domain Update
Between The Hacks has updated its default domain name to
betweenthehacks.com. Everything is still here, but a few links might need
attention. Learn more about this update and let us know if you spot any
issues...
More details.
Posted on Fri, 04 Apr 2025 14:46:00 +0000
Passkeys: The Beginning of the End for Passwords
Still using passwords? It might be time to move on.
Passkeys are a simpler, more secure way to log in—no typing, no
phishing, no stress. In this post, I break down how passkeys work, why
they matter, and how you can start using them today...
More details.
Posted on Thu, 03 Apr 2025 14:41:00 +0000
I Finally Segmented My Network… by Cutting the Ethernet Cable!
After years of preaching network segmentation, I took it to the next
level—by physically disconnecting everything. Scissors, copper mesh,
and a rotating SSID script. What could go wrong?
More details.
Posted on Tue, 01 Apr 2025 14:36:55 +0000
Unlimited Access: Every Device on Your Network Can Talk to the Internet
Most home devices can access the entire internet—and often each other.
Segmentation helps, but without visibility into what your devices are
doing, you’re still exposed.
More details.
Posted on Sun, 30 Mar 2025 20:32:00 +0000
If Troy Hunt Can Fall for Phishing, So Can You
Even cybersecurity experts fall for phishing attacks. When Troy Hunt,
creator of Have I Been Pwned, clicked a malicious link and entered his
credentials, it was a wake-up call for all of us. In this post, we break
down what happened, why today’s phishing is more convincing than ever, and
what you can do to protect yourself...
More details.
Posted on Fri, 28 Mar 2025 17:34:13 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test
Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn
page and my blog, not expecting much more than a basic summary...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month.
Since this is a cybersecurity blog, we will focus on cybersecurity but
let’s take a moment to talk about the important topic of breast cancer...
More details.
Posted on Fri, 01 Oct 2021 16:58:53 +0000
Colonial Pipeline: Lessons Learned
The Colonial Pipeline ransomware attack took down the largest fuel pipeline
in the United States and resulted in consumer hoarding of fuel and a
short-term shortage of gasoline on the east coast of the U...
More details.
Posted on Fri, 04 Jun 2021 21:23:00 +0000
President Biden's Cybersecurity Executive Order
Aiming to improve cybersecurity in the United States, President Biden
signed an executive order (EO) on May 12, 2021. Although the EO focuses on
U.S. federal departments’ and agencies’ cybersecurity, it will likely
result in standards that will change the way the private sector manages
cybersecurity within the United States and globally...
More details.
Posted on Fri, 28 May 2021 19:08:00 +0000
World Password Day - May 6, 2021
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no”...
More details.
Posted on Thu, 06 May 2021 13:30:00 +0000
Facebook Leak Leads To Smishing
I have always considered myself pretty lucky in that I rarely receive
fraudulent text messages. That luck recently ran out. Over the past few
weeks I have noticed an uptick in the number of SMS phishing (smishing)
messages that I receive on my phone...
More details.
Posted on Mon, 05 Apr 2021 14:42:00 +0000
2021 Cybersecurity Report Roundup
Annual cybersecurity reports are a rich resource of statistics and
information for cybersecurity professionals, academics, journalists and
anyone who is interested in cybersecurity. Below is a categorized...
More details.
Posted on Fri, 02 Apr 2021 12:27:00 +0000
2021 Top Cybersecurity Leaders
The March 2021 issue of Security magazine, partnering with (ISC)2, featured
their inaugural list of the Top Cybersecurity Leaders for 2021. As the
author of this blog, I am both humbled and honored, to not only be part of
the inaugural team, but also to be recognized with these accomplished
cybersecurity professionals...
More details.
Posted on Sun, 07 Mar 2021 19:54:37 +0000
ILoveYou.txt.vbs
Since today is known for love, let’s look back 21 years to one of the more
destructive, costly and famous viruses in history. The “ILoveYou” worm,
also known as the “Love Bug” or “Love Letter For You” infected more than
ten million Windows computers, beginning on May 5, 2000...
More details.
Posted on Sun, 14 Feb 2021 19:36:17 +0000
Safer Internet Day 2021
Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day
with the theme "Together for a better Internet." Safer Internet Day (SID)
started as an EU SafeBorders project in 2004 and is now celebrated in
approximately 170 countries worldwide...
More details.
Posted on Tue, 09 Feb 2021 16:00:00 +0000
Happy New Year!
2020 was a difficult year and Between The Hacks wants to congratulate
everyone who pulled through the challenges. We have all lived through a
year that delivered a global pandemic, civil unrest, and...
More details.
Posted on Thu, 31 Dec 2020 20:58:00 +0000
Merry Christmas & Happy Holidays
Merry Christmas and Happy Holidays from Between The Hacks!
Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you
and your family are doing well, staying healthy and surviving 20...
More details.
Posted on Fri, 25 Dec 2020 02:51:00 +0000
Safeguarding the Backbone of the Global Economy: OT/ICS Security in the Oil and Gas Industry
The oil and gas industry is an essential pillar of the global economy, enabling energy production, transportation, and storage that fuel every aspect of modern life. At the core of these operations lie Operational Technology (OT) and Industrial Control Systems (ICS), critical systems responsible for monitoring and controlling key industrial processes...
More details.
Posted on Sun, 12 Jan 2025 09:37:30 +0000
Detailed Guide to SOAR and SIEM
What Is SOAR? SOAR stands for Security Orchestration, Automation, and Response. It’s a cybersecurity tool designed to simplify and enhance the efficiency of IT teams by automating responses to various security threats...
More details.
Posted on Sun, 12 Jan 2025 09:20:49 +0000
What is a cyberattack?
What is a cyberattack? Cyberattacks aim to damage or gain control or access to important documents and systems within a business or personal computer network. Cyberattacks are distributed by individuals or organizations for political, criminal, or personal intentions to destroy or gain access to classified information...
More details.
Posted on Wed, 30 Oct 2024 04:02:41 +0000
What is SIEM ?
Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system...
More details.
Posted on Tue, 29 Oct 2024 08:06:47 +0000
Cyber Security Operation Center Guidelines for best practices SOC Design
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.
Posted on Tue, 30 Jan 2024 16:32:57 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
WhatsApp, Facebook, Instagram server down in Pakistan?
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.
Posted on Mon, 04 Oct 2021 17:32:57 +0000
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.
Posted on Sun, 22 Aug 2021 19:26:02 +0000
-
-
How mobile app analytics library led to the PII exposure
A mobile app was leaking personally identifiable information (PII) without anyone knowing. The source? A third-party analytics library. No one on the development team had changed anything. The configuration was untouched...
More details.
Posted on Fri, 25 Jul 2025 00:00:00 +0000
SBOM from the security perspective
Introduction The current situation with SBOMs Types of SBOMs Spotting weak dependencies SBOM and CRA Generating SBOMs: Different tools for different situations Manual SBOM generation GitHub SBOM Generator SBOM for Docker SBOM Benchmarks Inconsistencies in SBOM generation tools SBOMs in security context SBOMs are not accurate SBOMs can include vulnerabilities SBOMs can be signed SBOMs can include hash sums SBOMs’ hindered commercial adoption Data format compatibility issues Privacy concerns General problems of SBOM files Conclusion Introduction # The Software Bill of Materials (SBOM) is a promising approach for keeping an eye on the key elements of a software application, including libraries, dependencies, and frameworks...
More details.
Posted on Wed, 16 Oct 2024 00:00:00 +0000
Protecting ML models running on edge devices and mobile apps
Security challenges for Machine Learning models System architecture for delivering and executing ML models on edge device Risks and threats of running ML models in mobile apps Security defences for ML models ML model encryption Cloud and API protection Mobile application anti-tampering controls Proactive anti-fraud security measures Conclusion ML models are unique combinations of data and algorithms that have been trained on massive volumes of data to provide answers, classify incoming data, and transform it...
More details.
Posted on Fri, 06 Sep 2024 00:00:00 +0000
Cossack Labs Mobile Security Score framework for mobile AppSec
The OWASP Mobile Application Security Verification Standard (MASVS) has been a valuable foundation for our mobile security engineering and assessments. This high-level guideline served us well for a long time, particularly with version 1...
More details.
Posted on Fri, 09 Aug 2024 00:00:00 +0000
Security autotests for measurable and stable application security processes
Introduction The reason behind security autotests Security Autotests How to create security autotest Writing security autotest for validating response header Customising security autotests Security autotests: Fitting use cases Input validation Security Headers are present Verification session token after logout Ready-to-use templates for security autotests Summary Introduction # Software security development is a repeatable process, and some steps could be automated to free up the valuable time of security and software engineers...
More details.
Posted on Thu, 02 May 2024 00:00:00 +0000
Practical OAuth security guide for mobile applications
Intro OAuth: The key points Approach: Reviewing security of OAuth implementation in mobile app Understanding app authentication Intricate workflow behind app-based OAuth login Handling redirects back to the mobile app OAuth security improvement with PKCE CSRF attacks mitigation with “state” parameter Automation, automation, more automation Checklist: Security assessment of OAuth implementation Conclusion Intro # Security requires managing risks with smart and controllable solutions...
More details.
Posted on Fri, 29 Mar 2024 00:00:00 +0000
Security tips on using YubiKey and FIDO U2F
Designed for securing online accounts, FIDO U2F as a protocol and YubiKey as a hardware tool are not silver bullets. If not used wisely, this powerful combo becomes an attractive target in the hands of skilful attackers...
More details.
Posted on Fri, 22 Dec 2023 00:00:00 +0000
Flutter application security considerations
Fast and easy cross-platform application frameworks are promising, yet vulnerable to attacks. Is it possible to make the cross-platform mobile application development safe while avoiding security gaps?
In this post we will focus on pros and cons of Flutter, compare it with other approaches to mobile app development, go deep into platform-specific security risks that developers are to be aware of, and finally offer fundamental mobile security recommendations to make your Flutter projects more secure...
More details.
Posted on Fri, 08 Dec 2023 00:00:00 +0000
Digital payment security: Architecture guide
Building secure digital payment solutions is a challenge when it comes to balancing between convenience and security. How can we build secure digital wallets that meet the needs of fintech users and effectively protect their assets?
Intro Security paradox Balancing convenience and security in digital wallets Perception of security risk Reduce outrage and build a trustworthy digital wallet Digital payment security: Key risks and threats Risk profile and threat model Custodial & non-custodial, hot & cold, multisig wallets: Security benefits vs threats Addressing digital wallet security issues Clearly define your unique risk and threat profile Digital wallets: Addressing security risks Platform security API and backend security Supply chain security Monitoring transactions and addressing security incidents Treating problems systematically: Secure software development lifecycle Targeting specific risks relevant to digital wallets Key leakage and transaction fraud Deanonymisation Know Your Customer Anti Money Laundering Anti Fraud Systems Regulations and compliance Building trustworthy digital payment platforms Security failures in digital wallets Security incidents with custodial and non-custodial wallets Security incidents with banking apps Conclusions and lessons learnt This blogpost is a part of the “Digital wallet security guides”: Read the articles Crypto wallets security as seen by security engineers, Exploring security vulnerabilities in NFC digital wallets, How to prevent digital wallet fraud...
More details.
Posted on Fri, 08 Sep 2023 00:00:00 +0000
How to prevent digital wallet fraud
Custodial or non-custodial cryptocurrency wallets, money transfer platforms, or banking mobile applications — regardless of their forms, digital wallets are expected to provide secure storage of users’ financial assets...
More details.
Posted on Thu, 13 Jul 2023 00:00:00 +0000
Exploring security vulnerabilities in NFC digital wallets
In recent years, we have been reviewing and improving the security of small near-field communication (NFC) devices: smart contactless cards, mobile digital wallets, specialised authentication devices, among others...
More details.
Posted on Thu, 23 Mar 2023 00:00:00 +0000
Smart contract security audit: tips & tricks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.
The smart contracts ecosystem is evolving rapidly, obtaining new development tools, practices, and vulnerabilities...
More details.
Posted on Tue, 13 Dec 2022 00:00:00 +0000
Introduction to automated security testing
Dangerous security bugs can sit in a code until someone finds them and turns into vulnerabilities that cost a piece of mind, budget or lives. To avoid a disaster, security engineers and DevSecOps engineers do their best to find and prevent weaknesses in software in the earlier stages of development...
More details.
Posted on Wed, 17 Aug 2022 00:00:00 +0000
Cryptographic failures in RF encryption allow stealing robotic devices
Cryptographic failures in the wild # Many developers see security people as annoying creatures, always pointing out mistakes and criticizing incorrect decisions. A cryptographer is considered more malignant: they know math and can tell you actual probabilities of some of your failures...
More details.
Posted on Wed, 29 Jun 2022 00:00:00 +0000
Cossack Labs stands on guard for security of Ukrainian companies
This post has been updated to reflect the current status of our support for Ukraine."
Keep calm and clean your machine gun.
On the morning of February 24th, the Russian Federation attacked peaceful Ukraine and shifted the narrative for the whole 21st century...
More details.
Posted on Mon, 07 Mar 2022 00:00:00 +0000
React Native libraries: Security considerations
React Native is a cross-platform framework that allows developers to write native mobile applications using JavaScript. Supporting multiple platforms means dealing with each platform’s issue (React Native, iOS, Android)...
More details.
Posted on Tue, 15 Feb 2022 00:00:00 +0000
TLS certificate validation in Golang: CRL & OCSP examples
Most applications use TLS for data-in-transit encryption and every programming language has a TLS support in its ecosystem. TLS was introduced in 1999 based on SSL 3.0. It's quite an old protocol, but, what is more important, it's very complex...
More details.
Posted on Tue, 18 Jan 2022 00:00:00 +0200
Crypto wallets security as seen by security engineers
What can go wrong when you develop a “secure” crypto wallet? How to eliminate typical security mistakes and build a secure app with multilayered data protection against mnemonic leakage and transaction forgery?
Cossack Labs security engineers were involved in improving the security of several large public blockchain ecosystems and their hot non-custodial crypto wallets...
More details.
Posted on Tue, 14 Dec 2021 00:00:00 +0200
Shared responsibility model in cloud security: mind the gap
Understanding cloud security # In this article, we observe security responsibility of cloud providers: where it ends, what are the gaps and grey areas, and what risks security teams should take into account when using “as a service” platforms...
More details.
Posted on Tue, 23 Mar 2021 00:00:00 +0000
React Native app security: Things to keep in mind
When developers choose to use React Native as a platform for their mobile apps, they think about the benefits of one codebase for two platforms, increased development speed and advantages of TypeScript...
More details.
Posted on Thu, 22 Oct 2020 00:00:00 +0000
Audit logs security: cryptographically signed tamper-proof logs
Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity...
More details.
Posted on Mon, 14 Sep 2020 00:00:00 +0000
How to build OpenSSL for Carthage iOS
This story is dedicated to fellow developers struggling with updating Carthage package with the latest OpenSSL for iOS and macOS apps. Here you will find the scripts, error messages, testing matrix, and our working solution for Themis to this no small feat...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
OpenSSL for iOS: tricks of OpenSSL semver
OpenSSL complexity starts with its version string. Apple, Carthage, and some dependency analysis tools have different opinions about it. Here is how we dealt with them and submitted iOS app to the App Store...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
PII Encryption Requirements. Cheatsheet
This article was initially published on November 2018, then reviewed and updated with the information regarding CCPA on April 2020.
We frequently see how regulatory requirements are mapped onto real-world demands during the integration of our tools and security consulting projects...
More details.
Posted on Thu, 02 Apr 2020 00:00:00 +0000
Lift & Shift: cloud security strategy
Intro # When companies move their infrastructures into the cloud, provisioning resources and configuring them to emulate their initial infrastructure — a practice called “lift and shift” — or migrate the existing solutions from one platform to another, something inevitably migrates together with all the code and assets: their security assumptions ...
More details.
Posted on Wed, 20 Nov 2019 00:00:00 +0000
How to prepare for data security issues
Understanding data security issues # The first thing that comes to mind when one thinks about security issues is typically some poorly written code that is prone to RCE, XSS, and similar attacks. But hardly anyone deliberately sets out with “I’m going to write some really bad, vulnerable code today!” intent in mind...
More details.
Posted on Mon, 28 Oct 2019 00:00:00 +0000
Implementing End-to-End encryption in Bear App
Bear with us! 🐻 # The latest release of a popular note-taking app Bear contains a new feature — end-to-end encryption of user notes. Cossack Labs team worked closely with the amazing Bear team to help deliver this feature...
More details.
Posted on Thu, 05 Sep 2019 00:00:00 +0000
Secure search over encrypted data
More and more data is outsourced to remote (cloud) storage providers fuelled by “software as a service” trends in enterprise computing. Data owners want to be certain that their data is safe against thefts by outsiders, internal threats, and untrusted service providers alike...
More details.
Posted on Tue, 23 Jul 2019 00:00:00 +0000
Install Acra 1-Click App through DigitalOcean Marketplace
Cossack Labs has recently joined the DigitalOcean Marketplace family following our mission to make high-end security tools available to the general developer audience in a convenient fashion. Acra encryption suite is one of the first data security and encryption tools on DigitalOcean Marketplace and it is now available as 1-Click App running in DigitalOcean Droplet ...
More details.
Posted on Tue, 07 May 2019 00:00:00 +0000
Acra on DigitalOcean Marketplace
We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere...
More details.
Posted on Tue, 16 Apr 2019 00:00:00 +0000
Defense in depth security strategy based on data encryption
Intro # Any set of security controls deployed in your infrastructure may fail. Given enough pressure, some controls will certainly fail. No surprises here, but the question is – how to build our systems to make security incidents less damaging in case of a failure of some components? How to prevent data leaks even in case of a successful data breach?
Building security tools , we strive towards defense in depth approach...
More details.
Posted on Thu, 04 Apr 2019 00:00:00 +0000
How to build an SQL Firewall
Building AcraCensor transparent SQL firewall There are two main ways to mitigate SQL injections: inside the app (using prepared statements, stored procedures, escaping) and outside the app (using Web Application Firewalls or SQL firewalls)...
More details.
Posted on Tue, 05 Mar 2019 00:00:00 +0000
How to prevent SQL injections when WAF’s not enough
Can WAF prevent SQL injection? What is the biggest threat to a tool that prevents unauthorised database access? Requests from the application side that trigger data leakage. Namely, SQL injections and other application attacks that allow attackers to craft custom SQL queries...
More details.
Posted on Wed, 13 Feb 2019 00:00:00 +0000
Blockchain & GDPR: dos and don’ts while achieving compliance
On blockchain and GDPR As cryptographers who develop data security tools that heavily involve cryptography (surprise surprise), we get asked a lot of questions about “crypto”. Unfortunately, not “cryptozoology”* crypto, but neither it is cryptography...
More details.
Posted on Tue, 22 Jan 2019 00:00:00 +0000
Thank You for Contributing and Using Themis in 2018
We believe that everyone should be able to create secure applications and protect users’ privacy. That’s why our main cryptographic components are open source and developer-friendly. But open-source would be nothing without external contributions and feedback from users...
More details.
Posted on Thu, 20 Dec 2018 00:00:00 +0000
Hiring External Security Team: What You Need to Know
In our company, we’ve succeeded in clearly articulating the deliverables of our products and consulting projects. Building a network of great partners and delegating the work out of range of our primary competencies to them helps both parties concentrate on what’s we’re best at...
More details.
Posted on Tue, 27 Nov 2018 00:00:00 +0000
How to Implement Tracing in a Modern Distributed Application
Distributed tracing is incredibly helpful during the integration and optimisation of microservice-rich software. Before implementing tracing as a publicly available feature in the latest version of Acra, we did a small research to catch up with current industry standards in tracing protocols and tools...
More details.
Posted on Thu, 22 Nov 2018 00:00:00 +0000
GDPR for software developers: implementing rights and security demands
A methodical software developer’s perspective on mapping privacy regulations to changes in the database structure, updates in DevOps practices, backups, and restricted processing.
GDPR and software development After 2 years of fearful anticipation, GDPR is finally here, in full effect starting with May 25, 2018...
More details.
Posted on Thu, 20 Sep 2018 00:00:00 +0000
Poison Records in Acra – Database Honeypots for Intrusion Detection
Poison Records in Acra Intro When naming our special type of data containers created for raising an alarm within Acra-powered infrastructures, we were sure we’ve seen the term “poison records” used elsewhere in the same context...
More details.
Posted on Thu, 16 Aug 2018 00:00:00 +0000
Social Events of Spring-Summer 2018 for Cossack Labs
Late April throughout late June of 2018 was quite a hot time for the Cossack Labs team as we were actively developing our products, releasing feature after feature for Acra and Themis and also participated, spoken at, and hosted a number of conferences, meetups, and workshops...
More details.
Posted on Fri, 13 Jul 2018 00:00:00 +0000
How to reduce Docker image size (Example)
Need for Docker image reducing To provide convenient delivery and faster deployment of our tools, just like everybody else − we use Docker. This article describes our experience of using containers for distribution of our product Acra (database encryption suite) and focuses on the method we used to reduce the size of Docker images approximately by 62-64 times...
More details.
Posted on Tue, 29 May 2018 00:00:00 +0000
Moving to OpenSSL 1.1.0 — How We Did It
This article was published in 2018 about R&D work, which resulted in stable production release of Themis that now uses OpenSSL 1.1.1g
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of OpenSSL...
More details.
Posted on Mon, 09 Apr 2018 00:00:00 +0000
2017 at Cossack Labs
Stats This was an eventful year for Cossack Labs! According to our GitHub stats, in 2017 we:
made 1200 commits into master branches;
merged 260 PRs;
accumulated 444 new stars.
Products and releases We picked a weird, but hopefully auspicious habit of releasing stuff on holidays or 13th days of the month (preferably Fridays :) or Mercury retrograde periods:
Acra Acra’s public release took place on the 8th of March...
More details.
Posted on Fri, 29 Dec 2017 00:00:00 +0000
Happy Holidays from Cossack Labs!
Season’s greetings and all kinds of good things in the New Year!
– With 🔒 from Cossack Labs!
More details.
Posted on Mon, 25 Dec 2017 00:00:00 +0000
Auditable Macros in C Code
Intro Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability...
More details.
Posted on Thu, 23 Nov 2017 00:00:00 +0000
Replacing OpenSSL with Libsodium
This article was published in 2017 about R&D work, which resulted in stable production release of Themis.
Intro In our ongoing effort to make Themis work with different cryptographic backends, we've decided to try something more challenging than just displacing similar primitives...
More details.
Posted on Thu, 21 Sep 2017 00:00:00 +0000
Replacing OpenSSL with BoringSSL in a Complex Multi-Platform Layout
This article was published in 2017 about R&D work, which resulted in stable production release of Themis that uses BoringSSL as one of crypto-engines.
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of BoringSSL...
More details.
Posted on Tue, 11 Jul 2017 00:00:00 +0000
Importing with ctypes in Python: fighting overflows
Introduction On some cold winter night, we've decided to refactor a few examples and tests for Python wrapper in Themis, because things have to be not only efficient and useful, but elegant as well...
More details.
Posted on Mon, 06 Mar 2017 00:00:00 +0000
Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products...
More details.
Posted on Tue, 28 Feb 2017 00:00:00 +0000
2016 at Cossack Labs
Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover...
More details.
Posted on Fri, 30 Dec 2016 00:00:00 +0000
13 tips to enhance database and infrastructure security
Article updated in 2019.
Previously in the series... Previously, we’ve talked about design patterns best practices in backend security, then about key management goals and techniques.
It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones...
More details.
Posted on Tue, 13 Dec 2016 00:00:00 +0000
Why making Internet safe is everyone’s responsibility
Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet...
More details.
Posted on Wed, 26 Oct 2016 00:00:00 +0000
Key management in data security: fundamentals
Key management in security system Frequently overlooked, much less hyped than quantum computers breaking trapdoor functions, managing keys is actually the most important part of building a security system...
More details.
Posted on Wed, 21 Sep 2016 00:00:00 +0000
Backend security: design patterns best practices
This article was revisited and updated in August 2018.
In modern client-server applications, most of the sensitive data is stored (and consequently leaked) on the backend. At Cossack Labs, we’re working on novel techniques to protect the data within modern infrastructures...
More details.
Posted on Mon, 15 Aug 2016 00:00:00 +0000
Zero Knowledge Protocols without magic
When we’ve first released Secure Comparator to use in our Themis crypto library and started talking about novel authentication concepts, we’ve encountered a few common misconceptions and plenty of magical thinking about Zero-Knowledge Proofs as a phenomenon...
More details.
Posted on Wed, 27 Jul 2016 00:00:00 +0000
Perimeter security: avoiding disappointment, shame and despair
Perimeter security: looking back Over the years, the Internet has evolved, and complex systems facing the Internet have evolved too.
Traditional security methodology to defend these systems was to build strong walls around your most valuable assets: build a castle and hope it stands against the external adversary...
More details.
Posted on Wed, 20 Jul 2016 00:00:00 +0000
Choose your Android crypto (Infographic)
Why do I even need to choose? Warning: This article borrows a lot from our original Choose your iOS Crypto publication, so if you've read that one, feel free to skip ahead to the libraries and ending notes about the actual Android specificities...
More details.
Posted on Mon, 23 May 2016 00:00:00 +0000
Building Sesto, in-browser password manager
Intro: what is Sesto Sesto (abbreviation for Secret Store) is open source passwords (and general secrets) manager for web.
What sets Sesto apart from many other password managers is:
it's web password manager, e...
More details.
Posted on Thu, 21 Apr 2016 00:00:00 +0000
Benchmarking Secure Comparator
When we conceived Secure Comparator, we saw that it is going to be slightly slower than existing authentication methods, because:
SMP requires much more rounds of data exchange
each round involves expensive calculations
our modification of ed25519 implementation involves blinding to avoid timing attacks, which makes overall performance even slower
This is a consequence of different demands and different security guarantees Secure Comparator gives: let systems with zero shared information exchange requests to data, where request data itself is a leakage...
More details.
Posted on Thu, 07 Apr 2016 00:00:00 +0000
Crypto in iOS: Choose your destiny (Infographic)
Why do I even need to choose? When building your next app, you might realize that you need to encrypt the data. There are two main reasons for that:
The need to transmit sensitive data to server and back;
The need to store sensitive data...
More details.
Posted on Wed, 30 Mar 2016 00:00:00 +0000
Building secure end-to-end webchat with Themis
Intro While developing components of our products, we love to explore use cases and usability through creating real-world test stands.
0fc is a side-product of WebThemis research: while doing some protocol design for front-end clients with WebThemis services, we wanted to try it in a real-world situation...
More details.
Posted on Thu, 17 Mar 2016 00:00:00 +0000
Building LibreSSL for PNaCl
Intro While building WebThemis, we've encountered the need to build LibreSSL for PNaCl as a source of cryptographic primitives.
The problem? LibreSSL has huge codebase with a lot of complicated code, that won't build on new platform out of the box...
More details.
Posted on Mon, 14 Mar 2016 00:00:00 +0000
Building and Using Themis in PNaCl
Intro Native Client (NaCl) allows browser applications to launch a native low-level code in an isolated environment. Thanks to this, some code, performance code parts can be rewritten in C or C++ easily...
More details.
Posted on Tue, 08 Mar 2016 00:00:00 +0000
What's wrong with Web Cryptography
Introduction Building full stack of cryptographic protection for modern applications includes working with the modern web browser, of course.
However, through 20+ years of history of web browsers, we're at the stage where in-browser cryptography is still problematic, and best you can rely on is SSL...
More details.
Posted on Thu, 03 Mar 2016 00:00:00 +0000
Fixing Secure Comparator
Introduction The idea behind Socialist Millionaire Protocol is to provide definite answer to the question whether two communicating parties possess the same secret or not in a secure (zero-knowledge) manner...
More details.
Posted on Thu, 11 Feb 2016 00:00:00 +0000
Introducing Secure Comparator
A word to pass Passwords are the ultimate keepers of security, extensively used in the 21st century's Internet. As more and more aspects of our lives become accessible online, the importance of keeping your passwords secure becomes crucial, because anybody knowing the password may access your accounts...
More details.
Posted on Wed, 09 Dec 2015 00:00:00 +0000
Why we need novel authentication schemes?
Introduction: A Word To Pass Before introducing our novel request authentication scheme in Themis, we’ve decided to create an overview of the existing methods of authentication and try to look into what the future might bring us...
More details.
Posted on Thu, 26 Nov 2015 00:00:00 +0000
WeakDH/LogJam vs Secure Session
Intro After LogJam vulnerability was published, and then the WeakDH paper (Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice) was published, we were asked a few times: since Secure Session uses Diffie-Hellman key negotiation, is prone to the same attacks?
We wrote this small note to explain why we are safe from such attacks, and how generally decisions about such important security features are being done for the open source Themis crypto library...
More details.
Posted on Fri, 20 Nov 2015 00:00:00 +0000
Armoring ed25519 to meet extended security challenges
This article was revisited and updated in October 2018.
Introduction We strive to use the best state-of-the-art cryptography for our library Themis. So when we wanted to implement an important novel feature Secure Comparator (that includes the so-called "Socialist Millionaire Protocol"), we needed to replace the prime-field modular arithmetic with something stronger...
More details.
Posted on Wed, 18 Nov 2015 00:00:00 +0000
Why you should avoid SSL for your next application
Introduction 2018 update: This article was 4 years old, and even then presented disputable opinion. Many things have changed since then, we're having TLS 1.3, which eliminates a number of cryptographic concerns and enforces correct uses...
More details.
Posted on Wed, 28 Oct 2015 00:00:00 +0000
Building encrypted chat service with Themis and mobile websocket example
Introduction Imagine you'd like to build your own chat server, which allows clients to exchange messages safely. You have a simple infrastructure consisting of a server written in Ruby and clients for iOS and Android...
More details.
Posted on Thu, 01 Oct 2015 00:00:00 +0000
Notes on adding cutting edge features
As we've stated in the past, the Themis library grew out of our own needs for a secure, efficient and convenient cryptographic library. While providing abstracted high-level services, Themis uses trusted, well established implementations of cryptographic primitives such as those provided by LibreSSL/OpenSSL or platform native cryptography providers...
More details.
Posted on Tue, 22 Sep 2015 00:00:00 +0000
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public.
When we were ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows?
1...
More details.
Posted on Wed, 03 Jun 2015 00:00:00 +0000
Cybersecurity Professional Standards
Discover how unified cybersecurity professional standards and the UK Cyber Security Council are redefining trust, talent, and resilience in finance.
More details.
Posted on Tue, 29 Jul 2025 11:41:52 +0000
TLPT: Threat Led Penetration Testing Explained
Discover how TLPT (threat led penetration testing) helps organizations validate defenses against real-world cyber threats. Learn who needs threat led pentesting, what drives demand, and how it differs from red teaming and classic pentesting...
More details.
Posted on Fri, 20 Jun 2025 08:00:00 +0000
EUVD Vulnerability Database: Europe’s Answer to CVE Instability
The EUVD marks a strategic shift in vulnerability management, offering a transparent and sovereign alternative to the U.S.-centric CVE system—backed by EU law.
More details.
Posted on Wed, 14 May 2025 09:11:06 +0000
Cyber Incident Response Tips for Small Businesses
Learn how small businesses can build cyber incident response plans by adapting practical strategies from the UK’s “Cyber Incident Grab Bag.”
More details.
Posted on Sat, 03 May 2025 14:06:58 +0000
CVE Under Threat: What You Need to Know
MITRE’s CVE contract expired on April 16, putting global vulnerability tracking at risk. Learn what’s happening and how the security community is responding.
More details.
Posted on Wed, 16 Apr 2025 15:01:36 +0000
Unforgivable Software Vulnerabilities
Some software vulnerabilities are unforgivable—easy to find, easy to fix, and never should’ve existed. Here’s how to spot and prevent them.
More details.
Posted on Fri, 04 Apr 2025 14:27:14 +0000
Preventing Crypto Exchange Hacks: Lessons from Bybit Heist
Bybit lost $1.4B in a North Korean hack via malware, fake UI, and blind signing. Learn key security strategies to protect exchanges from cyber threats!
More details.
Posted on Wed, 26 Feb 2025 09:27:46 +0000
Cyber Defense Using Cyber Kill Chain and MITRE ATT&CK Explained
Learn how the Cyber Kill Chain and MITRE ATT&CK Framework enhance security by identifying, detecting, and responding to cyber threats effectively.
More details.
Posted on Thu, 06 Feb 2025 13:41:48 +0000
The Future of Authentication: Passkeys vs Passwords and 2FA
Passkeys replace passwords with secure, easy logins using biometrics and cryptography, eliminating phishing, breaches, and 2FA issues.
More details.
Posted on Wed, 22 Jan 2025 09:22:47 +0000
Lessons from 2024’s Worst Cyberattacks and How to Stay Secure
Analyzing 2024’s biggest cyberattacks: breaches, vulnerabilities exploited, and actionable steps to strengthen defenses for 2025.
More details.
Posted on Mon, 13 Jan 2025 21:47:29 +0000
What we do and what we offer.
About penetration tests and about our news.
